Title : Practical Concolic Testing Techniques for COTS Operating Systems
Speaker : Sangho Lee (Postdoctoral fellow in Computer Science at Georgia Institute of Technology)
Date : 2017.07.03(Mon) 17:00 ~ 18:00
Location : #201, Woojung CIC Building
Discovering the security vulnerabilities of commercial off-the-shelf (COTS) operating systems (OSes) is challenging because they not only are huge and complex, but also lack detailed debug information. Concolic testing, which generates all feasible inputs of a program by using symbolic execution and tests the program with the generated inputs, is one of the most promising approaches to solve this problem. Unfortunately, the state-of-the-art concolic testing tools do not scale well for testing COTS OSes because of state explosion.
In this talk, I will present a new, practical concolic testing tool for a COTS OS, called CAB-Fuzz. CAB-Fuzz is a practical concolic testing tool to quickly explore interesting paths that are highly likely triggering real bugs. First, CAB-Fuzz prioritizes the boundary states of arrays and loops, inspired by the fact that many vulnerabilities originate from a lack of proper boundary checks. Second, CAB-Fuzz exploits real programs interacting with COTS OSes to construct proper contexts to explore deep and complex kernel states without debug information. CAB-Fuzz found 21 undisclosed unique crashes in Windows 7 and Windows Server 2008, including two local privilege escalation vulnerabilities and one information disclosure vulnerability in a cryptography driver.
Sangho Lee is a postdoctoral fellow in Computer Science at Georgia Institute of Technology. His research interests include all aspects of computer security, especially in system and web security. His research discovered and solved many security problems in hardware, operating system, web browser, and web-based online platform. His work has been published in top-tier venues (IEEE S&P, USENIX Security, ACM CCS, ISOC NDSS, USENIX ATC, and WWW). He received his Ph.D. degree from POSTECH, Korea, in 2013. He also worked as a post-doctoral research associate at POSTECH.