|IEEE Security and Privacy 2019 selected the Razzer paper from the research team of Prof. Insik Shin|
Professor Insik Shin's lab developed a technique that automatically analyzes OS kernel vulnerability due to race condition. It will be published in one of the top-tier security conferences, the 40th IEEE Symposium on Security and Privacy.
This research, which is a joint research with Purdue university and Seoul National University, proposes a technology that analyzes race conditions very efficiently by controlling the execution time of CPU instructions. They developed a tool called Razzer, a competitive condition analysis tool by leveraging the proposed technology.
Razzer not only found 30 new vulnerabilities in Linux, which is a widely used Android kernel, but also contributed to the stability of Linux and Android as they quickly eliminated 15 vulnerabilites by collaborating with Linux kernel developers. This paper will be presented at IEEE S&P in San Francisco this May.