Seccomp Filters from Fuzzing

Marcus Gelderie, Valentin Barth, Maximilian Luff, Julian Birami

2022

Abstract

Seccomp is an integral part of Linux sandboxes, but intimate knowledge of the required syscalls of a program are required. We present a fuzzer-based dynamic approach to auto-generate seccomp filters that permit only the required syscalls. In our model, a syscall is required, if any execution path leads to its invocation. Our implementation combines a symbolic execution step and a custom mutator to take command line flags into account and achieve a large coverage of the SUT. We provide an evaluation of our tool on popular command line tools and find up to 100% of the system calls found through manual analysis.

Download


Paper Citation


in Harvard Style

Gelderie M., Barth V., Luff M. and Birami J. (2022). Seccomp Filters from Fuzzing. In Proceedings of the 19th International Conference on Security and Cryptography - Volume 1: SECRYPT, ISBN 978-989-758-590-6, pages 507-512. DOI: 10.5220/0011145100003283


in Bibtex Style

@conference{secrypt22,
author={Marcus Gelderie and Valentin Barth and Maximilian Luff and Julian Birami},
title={Seccomp Filters from Fuzzing},
booktitle={Proceedings of the 19th International Conference on Security and Cryptography - Volume 1: SECRYPT,},
year={2022},
pages={507-512},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0011145100003283},
isbn={978-989-758-590-6},
}


in EndNote Style

TY - CONF

JO - Proceedings of the 19th International Conference on Security and Cryptography - Volume 1: SECRYPT,
TI - Seccomp Filters from Fuzzing
SN - 978-989-758-590-6
AU - Gelderie M.
AU - Barth V.
AU - Luff M.
AU - Birami J.
PY - 2022
SP - 507
EP - 512
DO - 10.5220/0011145100003283