Fuzzing Device Emulation in QEMU

A Boston University project

Virtual devices are the most common site for security bugs in hypervisors. In our evaluation, we found new bugs in devices such as serial and virtio-net, ranging from memory corruptions to denial-of-service vulnerabilities. By combining well known coverage guidance techniques with domain-specific feedback, we found promising fuzzer performance, even for complex targets such as hypervisors.

Boston University

Our flagship partnership, Boston University is the center of two major Red Hat initiatives: The Red Hat Collaboratory at Boston University, and the Mass Open Cloud. Both initiatives are dedicated to the idea that marrying research to the open source development methodology, using a partnership between scientists and open source developers, is a uniquely fast and fruitful way of putting great ideas into practice. Boston University is also the center of our Boston intern program, which generates more and more new Red Hatters with each passing year.

News

Red Hat Research brings sustainability to the edge

Red Hat Research brings sustainability to the edge

A data-science-driven sustainability project supported by Red Hat Research was recognized as a FIWARE iHub at the 2023 FIWARE Summit in Vienna, Austria. Based on the SmartaByar smart village in Sweden, the project was a recipient of the Red Hat Collaboratory at Boston University Research Incubation Award in 2022 and 2023. FIWARE describes iHubs as centers for accelerated growth that support companies, cities, and developers in their innovation and digitalization journey by offering easy access to open source technologies, business development support, and community building.

Related Projects

TitleSummaryResearch Area
ChRIS Research Integration ServiceChRIS (ChRIS Research Integration Service) is an infrastructure that initially started as an open source research project at the Boston …
Optimizing Kernel Paths for Performance and EnergyAdditional detail to be added
Discovering Opportunities for Optimizing OpenShift Energy ConsumptionAbstractDrawing from our collective experience, we believe a wide array of opportunities for implementing energy optimization exist within OpenShift. However, …,
Lock ’n Load: Deadlock Detection in Binary-only Kernel ModulesAdditional detail to be added
HySe – Hypervisor Security through Component-Wise FuzzingAdditional detail to be added
CoFHE: Compiler for Fully Homomorphic EncryptionIn today’s data-driven world, our personal data is frequently shared with enterprises and cloud service providers. Unfortunately, data processing in …, ,
CuratorOperator Curator is an air-gapped infrastructure consumption analysis tool for the Red Hat OpenShift Container Platform. The curator retrieves infrastructure …
Improving Cyber Security Operations using Knowledge GraphsAbstractThe objective of this project is to improve the workflow and performance of security operation centers, including automating several of …, ,
Minimal Mobile Systems via Cloud-based Adaptive Task ProcessingThe high cost of robots today has hindered their widespread use. Specifically, a limiting factor involves extensive hardware and software …,
Co-Ops: Collaborative Open Source and Privacy-Preserving Training for Learning to DriveNote: This project is a continuation of OSMOSIS: Open-Source Multi-Organizational Collaborative Training for Societal-Scale AI Systems. AbstractCurrent development of autonomous …,
CoDes : A co-design research lab to advance specialized hardware projectsCoDes research lab provides the infrastructure and engineering foundation needed to support co-design based specialized hardware research. The lab is currently located at Boston University, as part of the Red Hat – Boston University collaboratory., ,
Prototyping a Distributed, Asynchronous Workflow for Iterative Near-Term Ecological ForecastingAbstractThe ongoing data revolution has begun to fuel the growth of near-term iterative ecological forecasts: continually-updated predictions about the future …
FHELib: Fully Homomorphic Encryption Hardware Library for Privacy-preserving ComputingNote: Please visit the Privacy-Preserving Cloud Computing using Homomorphic Encryption project page for information on a related project. In today’s …, ,
SECURE-ED: Open-Source Infrastructure for Student Learning Disability Identification and Treatment The project aims to develop an infrastructure that would enable users to input data about an individual student and receive …
Relational Memory ControllerNote: See the Near-Data Data Transformation project page for information about the work that led to this project. Abstract: Data movement …
Learned Cost-Models for Robust TuningNote: Please see the Robust Data Systems Tuning project page for earlier results associated with this research. Abstract: Data systems’ performance is …
AI for Cloud OpsThis project aims to address this gap in effective cloud management and operations with a concerted, systematic approach to building and integrating AI-driven software analytics into production systems. We aim to provide a rich selection of heavily-automated “ops” functionality as well as intuitive, easily-accessible analytics to users, developers, and administrators, ,
Creating a global open research platform to better understand social sustainability using data from a real-life smart villageA BU team is working with SmartaByar and the Red Hat Social Innovation Program in order to create a global …, ,
DISL: A Dynamic Infrastructure Services Layer for Reconfigurable HardwareOpen programmable hardware offers tremendous opportunities for increased innovation, lower cost, greater flexibility, and customization in systems we can now …,
Practical Programming of FPGAs with Open Source ToolsThis project has evolved from the Practical programming of FPGAs in the data center and on the edge project. Please see …,
Near-Data Data TransformationBU faculty members Manos Athanassoulis and Renato Mancuso will work with Red Hat researchers Uli Drepper and Ahmed Sanaullah to create a hardware-software co-design paradigm for data systems that implements near-memory processing.,
Towards high performance and energy efficiency in open-source stream processing.BU faculty members Vasiliki Kalavari and Jonathan Appavoo will work with Red Hat researcher Sanjay Arora to create an open-source …
OSMOSIS: Open-Source Multi-Organizational Collaborative Training for Societal-Scale AI SystemsThe goal of our project is to develop a novel framework and cloud-based implementation for facilitating collaboration among highly heterogeneous research, development, and educational settings.,
Privacy-Preserving Cloud Computing using Homomorphic EncryptionNote: Please visit the FHELib: Fully Homomorphic Encryption Hardware Library for Privacy-preserving Computing project page for information on a related …, ,
Serverless Streaming Graph AnalyticsIn this project, we will focus on graph streams that can be used to model distributed systems, where workers are represented as nodes connected with edges that denote communication or dependencies.,
Enabling Intelligent In-Network Computing for Cloud SystemsWith the network infrastructure becoming highly programmable, it is time to rethink the role of networks in the cloud computing …,
Linux Computational CachingIn this speculative work we are attempting to explore a biologically motivated conjecture on how memory of past computing can be stored and recalled to automatically improve a system’s behavior., ,
The Open Education Project (OPE)In this project we are developing an exemplar set of materials for an introductory computers systems class that exploits, Jupyter, Jupyter Books, OpenShift and the the Mass Open Cloud to develop and deliver a unique educational experience for learning about how computer systems work.,
Symbiotes: A New step in Linux’s EvolutionThis work explores how a new kind of software entity, a symbiotie, might bridge this gap. By adding the ability for application software to shed the boundary that separates it from the OS kernel it is free to integrate, modify and evolve in to a hybrid that is both application and OS.,
Intelligent Data Synchronization for Hybrid CloudsThe goal of this project is to design configurable synchronization solutions on a common platform for a wide range of edge computing scenarios relevant to Red Hat. These solutions will be thoroughly validated on a state-of-the-art testbed capable of emulating realistic environments (e.g., smart cities)., ,
Secure cross-site analytics on OpenShift logsThe project aims to explore whether cryptographically secure Multi-Party Computation, or MPC for short, can be used to perform secure cross-site analytics on OpenShift logs with minimum client participation., ,
Robust Data Systems TuningNote: Please see the Learned Cost-Models for Robust Tuning project page for research that has grown from this project. See …,
Robust LSM-Trees Under Workload UncertaintyWe introduce a new robust tuning paradigm to aid in the design of data systems with uncertain assumptions by modeling the behavior of the system and then utilizing these models in conjunction with techniques in robust optimization. Our approach is demonstrated through tuning a popular log-structured merge-tree based storage engine, RocksDB
Does efficient, private, agnostic learning imply efficient, agnostic online learning?Users of online services today must trust platforms with their personal data. Platforms can choose to enable privacy by default …
Are Adversarial Attacks a Viable Solution to Individual Privacy?Users of online services today must trust platforms with their personal data. Platforms can choose to enable privacy by default …
Hybrid Cloud CachingA fundamental goal of the Hybrid Cloud Cache project is to allow simplified integration into existing data lakes, to enable caching to be transparently introduced into hybrid cloud computation, to support efficient caching of objects widely shared across clusters deployed by different organizations, and to avoid the complexity of managing a separate caching service on top of the data lake
Volume Storage Over Object StorageThis project creates a hybrid storage system composed of a high-speed local device (e.g. Optane) to store short term data, along with a write-once object store (e.g, Ceph RGW) to store data blocks permanently.
OpenInfra LabsOpenInfra Labs is an OpenStack Foundation project connecting open source projects to production to advance open source infrastructure. The project …, , , ,
Elastic Secure InfrastructureThis project encompasses work in several areas to design, build and evaluate secure bare-metal elastic infrastructure for data centers., ,
Open Cloud TestbedThe Open Cloud Testbed project will build and support a testbed for research and experimentation into new cloud platforms – the underlying software which provides cloud services to applications. Testbeds such as OCT are critical for enabling research into new cloud technologies – research that requires experiments which potentially change the operation of the cloud itself., , , ,
Kernel Techniques to Optimize Memory Bandwidth with Predictable LatencyRecent processors have started introducing the first mechanism to monitor and control memory bandwidth. Can we use these mechanisms to enable machines to be fully used while ensuring that primary workloads have deterministic performance? This project presents early results from using Intel’s Resource Director Technology and some insight into this new hardware support. The project also examines an algorithm using these tools to provide deterministic performance on different workloads.
Unikernel LinuxThis project aims to turn the Linux kernel into a unikernel with the following characteristics: 1) are easily compiled for any application, 2) use battle-tested, production Linux and glibc code, 3) allow the entire upstream Linux developer community to maintain and develop the code, and 4) provide applications normally running vanilla Linux to benefit from unikernel performance and security advantages.
Fuzzing Device Emulation in QEMUHypervisors—the software that allows a computer to simulate multiple virtual computers—form the backbone of cloud computing. Because they are both ubiquitous and essential, they are security-critical applications that make attractive targets for potential attackers., ,
Automatic Configuration of Complex HardwareIn this project, we pursue three goals towards this understanding: 1) identify, via a set of microbenchmarks, application characteristics that will illuminate mappings between hardware register values and their corresponding microbenchmark performance impact, 2) use these mappings to frame NIC configuration as a set of learning problems such that an automated system can recommend hardware settings corresponding to each network application, and 3) introduce either new dynamic or application instrumented policy into the device driver in order to better attune dynamic hardware configuration to application runtime behavior.
Quest-V, a Partitioning Hypervisor for Latency-Sensitive WorkloadsQuest-V is a separation kernel that partitions services of different criticality levels across separate virtual machines, or sandboxes. Each sandbox encapsulates a subset of machine physical resources that it manages without requiring intervention from a hypervisor. In Quest-V, a hypervisor is only needed to bootstrap the system, recover from certain faults, and establish communication channels between sandboxes.
Performance Management for Serverless ComputingServerless computing provides developers the freedom to build and deploy applications without worrying about infrastructure. Resources (memory, cpu, location) specified …