Abstract | ||
---|---|---|
Avoiding kernel vulnerabilities is critical to achieving security of many systems, because the kernel is often part of the trusted computing base. This paper evaluates the current state-of-the-art with respect to kernel protection techniques, by presenting two case studies of Linux kernel vulnerabilities. First, this paper presents data on 141 Linux kernel vulnerabilities discovered from January 2010 to March 2011, and second, this paper examines how well state-of-the-art techniques address these vulnerabilities. The main findings are that techniques often protect against certain exploits of a vulnerability but leave other exploits of the same vulnerability open, and that no effective techniques exist to handle semantic vulnerabilities---violations of high-level security invariants. |
Year | DOI | Venue |
---|---|---|
2011 | 10.1145/2103799.2103805 | ApSys |
Keywords | Field | DocType |
semantic vulnerability,open problem,effective technique,state-of-the-art technique,state-of-the-art defenses,certain exploit,linux kernel vulnerability,kernel protection technique,case study,high-level security invariants,linux kernel,kernel vulnerability,trusted computing base,regression testing,linux,web servers | Kernel (linear algebra),Computer science,Computer security,Exploit,Regression testing,Trusted computing base,Secure coding,Operating system,Vulnerability,Linux kernel,Web server | Conference |
Citations | PageRank | References |
42 | 1.61 | 16 |
Authors | ||
6 |
Name | Order | Citations | PageRank |
---|---|---|---|
Haogang Chen | 1 | 283 | 14.72 |
Yandong Mao | 2 | 475 | 21.48 |
Xi Wang | 3 | 540 | 29.04 |
Dong Zhou | 4 | 114 | 5.06 |
Nickolai Zeldovich | 5 | 2377 | 126.15 |
M. Frans Kaashoek | 6 | 15558 | 1966.90 |