基于适应度和输入约束模型的内核驱动漏洞挖掘

针对驱动程序在运行过程中难以监控和输入复杂的问题，提出并实现基于适应度和输入约束模型的驱动程序模糊测试工具DrgenFuzzer。该工具利用内核跟踪技术结合二进制程序的静态分析实现驱动运行的信息监控；分析驱动接口参数，设计了样本约束的方案；提出了新型适应度计算方案和交叉变异方案。实验证明，与常用的内核模糊测试工具对比，该工具经过输入约束模型之后生成的样本测试成功率达到了其他工具的10倍以上，生成的样本质量更高。该工具对驱动程序进行模糊测试，挖掘到 i2c驱动中的空指针引用漏洞。DrgenFuzzer能有效引导和规范样本生成，提高了样本测试成功率和运行效率，增强了漏洞挖掘能力。

Kernel driver vulnerability mining based on fitness and input constraint model

In order to solve the problem that the driver is difficult to monitor and input complex during the running process, this paper proposed and implemented a driver fuzzing tool DrgenFuzzer based on the fitness and input constraint model. The tool utilized the kernel tracing technology combined with the static analysis of binary programs to realize the information monitoring of the driver operation, analyzed the driver interface parameters, designed a sample constraint scheme, proposed a new fitness calculation scheme and a crossover mutation scheme. Experiments show that compared with the commonly used kernel fuzzing tools, the test success rate of samples generated by this tool after the input constraint model is more than 10 times that of other tools, and the quality of the generated samples is higher. This tool performed a fuzzy test on the driver and exploits the null pointer reference vulnerability in the i2c driver. DrgenFuzzer can effectively guide and standardize sample generation, improve the success rate and operating efficiency of sample testing, and enhance the vulnerability mining ability.