Seccomp Filters from Fuzzing
Marcus Gelderie, Valentin Barth, Maximilian Luff, Julian Birami
2022
Abstract
Seccomp is an integral part of Linux sandboxes, but intimate knowledge of the required syscalls of a program are required. We present a fuzzer-based dynamic approach to auto-generate seccomp filters that permit only the required syscalls. In our model, a syscall is required, if any execution path leads to its invocation. Our implementation combines a symbolic execution step and a custom mutator to take command line flags into account and achieve a large coverage of the SUT. We provide an evaluation of our tool on popular command line tools and find up to 100% of the system calls found through manual analysis.
DownloadPaper Citation
in Harvard Style
Gelderie M., Barth V., Luff M. and Birami J. (2022). Seccomp Filters from Fuzzing. In Proceedings of the 19th International Conference on Security and Cryptography - Volume 1: SECRYPT, ISBN 978-989-758-590-6, pages 507-512. DOI: 10.5220/0011145100003283
in Bibtex Style
@conference{secrypt22,
author={Marcus Gelderie and Valentin Barth and Maximilian Luff and Julian Birami},
title={Seccomp Filters from Fuzzing},
booktitle={Proceedings of the 19th International Conference on Security and Cryptography - Volume 1: SECRYPT,},
year={2022},
pages={507-512},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0011145100003283},
isbn={978-989-758-590-6},
}
in EndNote Style
TY - CONF
JO - Proceedings of the 19th International Conference on Security and Cryptography - Volume 1: SECRYPT,
TI - Seccomp Filters from Fuzzing
SN - 978-989-758-590-6
AU - Gelderie M.
AU - Barth V.
AU - Luff M.
AU - Birami J.
PY - 2022
SP - 507
EP - 512
DO - 10.5220/0011145100003283