Linux Kernel Vulnerabilities: State-of-the-Art Defenses and Open Problems

Author(s)

Chen, Haogang; Mao, Yandong; Wang, Xi; Zhou, Dong; Zeldovich, Nickolai; Kaashoek, M. Frans; ... Show more Show less

Abstract

Avoiding kernel vulnerabilities is critical to achieving security of many systems, because the kernel is often part of the trusted computing base. This paper evaluates the current state-of-the-art with respect to kernel protection techniques, by presenting two case studies of Linux kernel vulnerabilities. First, this paper presents data on 141 Linux kernel vulnerabilities discovered from January 2010 to March 2011, and second, this paper examines how well state-of-the-art techniques address these vulnerabilities. The main findings are that techniques often protect against certain exploits of a vulnerability but leave other exploits of the same vulnerability open, and that no effective techniques exist to handle semantic vulnerabilities---violations of high-level security invariants.

Date issued

2011-07

URI

http://hdl.handle.net/1721.1/73008

Department

Massachusetts Institute of Technology. Computer Science and Artificial Intelligence Laboratory
Massachusetts Institute of Technology. Department of Electrical Engineering and Computer Science

Journal

Proceedings of the Second Asia-Pacific Workshop on Systems (APSys '11)

Publisher

Association for Computing Machinery (ACM)

Citation

Haogang Chen, Yandong Mao, Xi Wang, Dong Zhou, Nickolai Zeldovich, and M. Frans Kaashoek. 2011. Linux kernel vulnerabilities: state-of-the-art defenses and open problems. In Proceedings of the Second Asia-Pacific Workshop on Systems (APSys '11). ACM, New York, NY, USA, , Article 5 , 5 pages.

Version: Author's final manuscript

ISBN

978-1-4503-1179-3