A paper by Prof. Song’s team accepted to USENIX Security ‘23

페이지 정보

작성자 최고관리자 댓글 조회 작성일 23-05-22 09:23


The research group led by Prof. Song has their paper accepted to appear in one of the top-tier security conferences, the USENIX Security Symposium 2023. The accepted paper titled 'ReUSB: Replay-Guided USB Driver Fuzzing' is co-authored by Jisoo Jang and Minsuk Kang, students in the department of Computer Science advised by Prof. Song. In this paper, they proposed a technique that combines Record-and-Replay with Fuzzing to discover bugs in deep kernel driver code, leveraging the fact that Record-and-Replay can trigger deep kernel driver code paths. They consider the timing and concurrency of inputs to improve the accuracy of replay, and perform dynamic scheduling of inputs, demonstrating the ability to uncover previously unknown vulnerabilities in deep driver code paths.  In particular, they discovered a total of 15 undisclosed vulnerabilities in the Linux kernel, including CVE-2022-3628 and CVE-2023-1380, two Common Vulnerabilities and Exposures (CVE) numbers assigned to security vulnerabilities. They also took the lead in patching these vulnerabilities, ensuring that all vulnerabilities are patched in the latest Linux kernel. 

Jisoo Jang, Minsuk Kang, and Dokyung Song, “ReUSB: Replay-Guided USB Driver Fuzzing”, 32nd USENIX Security Symposium (USENIX Security), August 2023. (To appear.)


등록된 댓글이 없습니다.