The objective of this project is to improve the security of operating system (OS) kernels through deep analysis and testing. OS kernels are the foundation of computer systems such as personal computers, smartphones, servers, as well as the Internet infrastructure in general. Modern OS kernels are enormously complex and contain a large number of security vulnerabilities that slip through the testing phase onto end devices. Unfortunately, the state-of-the-art testing solution is insufficient as deeper parts of the OS remain hard-to-reach and therefore largely untested. The project aims to solve this precise issue by developing a set of innovative dynamic analysis and testing techniques that will greatly improve the security and quality of OS kernels. The results will benefit the security of virtually all computing devices.
The state-of-the-art testing technique for OS kernels is called fuzz testing, which generates random inputs in the hope that they will exercise various parts of the kernel code. It has two unique bottlenecks: (1) space bottlenecks that prevent the fuzzer from reaching desired code blocks and triggering potential vulnerabilities, i.e., dependencies among syscalls, and (2) time bottlenecks that force the fuzzer to stop its execution for some period of time, resulting in wasted fuzz time, i.e., repetitive reboots where the same bugs are triggered repetitively. The project will develop a set of program analysis techniques to improve fuzz testing of OS kernels by making the fuzzer more intelligent in resolving dependencies and by helping it avoid repetitive reboots.
This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.