SyzRetrospector: A Large-Scale Retrospective Study of Syzbot
arxiv.org/pdf/2401.11642…
by Zhiyun Qian Ardalan Amiri Sani
Lots of great detailed data and insights on kernel fuzzing bugs found by syzbot

SyzRetrospector: A Large-Scale Retrospective Study of Syzbot

Joseph Bursey, Ardalan Amiri Sani Ardalan Amiri Sani, and Zhiyun Qian Zhiyun Qian published an article analyzing how changes in the Linux kernel and syzkaller influence the ability of syzbot to find bugs
arxiv.org/pdf/2401.11642…

We share the same observation. This is precisely what motivated our OOPSLA paper which showed, instead of being standalone, LLMs can be very helpful in enhancing traditional program analysis for bug finding (including previously unknown ones).

The latest generation LLMs are very good, but they cannot work all by themselves to replace program analysis. I believe it is a promising direction to understand how LLMs can complement program analysis (in selective settings). This study is really only scratching the surface.

A lot of people are skeptical about how useful LLMs are in bug finding, but our latest work accepted by OOPSLA improves static analysis with LLMs to detect UBI bugs in practice. We've uncovered some new bugs in the Linux kernel! #LLift #BugDetection #LLM #StaticAnalysis #Linux

Zhengchuan is presenting his work on automating the generation of kernel infoleaks. This is part of a bigger effort to automate the triage and exploitability analysis of kernel vulnerabilities. Interestingly, the talk is scheduled as the last talk in the 'ML security' session.

I’ll present my recent kernel exploitation paper at NDSS. Looking forward to see you all in Feb 28!

In this paper, we propose a graph-based framework to facilitate the generations of information leak exploits for the Linux kernel.

ndss-symposium.org/ndss-paper/k-l…

Ever wondered whether fuzzer-generated PoCs that work for Linux upstream can actually be reproduced (with or w/o root) in real-world Linux distributions, e.g., Ubuntu? Check out our paper. Bonus: open sourced solution to automatically answer the question given a PoC.

I’ll be presenting my recent exploit assessment paper at NDSS, looking forward to see you all.

In this paper, we investigate the problem of why upstream PoCs can’t trigger bugs on downstream and how to adapt the PoC accordingly.

ndss-symposium.org/wp-content/upl…

We’re hiring interns! jobs.careers.microsoft.com/global/en/job/…

As a security professional, this looks like a bad argument. Not sure if the people who made this decision have heard of 'less is more' when it comes to security, or consulted their security team (assuming there is one).

What an achievement, Dr. Zhai! Great job on the challenging journey of static analysis! Can't wait to see what you will do next.