The Sched app allows you to build your schedule but is not a substitute for your event registration. In addition, you must be registered for Linux Security Summit to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

This schedule is automatically displayed in Pacific Daylight Time (PDT), UTC-7. Please select from the drop-down menu to the right to see the schedule in your preferred timezone above "Filter by Date."
Back To Schedule
Friday, October 1 • 11:05am - 11:50am
(IN PERSON) Finding Multiple Bug Effects for More Precise Exploitability Estimation - Zhenpeng Lin & Yueqi Chen, Penn State University

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
Syzkaller, the state-of-the-art kernel fuzzing tool, has significantly expedited the bug finding in the Linux kernel, which generates 1000+ kernel bug reports over the past two years. In the Linux kernel, a possible trend in the future would be the number of bugs found grows faster than the number of bugs fixed. Limited human resources and efforts should be put into fixing bugs that have more potential to be exploited. The exploitability of bugs can be approximated by looking at the memory corruption ability shown in the bug reports. However, a bug could have many bug effects[ by triggering the root cause differently. A bug report that shows a General Protection Fault error could have the same root cause as the one showing a Use After Free error. Knowing all the bug effects gives precise exploitability estimation. In this talk, we will introduce a new approach to find all the potential bug effects given a kernel bug report. We will show our evaluation results to demonstrate the effectiveness and efficiency of our tool.

avatar for Yueqi Chen

Yueqi Chen

PhD student, Penn State University
Yueqi Chen received his B.Sc degree from Nanjing University in 2017 and is currently a PhD Student with Dr. Xinyu Xing at Pennsylvania State University. He was awarded the IBM PhD Fellowship 2020. His research focuses on OS security and vulnerability analysis. He is particularly interested... Read More →
avatar for Zhenpeng Lin

Zhenpeng Lin

PhD student, Penn State University
Zhenpeng Lin is a PhD student advised by Dr. Xinyu Xing at Pennsylvania State University. His research focuses on vulnerability discovery and exploitation. His work was published at CCS 2020. In addition, he plays CTF a lot. As a core member of Nu1L, he won 1st place in BCTF 2017... Read More →

Friday October 1, 2021 11:05am - 11:50am PDT
Room 402 - Chiliwack