일시: 2024. 12. 10.(화) 13:00-15:00

장소: 제1공학관 A528

Title: Taming Non-Determinism: Identifying Kernel Concurrency Bugs Through Fuzzing

Presenter: Dr. Dae R. Jeong (정대룡)

Abstract: Kernel concurrency bugs pose a significant threat to the reliability and security of modern computing systems. These bugs can lead to critical issues such as system crashes, data corruption, or even privilege escalation attacks when exploited by malicious attackers.

Fuzzing, a widely-used technique for vulnerability detection, typically concentrates on exploring execution paths. However, it often neglects temporal aspects such as thread interleaving and out-of-order execution. This limitation significantly reduces its effectiveness in identifying kernel concurrency bugs, which stem from the intricate interactions of concurrent execution.

This talk begins with an introduction to the foundational concepts of fuzzing and kernel concurrency bugs, highlighting the key challenges of detecting such vulnerabilities, particularly their non-deterministic nature. It then introduces promising efforts that address these challenges: Razzer, which target bugs caused by thread interleaving, and Ozz, a novel approach for detecting bugs arising from out-of-order execution. Collectively, these tools have uncovered dozens of previously unknown concurrency bugs in the Linux kernel, significantly enhancing the security and reliability of real-world systems.

Bio: Dr. Dae R. Jeong is a postdoctoral fellow at Georgia Tech. He holds BS, MS, and PhD degrees from the School of Computing at KAIST. His research focuses on enhancing the security and reliability of systems, with a strong emphasis on practical contributions to real-world systems. His work has been featured in prestigious conferences such as SOSP, S&P, NDSS, EuroSys, MobiSys, and MobiCom. His contributions have been recognized with several accolades, including the SOSP Best Paper Award and the MobiCom Best Paper Award.