Name: Virtual Device Fuzzing Support in QEMU - Alexander Bulekov & Bandan Das, Red Hat
Start: 2020-10-29T14:30:00+0000
End: 2020-10-29T15:00:00+0000

View More Details & Registration Information

Back To Schedule

Virtual Device Fuzzing Support in QEMU - Alexander Bulekov & Bandan Das, Red Hat

Feedback form is now closed.

For some time, the community has been interested in fuzzing QEMU to identify potential security vulnerabilities. Last year, Dima Stepanov presented an approach for fuzzing VIRTIO devices using AFL at KVM Forum 2019, and there is an existing image-fuzzer tool in the tree. Since then our virtual-device fuzzing work has landed upstream and has identified dozens of bugs. In this talk, we will introduce our solution, based on QEMU’s existing qtest and qos frameworks. We will cover topics such as: - Why fuzz virtual devices? - How to build a fuzzer for a virtual-device. - Fuzzing a virtual device vs writing a test for it. - How to fuzz new devices/QEMU configurations without writing any code. - Plan for reporting and triaging crashes found by the fuzzer. - Options for fuzzing “external” devices (e.g vhost). - Fuzzing other attack surfaces in QEMU. - How to get involved

Speakers

Bandan Das

Software Engineer, Red Hat

Bandan works on Virtualization at Red Hat. He is primarily interested in systems security and performance. Bandan has presented on various topics such as KVM, usb-mtp emulation in Qemu and the IIO interface in the Linux kernel.

Alexander Bulekov

Fuzzing KVMForum 2020 pdf

Thursday October 29, 2020 14:30 - 15:00 GMT
KVM Theater

KVM Track 1

Technical Skill Level Intermediate
Session Slides Included

KVM Forum 2020

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Bandan Das

Alexander Bulekov