Hi,
I'm currently a Ph.D. student of the University of Georgia. My area of interest is virtualization and security.
The security vulnerabilities of the virtual devices of QEMU are usually hard to find because generating specific inputs that can trigger the vulnerabilities for a vulnerable virtual device are not easy in given the device is running in the whole QEMU environment, and also some of the vulnerabilities can lead to undefined behavior instead of crashing the execution of the virtual device and QEMU, which makes them harder to detect.
The idea of extracting virtual device implementation comes from the observation that dynamic analysis and symbolic execution techniques brings a lot of advantages to software testing and debugging, especially in locating vulnerabilities, but with the large code base of QEMU, it is not easy to apply these techniques when testing some specific code implementation or performing regression tests.
The purpose of the project is to implement an interface that can extract the implementation of the virtual devices and make them executable outside of the QEMU environment, which will benefit later testing and making the test of the virtual devices more flexible and more thoroughly.
Thanks,
Guodong Zhu