{"id":"https://openalex.org/W4388624559","doi":"https://doi.org/10.1109/tdsc.2023.3330852","title":"KextFuzz: A Practical Fuzzer for macOS Kernel EXTensions on Apple Silicon","display_name":"KextFuzz: A Practical Fuzzer for macOS Kernel EXTensions on Apple Silicon","publication_year":2023,"publication_date":"2023-11-13","ids":{"openalex":"https://openalex.org/W4388624559","doi":"https://doi.org/10.1109/tdsc.2023.3330852"},"language":"en","primary_location":{"id":"doi:10.1109/tdsc.2023.3330852","is_oa":false,"landing_page_url":"http://dx.doi.org/10.1109/tdsc.2023.3330852","pdf_url":null,"source":{"id":"https://openalex.org/S133795288","display_name":"IEEE Transactions on Dependable and Secure Computing","issn_l":"1545-5971","issn":["1545-5971","1941-0018","2160-9209"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320439","host_organization_name":"IEEE Computer Society","host_organization_lineage":["https://openalex.org/P4310320439","https://openalex.org/P4310319808"],"host_organization_lineage_names":["IEEE Computer Society","Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Dependable and Secure Computing","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5101752838","display_name":"Tingting Yin","orcid":"https://orcid.org/0000-0003-1231-4050"},"institutions":[{"id":"https://openalex.org/I99065089","display_name":"Tsinghua University","ror":"https://ror.org/03cve4549","country_code":"CN","type":"education","lineage":["https://openalex.org/I99065089"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Tingting Yin","raw_affiliation_strings":["Zhongguancun Laboratory, Tsinghua University, Beijing, China"],"affiliations":[{"raw_affiliation_string":"Zhongguancun Laboratory, Tsinghua University, Beijing, China","institution_ids":["https://openalex.org/I99065089"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5039055846","display_name":"Zicong Gao","orcid":"https://orcid.org/0000-0003-2789-1731"},"institutions":[{"id":"https://openalex.org/I169689159","display_name":"PLA Information Engineering University","ror":"https://ror.org/00mm1qk40","country_code":"CN","type":"education","lineage":["https://openalex.org/I169689159"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Zicong Gao","raw_affiliation_strings":["School of Cyber Science and Engineering, Information Engineering University, Zhengzhou, Henan, China"],"affiliations":[{"raw_affiliation_string":"School of Cyber Science and Engineering, Information Engineering University, Zhengzhou, Henan, China","institution_ids":["https://openalex.org/I169689159"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5014689578","display_name":"Zhenghang Xiao","orcid":"https://orcid.org/0009-0007-1209-6555"},"institutions":[{"id":"https://openalex.org/I99065089","display_name":"Tsinghua University","ror":"https://ror.org/03cve4549","country_code":"CN","type":"education","lineage":["https://openalex.org/I99065089"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Zhenghang Xiao","raw_affiliation_strings":["Tsinghua University, Beijing, China"],"affiliations":[{"raw_affiliation_string":"Tsinghua University, Beijing, China","institution_ids":["https://openalex.org/I99065089"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5051740371","display_name":"Zheyu Ma","orcid":"https://orcid.org/0000-0002-0710-326X"},"institutions":[{"id":"https://openalex.org/I99065089","display_name":"Tsinghua University","ror":"https://ror.org/03cve4549","country_code":"CN","type":"education","lineage":["https://openalex.org/I99065089"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Zheyu Ma","raw_affiliation_strings":["Tsinghua University, Beijing, China"],"affiliations":[{"raw_affiliation_string":"Tsinghua University, Beijing, China","institution_ids":["https://openalex.org/I99065089"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5114973725","display_name":"Min Zheng","orcid":"https://orcid.org/0000-0003-3731-2756"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Min Zheng","raw_affiliation_strings":["Ant Group, Hangzhou, Zhejiang, China"],"affiliations":[{"raw_affiliation_string":"Ant Group, Hangzhou, Zhejiang, China","institution_ids":[]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5100460096","display_name":"Chao Zhang","orcid":"https://orcid.org/0000-0001-7894-8828"},"institutions":[{"id":"https://openalex.org/I99065089","display_name":"Tsinghua University","ror":"https://ror.org/03cve4549","country_code":"CN","type":"education","lineage":["https://openalex.org/I99065089"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Chao Zhang","raw_affiliation_strings":["Zhongguancun Laboratory, Tsinghua University, Beijing, China"],"affiliations":[{"raw_affiliation_string":"Zhongguancun Laboratory, Tsinghua University, Beijing, China","institution_ids":["https://openalex.org/I99065089"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":6,"corresponding_author_ids":["https://openalex.org/A5101752838"],"corresponding_institution_ids":["https://openalex.org/I99065089"],"apc_list":null,"apc_paid":null,"fwci":0.174,"has_fulltext":false,"cited_by_count":1,"citation_normalized_percentile":{"value":0.5823604,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":96,"max":99},"biblio":{"volume":"21","issue":"4","first_page":"3453","last_page":"3468"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9990000128746033,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9990000128746033,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9987000226974487,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9710000157356262,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/fuzz-testing","display_name":"Fuzz testing","score":0.8776506185531616},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8315303325653076},{"id":"https://openalex.org/keywords/kernel","display_name":"Kernel (algebra)","score":0.5685243606567383},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.5367210507392883},{"id":"https://openalex.org/keywords/source-code","display_name":"Source code","score":0.47135797142982483},{"id":"https://openalex.org/keywords/sparql","display_name":"SPARQL","score":0.4130093455314636},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.39288628101348877},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.18821540474891663},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.177950918674469},{"id":"https://openalex.org/keywords/rdf","display_name":"RDF","score":0.15600842237472534},{"id":"https://openalex.org/keywords/semantic-web","display_name":"Semantic Web","score":0.09564068913459778}],"concepts":[{"id":"https://openalex.org/C111065885","wikidata":"https://www.wikidata.org/wiki/Q1189053","display_name":"Fuzz testing","level":3,"score":0.8776506185531616},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8315303325653076},{"id":"https://openalex.org/C74193536","wikidata":"https://www.wikidata.org/wiki/Q574844","display_name":"Kernel (algebra)","level":2,"score":0.5685243606567383},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.5367210507392883},{"id":"https://openalex.org/C43126263","wikidata":"https://www.wikidata.org/wiki/Q128751","display_name":"Source code","level":2,"score":0.47135797142982483},{"id":"https://openalex.org/C41009113","wikidata":"https://www.wikidata.org/wiki/Q54871","display_name":"SPARQL","level":4,"score":0.4130093455314636},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.39288628101348877},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.18821540474891663},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.177950918674469},{"id":"https://openalex.org/C147497476","wikidata":"https://www.wikidata.org/wiki/Q54872","display_name":"RDF","level":3,"score":0.15600842237472534},{"id":"https://openalex.org/C2129575","wikidata":"https://www.wikidata.org/wiki/Q54837","display_name":"Semantic Web","level":2,"score":0.09564068913459778},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.0},{"id":"https://openalex.org/C114614502","wikidata":"https://www.wikidata.org/wiki/Q76592","display_name":"Combinatorics","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/tdsc.2023.3330852","is_oa":false,"landing_page_url":"http://dx.doi.org/10.1109/tdsc.2023.3330852","pdf_url":null,"source":{"id":"https://openalex.org/S133795288","display_name":"IEEE Transactions on Dependable and Secure Computing","issn_l":"1545-5971","issn":["1545-5971","1941-0018","2160-9209"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320439","host_organization_name":"IEEE Computer Society","host_organization_lineage":["https://openalex.org/P4310320439","https://openalex.org/P4310319808"],"host_organization_lineage_names":["IEEE Computer Society","Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Dependable and Secure Computing","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions","score":0.5600000023841858}],"awards":[{"id":"https://openalex.org/G5777954143","display_name":null,"funder_award_id":"61972224","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G7422924211","display_name":null,"funder_award_id":"BNR2022RC01006","funder_id":"https://openalex.org/F4320329777","funder_display_name":"Beijing National Research Center For Information Science And Technology"}],"funders":[{"id":"https://openalex.org/F4320321001","display_name":"National Natural Science Foundation of China","ror":"https://ror.org/01h0zpd94"},{"id":"https://openalex.org/F4320329777","display_name":"Beijing National Research Center For Information Science And Technology","ror":null}],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":["https://openalex.org/W2511770387","https://openalex.org/W3120811337","https://openalex.org/W2766647240","https://openalex.org/W4385301282","https://openalex.org/W2990186179","https://openalex.org/W4210660460","https://openalex.org/W3203597304","https://openalex.org/W4248424560","https://openalex.org/W3119380829","https://openalex.org/W2521811015"],"abstract_inverted_index":{"macOS":[0,29,71,106,173],"drivers,":[1],"i.e.,":[2],"Kernel":[3],"EXTensions":[4],"(kexts),":[5],"are":[6,23],"attractive":[7],"attack":[8],"targets":[9],"for":[10,133,148],"adversaries.":[11],"However,":[12],"automatically":[13],"discovering":[14],"vulnerabilities":[15],"in":[16,68,171],"kexts":[17,22,72,174],"is":[18,99],"extremely":[19],"challenging":[20],"because":[21],"mostly":[24],"closed-source,":[25],"and":[26,43,97,101,116,131,154,160,175],"the":[27,51,59,69,146,152,172],"latest":[28,52,70],"running":[30,73,186],"on":[31,74],"customized":[32],"Apple":[33,75],"Silicon":[34],"has":[35,107,165],"limited":[36],"tool-chain":[37],"support.":[38],"Most":[39],"existing":[40,78],"static":[41],"analysis":[42],"dynamic":[44],"testing":[45],"solutions":[46],"cannot":[47],"be":[48],"applied":[49],"to":[50,65,121,135,144],"macOS.":[53],"In":[54],"this":[55],"paper,":[56],"we":[57],"present":[58],"first":[60],"end-to-end":[61],"fuzzing":[62,80],"solution":[63],"KextFuzz":[64,82,139,164],"detect":[66],"bugs":[67,170,180],"Silicon.":[76],"Unlike":[77],"driver":[79],"solutions,":[81],"does":[83],"not":[84],"require":[85],"source":[86],"code,":[87],"execution":[88],"traces,":[89],"hypervisors,":[90],"or":[91],"hardware":[92],"features":[93],"(e.g.,":[94],"coverage":[95,149],"tracing)":[96],"thus":[98],"universal":[100],"practical.":[102],"We":[103],"note":[104],"that":[105],"deployed":[108],"many":[109],"mitigations,":[110],"including":[111],"pointer":[112],"authentication,":[113],"code":[114,188],"signature,":[115],"userspace":[117],"kernel":[118,137,169,190],"layer":[119],"wrappers,":[120],"thwart":[122],"potential":[123],"attacks.":[124],"These":[125],"mitigations":[126],"can":[127],"provide":[128],"extra":[129],"knowledge":[130],"resources":[132],"us":[134],"enable":[136],"fuzzing.":[138],"exploits":[140],"these":[141],"mitigation":[142],"schemes":[143],"instrument":[145],"binary":[147],"tracking,":[150],"infer":[151],"type":[153],"semantic":[155],"information":[156],"of":[157],"kext":[158],"interfaces,":[159],"generate":[161],"multi-dimension":[162],"inputs.":[163],"found":[166],"49":[167],"unique":[168],"got":[176],"five":[177],"CVEs.":[178],"Some":[179],"could":[181],"cause":[182],"severe":[183],"consequences":[184],"like":[185],"arbitrary":[187],"with":[189],"privilege.":[191]},"counts_by_year":[{"year":2026,"cited_by_count":1}],"updated_date":"2026-03-27T05:58:40.876381","created_date":"2025-10-10T00:00:00"}