Yalong Zou, Ziqiu Cheng, and Dongliang Mu, Huazhong University of Science and Technology
With the rise of smart vehicles, increasingly intelligent in-vehicle systems are also exposing security issues, where traditional software vulnerabilities are demonstrating greater harm. Fuzzing is still an effective means to mitigate the risks of system software vulnerabilities. However, due to the fact that in-vehicle commercial off-the-shelf (COTS) system software is typically closed-source, conducting fuzzing on it presents significant challenges. The lack of information and the difficulty of modifying the system make it hard to implement effective fuzzing oracles.
To address these issues, we propose QKSAN, a sanitizer framework suitable for binary-only kernels. QKSAN innovatively combines multiple types of sanitizers and employs an efficient hypervisor-level instrumentation method to detect memory violation bugs such as out-of-bound accesses and the use of uninitialized variables. Experiments have demonstrated that QKSAN can successfully detect various vulnerabilities in binary kernels like Linux and QNX and feasibly be applied to real-world systems fuzzing.
Open Access Media
USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.
author = {Yalong Zou and Ziqiu Cheng and Dongliang Mu},
title = {{WIP}: {QKSAN}: Towards Multiple Sanitizers for In-vehicle {COTS} {OS} Kernels},
booktitle = {3rd USENIX Symposium on Vehicle Security and Privacy (VehicleSec 25)},
year = {2025},
isbn = {978-1-939133-49-6},
address = {Seattle, WA},
pages = {279--288},
url = {https://www.usenix.org/conference/vehiclesec25/presentation/zou},
publisher = {USENIX Association},
month = aug
}
