Truman: Constructing Device Behavior Models from OS Drivers to Fuzz Virtual Devices
Zheyu Ma
Network and Distributed System Security (NDSS) Symposium 2025 · Day 2 · Fuzzing 1
In the rapidly expanding landscape of cloud computing, hypervisors serve as the foundational layer, orchestrating virtual machines and ensuring the efficient, isolated, and secure sharing of hardware resources. Major cloud providers like AWS and Azure fundamentally rely on these hypervisors. However, their critical role also makes them a prime target for sophisticated attackers, with vulnerabilities in virtual devices posing a significant threat for virtual machine (VM) escapes.
AI review
Solid academic systems security research with a genuinely clever core insight: driver code is the behavioral specification for the virtual device, so mine it instead of manually writing grammars. The results — 54 new bugs, 6 CVEs across QEMU, VirtualBox, VMware, and Parallels — validate the approach against real targets. Not a paradigm-shattering paper, but the kind of careful, well-scoped work that actually advances the field.