Abstract | ||
---|---|---|
A real-time operating system (RTOS) is an operating system designed to meet certain real-time requirements. It is widely used in embedded applications, and its correctness is safety-critical. However, the validation of RTOS is challenging due to its complex real-time features and large code base.In this paper, we propose Rtkaller, a state-aware kernel fuzzer for the vulnerability detection in RTOS. First, Rtkaller implements an automatic task initialization to transform the syscall sequences into initial tasks with more real-time information. Then, a coverage-guided task mutation is designed to generate those tasks that explore more in-depth real-time related code for parallel execution. Moreover, Rtkaller realizes a task modification to correct those tasks that may hang during fuzzing. We evaluated it on recent versions of rt-Linux, which is one of the most widely used RTOS. Compared to the state-of-the-art kernel fuzzers Syzkaller and Moonshine, Rtkaller achieves the same code coverage at the speed of 1.7X and 1.6X, gains an increase of 26.1% and 22.0% branch coverage within 24 hours respectively. More importantly, Rtkaller has confirmed 28 previously unknown vulnerabilities that are missed by other fuzzers. |
Year | DOI | Venue |
---|---|---|
2021 | 10.1145/3477014 | ACM TRANSACTIONS ON EMBEDDED COMPUTING SYSTEMS |
Keywords | DocType | Volume |
Fuzz testing, RTOS, vulnerability detection, task generation | Journal | 20 |
Issue | ISSN | Citations |
5 | 1539-9087 | 1 |
PageRank | References | Authors |
0.36 | 0 | 6 |
Name | Order | Citations | PageRank |
---|---|---|---|
Yuheng Shen | 1 | 4 | 1.48 |
Hao Sun | 2 | 4 | 1.48 |
Yu Jiang | 3 | 346 | 56.49 |
Heyuan Shi | 4 | 1 | 0.36 |
Yixiao Yang | 5 | 15 | 3.00 |
Wanli Chang | 6 | 18 | 8.73 |