Patrick-Evans, James; Cavallaro, Lorenzo; Kinder, Johannes; (2017) POTUS: probing off-the-shelf USB drivers with symbolic fault injection. In: WOOT'17: Proceedings of the 11th USENIX Conference on Offensive Technologies. (pp. pp. 1-10). USENIX Association: New York, NY, United States.

Preview

PDF woot17-paper-patrick-evans.pdf - Accepted Version Download (402kB) | Preview

Abstract

USB client device drivers are a haven for software bugs, due to the sheer variety of devices and the tendency of maintenance to slip as devices age. At the same time, the high privilege level of drivers makes them a prime target for exploitation. We present the design and implementation of POTUS, a system for automatically finding vulnerabilities in USB device drivers for Linux, which is based on fault injection, concurrency fuzzing, and symbolic execution. Built on the S2E framework, POTUS exercises the driver under test in a complete virtual machine. It includes a generic USB device that can impersonate arbitrary devices and implements a symbolic fault model. With our prototype implementation, we found and confirmed two previously undiscovered zero-days in the mainline Linux kernel. Furthermore, we show that one of these vulnerabilities can lead to a data-only exploit affecting even hardened systems protected with the latest software and hardware defenses.

Download activity - last month

Export as XMLCSVJSON

Download activity - last 12 months

Export as XMLCSVJSON

Downloads by country - last 12 months

Export as XMLCSVJSON

Archive Staff Only

View Item