Loading…
Attending this event?
Back To Schedule
Thursday, October 29 • 14:30 - 15:00
Virtual Device Fuzzing Support in QEMU - Alexander Bulekov & Bandan Das, Red Hat

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Log in to leave feedback.
For some time, the community has been interested in fuzzing QEMU to identify potential security vulnerabilities. Last year, Dima Stepanov presented an approach for fuzzing VIRTIO devices using AFL at KVM Forum 2019, and there is an existing image-fuzzer tool in the tree. Since then our virtual-device fuzzing work has landed upstream and has identified dozens of bugs. In this talk, we will introduce our solution, based on QEMU’s existing qtest and qos frameworks. We will cover topics such as: - Why fuzz virtual devices? - How to build a fuzzer for a virtual-device. - Fuzzing a virtual device vs writing a test for it. - How to fuzz new devices/QEMU configurations without writing any code. - Plan for reporting and triaging crashes found by the fuzzer. - Options for fuzzing “external” devices (e.g vhost). - Fuzzing other attack surfaces in QEMU. - How to get involved

Speakers
avatar for Bandan Das

Bandan Das

Software Engineer, Red Hat
Bandan works on Virtualization at Red Hat. He is primarily interested in systems security and performance. Bandan has presented on various topics such as KVM, usb-mtp emulation in Qemu and the IIO interface in the Linux kernel.


Thursday October 29, 2020 14:30 - 15:00 GMT
KVM Theater
  KVM Track 1