| dc.contributor.author | Chen, Haogang | |
| dc.contributor.author | Mao, Yandong | |
| dc.contributor.author | Wang, Xi | |
| dc.contributor.author | Zhou, Dong | |
| dc.contributor.author | Zeldovich, Nickolai | |
| dc.contributor.author | Kaashoek, M. Frans | |
| dc.date.accessioned | 2012-09-17T17:29:22Z | |
| dc.date.available | 2012-09-17T17:29:22Z | |
| dc.date.issued | 2011-07 | |
| dc.identifier.isbn | 978-1-4503-1179-3 | |
| dc.identifier.uri | http://hdl.handle.net/1721.1/73008 | |
| dc.description.abstract | Avoiding kernel vulnerabilities is critical to achieving security of many systems, because the kernel is often part of the trusted computing base. This paper evaluates the current state-of-the-art with respect to kernel protection techniques, by presenting two case studies of Linux kernel vulnerabilities. First, this paper presents data on 141 Linux kernel vulnerabilities discovered from January 2010 to March 2011, and second, this paper examines how well state-of-the-art techniques address these vulnerabilities. The main findings are that techniques often protect against certain exploits of a vulnerability but leave other exploits of the same vulnerability open, and that no effective techniques exist to handle semantic vulnerabilities---violations of high-level security invariants. | en_US |
| dc.description.sponsorship | United States. Defense Advanced Research Projects Agency. Clean-slate design of Resilient, Adaptive, Secure Hosts (Contract #N66001-10-2-4089) | en_US |
| dc.language.iso | en_US | |
| dc.publisher | Association for Computing Machinery (ACM) | en_US |
| dc.relation.isversionof | http://dx.doi.org/10.1145/2103799.2103805 | en_US |
| dc.rights | Creative Commons Attribution-Noncommercial-Share Alike 3.0 | en_US |
| dc.rights.uri | http://creativecommons.org/licenses/by-nc-sa/3.0/ | en_US |
| dc.source | MIT web domain | en_US |
| dc.title | Linux Kernel Vulnerabilities: State-of-the-Art Defenses and Open Problems | en_US |
| dc.type | Article | en_US |
| dc.identifier.citation | Haogang Chen, Yandong Mao, Xi Wang, Dong Zhou, Nickolai Zeldovich, and M. Frans Kaashoek. 2011. Linux kernel vulnerabilities: state-of-the-art defenses and open problems. In Proceedings of the Second Asia-Pacific Workshop on Systems (APSys '11). ACM, New York, NY, USA, , Article 5 , 5 pages. | en_US |
| dc.contributor.department | Massachusetts Institute of Technology. Computer Science and Artificial Intelligence Laboratory | en_US |
| dc.contributor.department | Massachusetts Institute of Technology. Department of Electrical Engineering and Computer Science | en_US |
| dc.contributor.approver | Kaashoek, M. Frans | |
| dc.contributor.mitauthor | Chen, Haogang | |
| dc.contributor.mitauthor | Mao, Yandong | |
| dc.contributor.mitauthor | Wang, Xi | |
| dc.contributor.mitauthor | Zeldovich, Nickolai | |
| dc.contributor.mitauthor | Kaashoek, M. Frans | |
| dc.relation.journal | Proceedings of the Second Asia-Pacific Workshop on Systems (APSys '11) | en_US |
| dc.eprint.version | Author's final manuscript | en_US |
| dc.type.uri | http://purl.org/eprint/type/ConferencePaper | en_US |
| dspace.orderedauthors | Chen, Haogang; Mao, Yandong; Wang, Xi; Zhou, Dong; Zeldovich, Nickolai; Kaashoek, M. Frans | en |
| dc.identifier.orcid | https://orcid.org/0000-0003-0238-2703 | |
| dc.identifier.orcid | https://orcid.org/0000-0002-2898-1686 | |
| dc.identifier.orcid | https://orcid.org/0000-0001-7098-586X | |
| mit.license | OPEN_ACCESS_POLICY | en_US |
| mit.metadata.status | Complete | |
