Student Spotlight: Alexander Bulekov (CE PhD ‘24)
Bulekov’s work catches software bugs before they make it into major releases; receives USENIX Security Distinguished Paper Award
Millions around the world had their Windows systems unexpectedly stop working in July 2024. One of the largest IT outages in history, costing U.S. Fortune 500 companies $5.4 billion, was caused by a faulty software update from CrowdStrike, one of Microsoft’s security vendors.
HyperPill, a new fuzzing technique developed by a team spearheaded by researchers from Boston University’s Security Lab (SeclaBU) was developed with the goal of preventing bugs like the one from CrowdStrike. Fuzzing allows a system to be tested before it is released to the public to check for bugs or other issues. HyperPill targets so-called hypervisors which are the foundation of all cloud computing installations.
The paper explaining this research from lead-author Alexander Bulekov (CE PhD ‘24), Professor Manuel Egele (ENG), and researchers from École Polytechnique Fédérale de Lausanne won the Distinguished Paper award at the USENIX Security Symposium, where SeclaBU had five papers published. As a top security venue, 2,276 papers were submitted to USENIX, but only 417 were accepted.
In a recent interview with the Hariri Institute, Bulekov explained his research and described what separates HyperPill from other fuzzing techniques.
“We’ve run it continuously so we can catch bugs before they make it into major releases, which happen every couple months.” Bulekov explained. “As soon as we get that report, HyperPill can track a bug that could have potentially been exploited by somebody, but it never was, because it never made it into release.”
HyperPill uses an emulation-based approach that allows it to test various hypervisors like KVM, Hyper-V, and macOS. It can run on full system snapshots, meaning it can take a “picture” of a hypervisor at any given moment to check for bugs, without forcing the system to shut down, and it can do this continuously. This enables rapid testing and identification of issues such as denial of service (DoS) attacks and memory corruptions. The tool is valuable for enhancing the security of cloud services and other hypervisor-based systems.
The research team has also open-sourced HyperPill. By making it open-source, HyperPill can be more widely adopted and used by researchers, IT teams, and cloud providers. This increased usage could lead to the discovery of more bugs and vulnerabilities in hypervisors across different cloud platforms, making hypervisors more secure.
While studying at Boston University, Bulekov interned at Red Hat and extremely enjoyed his time there, praising the partnership between academia and industry that most other companies and universities do not experience.
“My experience with Red Hat was nothing short of amazing.” Bulekov said. “What I really liked about being able to intern at Red Hat was that I could focus on my research. One big problem in academia is that we work separately from industry, whereas with Red Hat I had access to engineers who could guide me on how to make code look neater, for example, and I thought that was a very valuable experience in the sense that it wasn’t just a one-off academic project.”
Bulekov ended by touching upon the future of his research with hypervisors, saying that revolutions with AI will not make hypervisors obsolete. He says it will take time before AI can write its own hypervisor code, and in that time more powerful tools will be needed to combat more powerful attacks, both deliberate and unintentional.
“Hypervisors are here to stay. Even with all the artificial intelligence advancements, AI will still run on top of a hypervisor.”