BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//Memento EPFL//
BEGIN:VEVENT
SUMMARY:Testing the Hypervisor Boundary: Semantic Oracles and Adversarial 
 Input Generation for pKVM
DTSTART:20260622T130000
DTEND:20260622T150000
DTSTAMP:20260526T170125Z
UID:853d3db2ed722ab286e82d647f18d65d276dac371186a76b1af7f10c
CATEGORIES:Conferences - Seminars
DESCRIPTION:Sofiia Saltovskaia\nEDIC candidacy exam\nExam president: Prof.
  Katerina Argyraki\nThesis advisor: Prof. Mathias Payer\nCo-examiner: Prof
 . Thomas Bourgeat\n\nAbstract\nHypervisors underpin modern confidential co
 mputing stacks\, yet their exposed interfaces - hypercalls\, fault handler
 s\, and device interactions - remain a large and under-tested attack surfa
 ce. Existing approaches fall short: coverage-driven fuzzers (e.g.\, HYPERP
 ILL) explore broadly but rely on crash oracles\, missing non-crashing vuln
 erabilities\, while specification-based systems (e.g.\, Ghost) detect sema
 ntic violations but constrain input generation and under explore adversari
 al cases.\n\nThis thesis focuses on systematic bug finding in pKVM by comb
 ining semantic oracles with coverage-guided\, adversarial fuzzing. Executa
 ble interface specifications are used to flag behavioral inconsistencies\,
  while mutation-based input generation deliberately produces both valid an
 d model-violating inputs to reach boundary conditions and deep execution p
 aths. The approach further incorporates EL2 coverage feedback and concurre
 nt vCPU sequences to expose bugs such as silent state corruption\, ownersh
 ip violations\, and TOCTOU races.\n\nThe goal is to uncover security-criti
 cal vulnerabilities that evade both crash-based fuzzing and model-constrai
 ned testing\, particularly in unspecified or adversarial input classes. Mo
 re broadly\, the work aims to establish a practical methodology for bug-dr
 iven testing of production hypervisors.\n\nSelected papers\ncoming soon
LOCATION:BC 133 https://plan.epfl.ch/?room==BC%20133
STATUS:CONFIRMED
END:VEVENT
END:VCALENDAR