Fuzzing is an efficient technique to find bugs and vulnerabilities in the software. Todays BSD based operating systems allows using such techniques to test the kernel code easily. This talk is designated to be a starting point for everyone who would like to start his journey with fuzzing his BSD kernel as well provide all necessary information needed.
The kernel is a central part of most of the modern operating systems. This place where hardware meets software controls main subsystems like Networking Stack (and other communication stacks), File Systems, Security and many other. Due to this fact security of overall system relay on the safety of the kernel. One of the well-proven techniques to test software security is fuzzing. For the last couple of years, researchers found a long list of vulnerabilities in many popular Open Source projects thanks to the efficiency of this technique. Kernel fuzzing was always more complicated than userspace programs. Nevertheless, that is constantly improving and today's entry barrier is much lower than it used to be, thanks to the improvement made in recent years. For the last couple of years, NetBSD became strong with new security features in the BSD world, as Sanitizers or Fuzzers. Due to the work of the community, it grew to an attractive target for people interested in operating systems and security. Fuzzing can be also a very beneficial technique for kernel and drivers developers who want to improve or test the security of their code.
Speakers: Maciej Grochowski