• Tobias Bruun Sandberg Hansen
  • Mikkel Tolstrup Jensen
4. term, Computer Science, Master (Master Programme)
eBPF is a groundbreaking technology in the Linux kernel. It facilitates programmers to load programs into the kernel that, after a verification step, can JIT compile and execute the eBPF program. eBPF is widely used in server infrastructure and network management tools, as its place in kernel space facilitates tracing and real time enforcement of policies. Therefore, the correctness of eBPF is crucial. In this project, we develop Buzzy, a novel blackbox fuzzer for eBPF technologies. Buzzy uses a strategy based approach, where strategies are developed to target certain features in the chosen eBPF technologies. Buzzy is tested on the user space eBPF technologies, the PREVAIL verifier and uBPF virtual machine, maintained as part of the eBPF-for-Windows system. Results show that strategies are useful for generating more valid programs and for targeting certain bugs. Buzzy has found 5 bugs between PREVAIL and uBPF.
Publication date15 Jun 2023
Number of pages61
ID: 534933529