Play all

Intro

Let's talk about data race

The classic race condition example

High level of concurrency in the Linux kernel

A data race in the kernel

Fuzzing as a way to explore the program

Code coverage as an approximation

The conventional fuzzing process

Back to our data race example

Bring out data races explicitly with a checker

Checking data races - locking

Checking data races - ordering (causality)

A slightly complicated data race

Case simplified

All interleavings yield to the same code coverage!

Incompleteness of CFG edge coverage

A multi-dimensional view of coverage in fuzzing

Visualizing the concurrency dimension

Bring fuzzing to the concurrency dimension

Concurrency coverage tracking

A straw-man solution

Observations on practical interleaving tracking

Aliased-instruction coverage

Active interleaving exploration - ideal case

Active interleaving exploration through delay injection

Bring them all together

Alias coverage growth will be saturating

Edge and alias coverage goes generally in synchronization

Conclusion and contribution

Description:

Explore kernel file system data race fuzzing in this IEEE conference talk. Learn about concurrency challenges in the Linux kernel, conventional fuzzing processes, and their limitations in detecting data races. Discover how to explicitly bring out data races using checkers, and understand the importance of locking and ordering in race detection. Examine a multi-dimensional approach to coverage in fuzzing, focusing on the concurrency dimension. Delve into concurrency coverage tracking, aliased-instruction coverage, and active interleaving exploration through delay injection. Gain insights into the relationship between alias coverage growth and edge coverage, and understand the contributions of this research to improving kernel file system security.

Krace: Data Race Fuzzing for Kernel File Systems

IEEE

Add to list

#Programming #Software Development #Software Testing #Information Security (InfoSec) #Cybersecurity #System Security