Workshop: First International Workshop on Cyber Security in High Performance Computing (S-HPC 2022)
Authors: Vincent Weaver (University of Maine)
Abstract: All modern computer systems, including supercomputers, are vulnerable to a wide variety of security exploits. Performance analysis tools are an often overlooked source of vulnerabilities. Performance measurement interfaces can have security issues that lead to information leakage, denial of service attacks, and possibly even full system compromise. Desktop systems can mitigate risk by disabling performance interfaces, but that is not always possible on HPC systems where performance (and thus measurement) is paramount. We investigate various ways of finding security issues in the performance measurement stack. We introduce the perf_fuzzer, a tool that methodically finds bugs in the Linux perf_event_open() system call. We also discuss the perf data fuzzer which looks for userspace bugs in the perf analysis tool. We describe the development of the fuzzing tools, examine the bugs found, and discuss ways to prevent such bugs from occurring in the future.