Fuzzing Device Emulation in QEMU

A Boston University project

Virtual devices are the most common site for security bugs in hypervisors. In our evaluation, we found new bugs in devices such as serial and virtio-net, ranging from memory corruptions to denial-of-service vulnerabilities. By combining well known coverage guidance techniques with domain-specific feedback, we found promising fuzzer performance, even for complex targets such as hypervisors.

Boston University

Our flagship partnership, Boston University is the center of two major Red Hat initiatives: The Red Hat Collaboratory at Boston University, and the Mass Open Cloud. Both initiatives are dedicated to the idea that marrying research to the open source development methodology, using a partnership between scientists and open source developers, is a uniquely fast and fruitful way of putting great ideas into practice. Boston University is also the center of our Boston intern program, which generates more and more new Red Hatters with each passing year.

News

Related Projects

TitleSummaryResearch Area
Workflow-Centric Tracing for Cloud ApplicationsWorkflow-centric tracing allows traces (i.e., graphs) of requests’ workflows to be constructed by stitching together trace points with the same request context. Three collaboratory projects focus on improving the observability and diagnosability of Red Hat products using this technique.
Hybrid Cloud CachingA fundamental goal of the Hybrid Cloud Cache project is to allow simplified integration into existing data lakes, to enable caching to be transparently introduced into hybrid cloud computation, to support efficient caching of objects widely shared across clusters deployed by different organizations, and to avoid the complexity of managing …
Volume Storage Over Object StorageThis project creates a hybrid storage system composed of a high-speed local device (e.g. Optane) to store short term data, along with a write-once object store (e.g, Ceph RGW) to store data blocks permanently.
Kariz Cache Prefetching and ManagementKariz is a caching system that works closely with analytic frameworks scheduler to find the best caching policy for the current running application.
PACT: Private Automated Contact Tracing
OpenInfra LabsOpenInfra Labs is an OpenStack Foundation project connecting open source projects to production to advance …, , , ,
Elastic Secure InfrastructureThis project encompasses work in several areas to design, build and evaluate secure bare-metal elastic infrastructure for data centers., ,
Open Cloud TestbedThe Open Cloud Testbed project will build and support a testbed for research and experimentation into new cloud platforms – the underlying software which provides cloud services to applications. Testbeds such as OCT are critical for enabling research into new cloud technologies – research that requires experiments which potentially change …, , , ,
Implementing Secure Multi-Party ComputingSecure Multiparty Computation (MPC) is a cryptographic primitive that allows several parties to jointly and privately compute desired functions over secret data. Building and deploying practical MPC applications faces several obstacles, including performance overhead, complicated deployment and setup procedures, and adoption of MPC protocols into modern software stacks. MPC applications …,
Outfitting QEMU/KVM with Partitioning Hypervisor FunctionalityThis project extends the virtualization capabilities of QEMU and KVM by adding partitioning hypervisor functionality. With this implementation, hardware resources can be exclusively assigned to specific tasks and VMs. Current work supports KVM Isolation IOCTLs to query CPUs to find isolated CPUs.
An Optimizing Operating System: Accelerating Execution With SpeculationTo optimize performance, Automatically Scalable Computation (ASC), a Harvard/BU collaboration attempts to auto-parallelize single threaded workloads, reducing any new effort required from programmers to achieve wall clock speedup. SEUSS takes a different approach by splicing a custom operating system into the backend of a high throughput distributed serverless platform, Apache …,
Kernel Techniques to Optimize Memory Bandwidth with Predictable LatencyRecent processors have started introducing the first mechanism to monitor and control memory bandwidth. Can we use these mechanisms to enable machines to be fully used while ensuring that primary workloads have deterministic performance? This project presents early results from using Intel’s Resource Director Technology and some insight into this …
Unikernel LinuxThis project aims to turn the Linux kernel into a unikernel with the following characteristics: 1) are easily compiled for any application, 2) use battle-tested, production Linux and glibc code, 3) allow the entire upstream Linux developer community to maintain and develop the code, and 4) provide applications normally running …
Code2Vec: Learning code representationsThis project analyzed semantic similarities of learned code embeddings parsed from open source python libraries such as numpy, pandas and sklearn. Still in progress is another analysis that learns code embeddings in a supervised manner with the C++ codebase for performance measurement of program execution in CPU with performance counters …
Fuzzing Device Emulation in QEMUHypervisors—the software that allows a computer to simulate multiple virtual computers—form the backbone of cloud computing. Because they are both ubiquitous and essential, they are security-critical applications that make attractive targets for potential attackers., ,
D3N: A Multi-Layer Cache for Data CentersThis project designs and develops D3N, a novel multi-layer cooperative caching architecture that mitigates network imbalances by caching data on the access side of each layer of hierarchical network topology. A prototype implementation, which incorporates a two-layer cache, is highly-performant (can read cached data at 5GB/s, the maximum speed of …
FPGAs in Large-Scale Computer SystemsWe will highlight many ways to deploy FPGAs in a data center node, such as traditional back-end accelerators, tightly coupled off-load processors, Smart NICs, Bump-in-the-Wire, MPC accelerators and even FPGAs in the router itself. We will also discuss our efforts to make these devices accessible globally accessible, through deeper integration …, ,
Automatic Configuration of Complex HardwareIn this project, we pursue three goals towards this understanding: 1) identify, via a set of microbenchmarks, application characteristics that will illuminate mappings between hardware register values and their corresponding microbenchmark performance impact, 2) use these mappings to frame NIC configuration as a set of learning problems such that an …
Quest-V, a Partitioning Hypervisor for Latency-Sensitive WorkloadsQuest-V is a separation kernel that partitions services of different criticality levels across separate virtual machines, or sandboxes. Each sandbox encapsulates a subset of machine physical resources that it manages without requiring intervention from a hypervisor. In Quest-V, a hypervisor is only needed to bootstrap the system, recover from certain …
Performance Management for Serverless ComputingServerless computing provides developers the freedom to build and deploy applications without worrying about infrastructure. …