AUTOMATED TESTING OF OPERATING SYSTEM (OS) KERNEL HELPER FUNCTIONS ACCESSIBLE THROUGH EXTENDED BPF (eBPF) FILTERS

Organization Name

international business machines corporation

Inventor(s)

Anthony Saieva of New York NY (US)

Frederico Araujo of Mahopac NY (US)

Sanjeev Das of White Plains NY (US)

Michael Vu Le of Danbury CT (US)

Jiyong Jang of Chappaqua NY (US)

AUTOMATED TESTING OF OPERATING SYSTEM (OS) KERNEL HELPER FUNCTIONS ACCESSIBLE THROUGH EXTENDED BPF (eBPF) FILTERS - A simplified explanation of the abstract

This abstract first appeared for US patent application 20240104221 titled 'AUTOMATED TESTING OF OPERATING SYSTEM (OS) KERNEL HELPER FUNCTIONS ACCESSIBLE THROUGH EXTENDED BPF (eBPF) FILTERS

Simplified Explanation

The abstract describes a method to test an OS kernel interface, such as an eBPF helper function, using eBPF code and a fuzzing engine. Additional user space code is configured to generate a kernel event that triggers the eBPF code to run, and to transform inputs from the fuzzing engine according to the grammar that defines the kernel interface. The eBPF code is loaded into the OS kernel, and as the fuzzing engine executes, the eBPF code records arguments sent to the OS kernel through the interface, evaluating the security of the kernel interface.

• Method to test an OS kernel interface using eBPF code and a fuzzing engine
• Additional user space code configured to generate a kernel event triggering the eBPF code
• Transformation of inputs from the fuzzing engine according to the interface grammar
• Recording of arguments sent to the OS kernel through the interface by the eBPF code
• Evaluation of the security of the kernel interface based on recorded arguments and diagnostic information

Potential Applications

The technology can be applied in testing and evaluating the security of OS kernel interfaces, ensuring they function correctly and securely.

Problems Solved

This technology addresses the challenge of testing complex OS kernel interfaces, providing a method to evaluate their security and functionality effectively.

Benefits

The method offers a systematic approach to testing OS kernel interfaces, enhancing their security and reliability in operation.

Potential Commercial Applications

The technology can be valuable for companies developing software that interacts with OS kernel interfaces, ensuring the security and reliability of their products.

Possible Prior Art

Prior art may include methods for testing software interfaces and fuzz testing techniques in software development.

Unanswered Questions

How does this method compare to traditional testing approaches for OS kernel interfaces?

The article does not provide a direct comparison to traditional testing methods for OS kernel interfaces.

What are the limitations of using eBPF code and a fuzzing engine for testing kernel interfaces?

The article does not discuss potential limitations or challenges of using eBPF code and a fuzzing engine for testing OS kernel interfaces.

Original Abstract Submitted

a method to test an os kernel interface, such as an ebpf helper function. the interface has a grammar that defines the kernel interface. testing is carried out using ebpf code that invokes and tests the interface using a fuzzing engine. to facilitate the process, additional user space code is configured to generate at least one kernel event that triggers the ebpf code to run, and to transform inputs from the fuzzing engine according to the grammar that defines the kernel interface. after loading the ebpf code into the os kernel, the user space code issues the kernel event that causes the ebpf code to run. in response, and as the fuzzing engine executes, the ebpf code records arguments sent to the os kernel through the kernel interface. the arguments are passed through a data structure shared by the ebpf code and the user space code. by recording the arguments and other diagnostic information, the security of the kernel interface is evaluated.