ReFuzz — Structure Aware Fuzzing of the Resilient File System (ReFS)

Groß T, Schleier T, Müller T (2022)

Publication Language: English

Publication Type: Conference contribution, Conference Contribution

Publication year: 2022

Conference Proceedings Title: Proceedings of the 2022 ACM Asia Conference on Computer and Communications Security (ASIA CCS '22)

Event location: Nagasaki JP

DOI: 10.1145/3488932.3523260

Abstract

The Resilient File System (ReFS) from Microsoft promises new features such as increased performance and resilience compared to the New Technology File System (NTFS). On the downside, the ReFS drivers are growing more extensive and more complex, increasing the attack surface of the Windows kernel. Attackers can often use security-critical bugs in file system drivers to escalate privileges by mounting a file system. In this work, we present ReFuzz, a structure-aware fuzzer that uses hardware-assisted code coverage to identify bugs in the ReFS driver. The ReFS file system offers several challenges to fuzzing because first, while ReFS is not documented, it exhaustively uses checksums. Second, the minimal size of a ReFS partition is 2GB, notably decreasing the performance of naive fuzzing approaches.


We demonstrate the effectiveness of our fuzzing approach by finding 27 unique payloads that panic the Windows kernel when mounting or accessing ReFS partitions. Furthermore, we find 162 unique payloads that lead to a system hang-up. Microsoft confirmed those bugs and acknowledged ten unique issues which are security-critical, eight of them allowing remote code execution attacks and got assigned with a CVE number.

Authors with CRIS profile

Tobias Groß Lehrstuhl für Informatik 1 (IT-Sicherheitsinfrastrukturen) Tilo Müller Lehrstuhl für Informatik 1 (IT-Sicherheitsinfrastrukturen)

How to cite

APA:

Groß, T., Schleier, T., & Müller, T. (2022). ReFuzz — Structure Aware Fuzzing of the Resilient File System (ReFS). In Proceedings of the 2022 ACM Asia Conference on Computer and Communications Security (ASIA CCS '22). Nagasaki, JP.

MLA:

Groß, Tobias, Tobias Schleier, and Tilo Müller. "ReFuzz — Structure Aware Fuzzing of the Resilient File System (ReFS)." Proceedings of the 2022 ACM Asia Conference on Computer and Communications Security (ASIA CCS '22), Nagasaki 2022.

BibTeX: Download