Publication Type
Conference Proceeding Article
Version
publishedVersion
Publication Date
11-2023
Abstract
We present KRover, a novel kernel symbolic execution engine catered for dynamic kernel analysis such as vulnerability analysis and exploit generation. Different from existing symbolic execution engines, KRover operates directly upon a live kernel thread's virtual memory and weaves symbolic execution into the target's native executions. KRover is compact as it neither lifts the target binary to an intermediary representation nor uses QEMU or dynamic binary translation. Benchmarked against S2E, our performance experiments show that KRover is up to 50 times faster but with one tenth to one quarter of S2E memory cost. As shown in our four case studies, KRover is noise free, has the best-possible binary intimacy and does not require prior kernel instrumentation. Moreover, a user can develop her kernel analyzer that not only uses KRover as a symbolic execution library but also preserves its independent capabilities of reading/writing/controlling the target runtime. Namely, the resulting analyzer on top of KRover integrates symbolic reasoning and conventional dynamic analysis and reaps the benefits of their reinforcement to each other.
Keywords
dynamic kernel analysis, symbolic execution
Discipline
Information Security
Research Areas
Cybersecurity
Publication
Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security
First Page
2009
Last Page
2023
ISBN
9798400700507
Identifier
10.1145/3576915.3623198
Publisher
ACM
City or Country
US
Citation
PITIGALA ARACHCHILLAGE, Pansilu Madhura Bhashana Pitigalaarachchi; DING, Xuhua; QIU, Haiqing; TU, Haoxin; HONG, Jiaqi; and JIANG, Lingxiao.
KRover: A symbolic execution engine for dynamic kernel analysis. (2023). Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security. 2009-2023.
Available at: https://ink.library.smu.edu.sg/sis_research/8469
Copyright Owner and License
Authors
Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial-No Derivative Works 4.0 International License.
Additional URL
https://doi.org/10.1145/3576915.3623198