Paper Info
Title
Linux kernel vulnerabilities: state-of-the-art defenses and open problems
Abstract
Avoiding kernel vulnerabilities is critical to achieving security of many systems, because the kernel is often part of the trusted computing base. This paper evaluates the current state-of-the-art with respect to kernel protection techniques, by presenting two case studies of Linux kernel vulnerabilities. First, this paper presents data on 141 Linux kernel vulnerabilities discovered from January 2010 to March 2011, and second, this paper examines how well state-of-the-art techniques address these vulnerabilities. The main findings are that techniques often protect against certain exploits of a vulnerability but leave other exploits of the same vulnerability open, and that no effective techniques exist to handle semantic vulnerabilities---violations of high-level security invariants.
Year
DOI
Venue
2011
10.1145/2103799.2103805
ApSys
Keywords
Field
DocType
semantic vulnerability,open problem,effective technique,state-of-the-art technique,state-of-the-art defenses,certain exploit,linux kernel vulnerability,kernel protection technique,case study,high-level security invariants,linux kernel,kernel vulnerability,trusted computing base,regression testing,linux,web servers
Kernel (linear algebra),Computer science,Computer security,Exploit,Regression testing,Trusted computing base,Secure coding,Operating system,Vulnerability,Linux kernel,Web server
Conference
Citations 
PageRank 
References 
42
1.61
16
Authors
6
Name
Order
Citations
PageRank
Haogang Chen128314.72
Yandong Mao247521.48
Xi Wang354029.04
Dong Zhou41145.06
Nickolai Zeldovich52377126.15
M. Frans Kaashoek6155581966.90