Buzzy: An Unguided Smart-Strategy Generation-Based Blackbox Fuzzer for eBPF Technologies: Buzzy: Fuzz Testing eBPF Technologies
Authors
Hansen, Tobias Bruun Sandberg ; Jensen, Mikkel Tolstrup
Term
4. term
Education
Publication year
2023
Submitted on
2023-06-15
Pages
61
Abstract
eBPF is a technology inside the Linux kernel that lets developers load small programs into the operating system. Before they run, these programs are checked for safety (verification), then just-in-time compiled and executed. Because eBPF runs in kernel space, it is widely used in servers and networks to trace activity and enforce rules in real time. This makes correctness critical. In this project, we develop Buzzy, a new black-box fuzzer for eBPF technologies. A black-box fuzzer is an automated testing tool that tries many systematically varied inputs without using knowledge of the internal code to reveal faults. Buzzy follows a strategy-based approach: dedicated strategies are designed to target specific features of the eBPF tools under test. We evaluate Buzzy on user-space eBPF components—the PREVAIL verifier and the uBPF virtual machine—maintained as part of the eBPF-for-Windows system. Our results show that strategies help generate more valid programs and focus on particular kinds of bugs. Using Buzzy, we found 5 bugs across PREVAIL and uBPF.
eBPF er en teknologi i Linux-kernen, der lader udviklere indlæse små programmer i operativsystemet. Før de kører, bliver programmerne verificeret for sikkerhed og derefter just-in-time-kompileret og eksekveret. Fordi eBPF kører i kernerummet, bruges det bredt i servere og netværk til at spore aktivitet og håndhæve regler i realtid. Derfor er korrekthed afgørende. I dette projekt udvikler vi Buzzy, en ny blackbox-fuzzer til eBPF-teknologier. En blackbox-fuzzer er et automatisk testværktøj, som uden kendskab til den interne kode prøver mange systematisk varierede input for at afsløre fejl. Buzzy anvender en strategi-baseret tilgang: særskilte strategier er designet til at ramme bestemte funktioner i de eBPF-værktøjer, der testes. Vi afprøver Buzzy på eBPF-komponenter i brugerrum—PREVAIL-verifikatoren og den virtuelle maskine uBPF—som vedligeholdes som en del af eBPF-for-Windows-systemet. Resultaterne viser, at strategier hjælper med at generere flere gyldige programmer og målrette bestemte typer fejl. Med Buzzy fandt vi 5 fejl på tværs af PREVAIL og uBPF.
[This apstract has been rewritten with the help of AI based on the project's original abstract]
Keywords
fuzz ; fuzzing ; test ; eBPF ; windows ; prevail ; ubpf ; blackbox ; smart ; generation ; strategy ; open source ; generation-based ; buzzy