KVM Forum 2019 has ended
October 31 - November 1
Lyon Convention Centre - Lyon, France
More information for KVM Forum 2019
Back To Schedule
Thursday, October 31 • 15:45 - 16:15
Virtio Device Fuzzing - Dmitrii Stepanov, Yandex

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
For the cloud providers it is important to keep private user data secure. One way to achieve it is to fuzz the interfaces available to the guest, to find new vulnerabilities and ways of exploitation. One of such surface is the emulated devices used by the guest machines.

We present the approach to fuzz virtio devices based on AFL to find a bugs. We evaluate this approach by
fuzzing the virtio devices in SPDK and QEMU. Find several crashes, hangs and filed new CVE (CVE-2019-9547). Also to make the approach useful for our Cloud production case, we integrate it with the CI for each release.

avatar for Dmitrii Stepanov

Dmitrii Stepanov

Software Engineer, Yandex
10+ years of system-level development: gdb, gcc, linux, rtos. Right now i'm working on the Yandex Cloud project (https://cloud.yandex.com/), as part of the Kernel-Hypervisor team. My ongoing projects are: - virtio-blk device optimization, stability and security - host security (from... Read More →

Thursday October 31, 2019 15:45 - 16:15 CET
Forum 2
  KVM Forum Track 1
  • Session Slides Included YES