Georgia Tech researchers have created the first fuzzing framework specifically for file systems that finds memory corruptions better than any existing tool.
Known as Janus, the new framework was tested on eight Linux file systems where it found 90 bugs. It could also reproduce almost all crashes, which no other framework has accomplished before.
Limits of fuzzers
File systems manage user data stored on a disk image. They are the building blocks of any OS, but their size and complexity makes bugs a frequent issue. These bugs can have catastrophic consequences: system reboots, OS deadlock, unrecoverable errors, and security risks.
Because constant updates and system optimizations tend to create more bugs, and removing bugs individually isn’t practical, developers rely on fuzzing. This generalized automatic software testing technique injects mutated inputs to find bugs and test the strength of the system.
Current fuzzers, however, have three limitations, according to the researchers:
- Fuzzing the disk image is inefficient.
- File systems run on two inputs: the disk image and operations, but no existing fuzzer can run both at the same time.
- Fuzzers don’t run on a real-time OS, instead producing crashes on no longer relevant OS.
“We found that existing fuzzers normally keep running new test cases without rebooting the OS between two test runs, meaning after a certain amount of time, we are using an aging OS to test our input,” said School of Computer Science (SCS) Ph.D. student Wen Xu. “This results in unstable OS execution, and any found crash is very hard to reproduce.”
Janus overcomes these limitations by mutating the metadata in the disk image directly and producing file operations in this context, called system calls, to explore the file system simultaneously. By mutating the metadata only, Janus creates smaller input test cases, which enables more comprehensive system-wide fuzzing.
Janus runs both inputs at the same time by using the image to generate operations. It then strategically schedules the fuzzing image and fuzzing operations.
Lastly, Janus relies on a library OS based application, or executor, to fuzz OS functionalities. This avoids using an aging OS or file system that results in unstable executions and irreproducible bugs. This requires less computing resources, which enables Janus to fuzz on a larger scale.
“Janus provides a one-stop solution to generate test cases of high quality for comprehensive file system testing,” said Xu. “But this is just the start. By extending Janus, developers can easily find other types of bugs in file systems and file systems on other operating systems.”
Xu presented the work in the paper Fuzzing File Systems via Two-Dimensional Input Space Exploration, co-written with SCS Ph.D. student Sanidhya Kashyap, master’s student Po-Ning Tseng, SCS Associate Professor Taesoo Kim, and Ulsan National Institute of Science and Technology Assistant Professor Hyungon Moon. The paper was accepted into IEEE’s Symposium on Security and Privacy in San Francisco in late May.