Improving Mac OS X security through gray box fuzzing technique

The kernel is the core of any operating system, and its security is of vital importance. A vulnerability, in any of its parts, compromises the whole system security model. Unprivileged users that find such vulnerabilities can easily crash the attacked system, or obtain administration privileges. In this paper we propose LynxFuzzer, a framework to test kernel extensions, i.e., the dynamically loadable components of Mac OS X kernel. To overcome the challenges posed by interacting with kernel-level software, LynxFuzzer includes a bare-metal hardware-assisted hypervisor, that allows to seamlessly inspect the state of a running kernel and its components. We implemented and evaluated LynxFuzzer on Mac OS X Mountain Lion and we obtained unexpected results: we indivuated 6 bugs in 17 kernel extensions we tested, thus proving the usefulness and effectiveness of our framework.

[1]  Clemens Kolbitsch,et al.  Stateful Fuzzing of Wireless Device Drivers in an Emulated Environment , 2007 .

[2]  Herbert Bos,et al.  Dowsing for Overflows: A Guided Fuzzer to Find Buffer Boundary Violations , 2013, USENIX Security Symposium.

[3]  Sriram K. Rajamani,et al.  SLAM and Static Driver Verifier: Technology Transfer of Formal Methods inside Microsoft , 2004, IFM.

[4]  Daniel A. Ashlock,et al.  Evolutionary computation for modeling and optimization , 2005 .

[5]  Jonathan Levin Mac OS X and iOS Internals: To the Apple's Core , 2012 .

[6]  Amit Singh,et al.  Mac OS X Internals: A Systems Approach , 2006 .

[7]  Dawson R. Engler,et al.  EXE: automatically generating inputs of death , 2006, CCS '06.

[8]  Mattia Monga,et al.  Dynamic and transparent analysis of commodity production systems , 2010, ASE.

[9]  Stephan Merz,et al.  Model Checking , 2000 .

[10]  Amit Singh,et al.  Mac OS X Internals , 2006 .

[11]  Mary Lou Soffa,et al.  Exploiting hardware advances for software testing and debugging: NIER track , 2011, 2011 33rd International Conference on Software Engineering (ICSE).

[12]  Mattia Monga,et al.  A Smart Fuzzer for x86 Executables , 2007, Third International Workshop on Software Engineering for Secure Systems (SESS'07: ICSE Workshops 2007).

[13]  George Candea,et al.  S2E: a platform for in-vivo multi-path analysis of software systems , 2011, ASPLOS XVI.

[14]  Kevin C. Almeroth,et al.  SNOOZE: Toward a Stateful NetwOrk prOtocol fuzZEr , 2006, ISC.