Testing the Hypervisor Boundary: Semantic Oracles and Adversarial Input Generation for pKVM
Event details
| Date | 22.06.2026 |
| Hour | 13:00 › 15:00 |
| Speaker | Sofiia Saltovskaia |
| Location | |
| Category | Conferences - Seminars |
EDIC candidacy exam
Exam president: Prof. Katerina Argyraki
Thesis advisor: Prof. Mathias Payer
Co-examiner: Prof. Thomas Bourgeat
Abstract
Hypervisors underpin modern confidential computing stacks, yet their exposed interfaces - hypercalls, fault handlers, and device interactions - remain a large and under-tested attack surface. Existing approaches fall short: coverage-driven fuzzers (e.g., HYPERPILL) explore broadly but rely on crash oracles, missing non-crashing vulnerabilities, while specification-based systems (e.g., Ghost) detect semantic violations but constrain input generation and under explore adversarial cases.
This thesis focuses on systematic bug finding in pKVM by combining semantic oracles with coverage-guided, adversarial fuzzing. Executable interface specifications are used to flag behavioral inconsistencies, while mutation-based input generation deliberately produces both valid and model-violating inputs to reach boundary conditions and deep execution paths. The approach further incorporates EL2 coverage feedback and concurrent vCPU sequences to expose bugs such as silent state corruption, ownership violations, and TOCTOU races.
The goal is to uncover security-critical vulnerabilities that evade both crash-based fuzzing and model-constrained testing, particularly in unspecified or adversarial input classes. More broadly, the work aims to establish a practical methodology for bug-driven testing of production hypervisors.
Selected papers
coming soon
Exam president: Prof. Katerina Argyraki
Thesis advisor: Prof. Mathias Payer
Co-examiner: Prof. Thomas Bourgeat
Abstract
Hypervisors underpin modern confidential computing stacks, yet their exposed interfaces - hypercalls, fault handlers, and device interactions - remain a large and under-tested attack surface. Existing approaches fall short: coverage-driven fuzzers (e.g., HYPERPILL) explore broadly but rely on crash oracles, missing non-crashing vulnerabilities, while specification-based systems (e.g., Ghost) detect semantic violations but constrain input generation and under explore adversarial cases.
This thesis focuses on systematic bug finding in pKVM by combining semantic oracles with coverage-guided, adversarial fuzzing. Executable interface specifications are used to flag behavioral inconsistencies, while mutation-based input generation deliberately produces both valid and model-violating inputs to reach boundary conditions and deep execution paths. The approach further incorporates EL2 coverage feedback and concurrent vCPU sequences to expose bugs such as silent state corruption, ownership violations, and TOCTOU races.
The goal is to uncover security-critical vulnerabilities that evade both crash-based fuzzing and model-constrained testing, particularly in unspecified or adversarial input classes. More broadly, the work aims to establish a practical methodology for bug-driven testing of production hypervisors.
Selected papers
coming soon
Practical information
- General public
- Free