Fuzz testing in AWS Firecracker hypervisor

摘要

Virtualization technologies employed by the cloud providers allow scalable and fast deployment of computation resources at a small cost. Being a core component in the cloud configuration, the hypervisor becomes the target of outside attacks that try to disrupt the normal operation of other users’ systems or to gain control over the cloud infrastructure. Therefore, an effective and reliable method of discovering security vulnerabilities inside the hypervisors is needed.We created a testing environment that employs fuzzing to detect possible vulnerabilities inside the Firecracker hypervisor. We present a complete fuzzing toolchain that can be integrated into the Firecracker development cycle to discover and report bugs that can be missed by other testing methods. Our solution was internally tested by the Amazon Web Services team with promising results.