Communications of the ACM
Information Security Tech. Report
SSYM'00 Proceedings of the 9th conference on USENIX Security Symposium - Volume 9
Fuzzing: Brute Force Vulnerability Discovery
In this paper, we first give a short introduction to the security situation of virtualization technology, and then analyze the implementation challenges of the CPU virtualization component of a hybrid system virtual machine with support of running a guest machine of the IA-32 instruction set. Based on a formal definition of the CPU's execution state, we propose a fuzzing test case generation technique for both the operands and operators of instructions, which can be applied to fuzz testing the virtual machine monitor (VMM) of a hybrid system virtual machine.