English

G-Fuzz: A Directed Fuzzing Framework for gVisor

Cryptography and Security 2024-09-23 v1

Abstract

gVisor is a Google-published application-level kernel for containers. As gVisor is lightweight and has sound isolation, it has been widely used in many IT enterprises \cite{Stripe, DigitalOcean, Cloundflare}. When a new vulnerability of the upstream gVisor is found, it is important for the downstream developers to test the corresponding code to maintain the security. To achieve this aim, directed fuzzing is promising. Nevertheless, there are many challenges in applying existing directed fuzzing methods for gVisor. The core reason is that existing directed fuzzers are mainly for general C/C++ applications, while gVisor is an OS kernel written in the Go language. To address the above challenges, we propose G-Fuzz, a directed fuzzing framework for gVisor. There are three core methods in G-Fuzz, including lightweight and fine-grained distance calculation, target related syscall inference and utilization, and exploration and exploitation dynamic switch. Note that the methods of G-Fuzz are general and can be transferred to other OS kernels. We conduct extensive experiments to evaluate the performance of G-Fuzz. Compared to Syzkaller, the state-of-the-art kernel fuzzer, G-Fuzz outperforms it significantly. Furthermore, we have rigorously evaluated the importance for each core method of G-Fuzz. G-Fuzz has been deployed in industry and has detected multiple serious vulnerabilities.

Keywords

Cite

@article{arxiv.2409.13139,
  title  = {G-Fuzz: A Directed Fuzzing Framework for gVisor},
  author = {Yuwei Li and Yuan Chen and Shouling Ji and Xuhong Zhang and Guanglu Yan and Alex X. Liu and Chunming Wu and Zulie Pan and Peng Lin},
  journal= {arXiv preprint arXiv:2409.13139},
  year   = {2024}
}

Comments

This paper has published in IEEE Transactions on Dependable and Secure Computing (TDSC), https://ieeexplore.ieee.org/abstract/document/10049484/citations?tabFilter=papers#citations

R2 v1 2026-06-28T18:50:50.272Z