By Topic

A methodology for finding source-level vulnerabilities of the Linux kernel variables

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

2 Author(s)
Jaekwang Kim ; Dept. of Electr. & Comput. Eng., Sungkyunkwan Univ., Suwon ; Lee, Jee-Hyong

Linux kernel provides several advantages to system developers and is widely used as an operating system in a variety of systems, including embedded systems, access routers and servers. These advantages are due to the fact that the Linux kernel is publicly available, however, this feature of openness can have negative impacts on system security. If an attacker wished to exploit Linux-based systems, the attacker could easily do so by finding and abusing the vulnerabilities of the systemspsila Linux kernel sources. There are several methods available that can find source-level vulnerabilities, but they are not always suitable for the Linux kernel. In this paper, we propose a two-step Onion mechanism as a methodology to find source-level vulnerabilities of the Linux kernel variables. The first step of the Onion mechanism is to select variables that may be vulnerable by exploiting their usage patterns. The second step is to inspect the vulnerabilities of the selected variables by making and analyzing system call trees. We also evaluate our proposed methodology by applying it to two well-known source-level vulnerabilities.

Published in:

Neural Networks, 2008. IJCNN 2008. (IEEE World Congress on Computational Intelligence). IEEE International Joint Conference on

Date of Conference:

1-8 June 2008