KRover: A symbolic execution engine for dynamic kernel analysis
We present KRover, a novel kernel symbolic execution engine catered for dynamic kernel analysis such as vulnerability analysis and exploit generation. Different from existing symbolic execution engines, KRover operates directly upon a live kernel thread's virtual memory and weaves symbolic exec...
Saved in:
| Main Authors: | , , , , , |
|---|---|
| Format: | text |
| Language: | English |
| Published: |
Institutional Knowledge at Singapore Management University
2023
|
| Subjects: | |
| Online Access: | https://ink.library.smu.edu.sg/sis_research/8469 https://ink.library.smu.edu.sg/context/sis_research/article/9472/viewcontent/3576915.3623198.pdf |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Singapore Management University |
| Language: | English |
| id |
sg-smu-ink.sis_research-9472 |
|---|---|
| record_format |
dspace |
| spelling |
sg-smu-ink.sis_research-94722024-01-11T07:30:07Z KRover: A symbolic execution engine for dynamic kernel analysis PITIGALA ARACHCHILLAGE, Pansilu Madhura Bhashana Pitigalaarachchi DING, Xuhua QIU, Haiqing TU, Haoxin HONG, Jiaqi JIANG, Lingxiao We present KRover, a novel kernel symbolic execution engine catered for dynamic kernel analysis such as vulnerability analysis and exploit generation. Different from existing symbolic execution engines, KRover operates directly upon a live kernel thread's virtual memory and weaves symbolic execution into the target's native executions. KRover is compact as it neither lifts the target binary to an intermediary representation nor uses QEMU or dynamic binary translation. Benchmarked against S2E, our performance experiments show that KRover is up to 50 times faster but with one tenth to one quarter of S2E memory cost. As shown in our four case studies, KRover is noise free, has the best-possible binary intimacy and does not require prior kernel instrumentation. Moreover, a user can develop her kernel analyzer that not only uses KRover as a symbolic execution library but also preserves its independent capabilities of reading/writing/controlling the target runtime. Namely, the resulting analyzer on top of KRover integrates symbolic reasoning and conventional dynamic analysis and reaps the benefits of their reinforcement to each other. 2023-11-01T07:00:00Z text application/pdf https://ink.library.smu.edu.sg/sis_research/8469 info:doi/10.1145/3576915.3623198 https://ink.library.smu.edu.sg/context/sis_research/article/9472/viewcontent/3576915.3623198.pdf http://creativecommons.org/licenses/by-nc-nd/4.0/ Research Collection School Of Computing and Information Systems eng Institutional Knowledge at Singapore Management University dynamic kernel analysis symbolic execution Information Security |
| institution |
Singapore Management University |
| building |
SMU Libraries |
| continent |
Asia |
| country |
Singapore Singapore |
| content_provider |
SMU Libraries |
| collection |
InK@SMU |
| language |
English |
| topic |
dynamic kernel analysis symbolic execution Information Security |
| spellingShingle |
dynamic kernel analysis symbolic execution Information Security PITIGALA ARACHCHILLAGE, Pansilu Madhura Bhashana Pitigalaarachchi DING, Xuhua QIU, Haiqing TU, Haoxin HONG, Jiaqi JIANG, Lingxiao KRover: A symbolic execution engine for dynamic kernel analysis |
| description |
We present KRover, a novel kernel symbolic execution engine catered for dynamic kernel analysis such as vulnerability analysis and exploit generation. Different from existing symbolic execution engines, KRover operates directly upon a live kernel thread's virtual memory and weaves symbolic execution into the target's native executions. KRover is compact as it neither lifts the target binary to an intermediary representation nor uses QEMU or dynamic binary translation. Benchmarked against S2E, our performance experiments show that KRover is up to 50 times faster but with one tenth to one quarter of S2E memory cost. As shown in our four case studies, KRover is noise free, has the best-possible binary intimacy and does not require prior kernel instrumentation. Moreover, a user can develop her kernel analyzer that not only uses KRover as a symbolic execution library but also preserves its independent capabilities of reading/writing/controlling the target runtime. Namely, the resulting analyzer on top of KRover integrates symbolic reasoning and conventional dynamic analysis and reaps the benefits of their reinforcement to each other. |
| format |
text |
| author |
PITIGALA ARACHCHILLAGE, Pansilu Madhura Bhashana Pitigalaarachchi DING, Xuhua QIU, Haiqing TU, Haoxin HONG, Jiaqi JIANG, Lingxiao |
| author_facet |
PITIGALA ARACHCHILLAGE, Pansilu Madhura Bhashana Pitigalaarachchi DING, Xuhua QIU, Haiqing TU, Haoxin HONG, Jiaqi JIANG, Lingxiao |
| author_sort |
PITIGALA ARACHCHILLAGE, Pansilu Madhura Bhashana Pitigalaarachchi |
| title |
KRover: A symbolic execution engine for dynamic kernel analysis |
| title_short |
KRover: A symbolic execution engine for dynamic kernel analysis |
| title_full |
KRover: A symbolic execution engine for dynamic kernel analysis |
| title_fullStr |
KRover: A symbolic execution engine for dynamic kernel analysis |
| title_full_unstemmed |
KRover: A symbolic execution engine for dynamic kernel analysis |
| title_sort |
krover: a symbolic execution engine for dynamic kernel analysis |
| publisher |
Institutional Knowledge at Singapore Management University |
| publishDate |
2023 |
| url |
https://ink.library.smu.edu.sg/sis_research/8469 https://ink.library.smu.edu.sg/context/sis_research/article/9472/viewcontent/3576915.3623198.pdf |
| _version_ |
1789483242674454528 |