SpringerLink
Log in

Taxonomy of Linux Kernel Vulnerability Solutions

  • Conference paper
Innovative Techniques in Instruction Technology, E-learning, E-assessment, and Education

Abstract

This paper presents the results of a case study on software vulnerability solutions in the Linux kernel. Our major contribution is the introduction of a classification of methods used to solve vulnerabilities. Our research shows that error handling, redesign, and precondition validation are the most used methods in solving vulnerabilities in the Linux kernel. This contribution is accompanied with statistics on the occurrence of the different types of vulnerabilities and their solutions that we observed during our case study, combined with example source code patches. We also combine our findings with existing programming guidelines to create the first security-oriented coding guidelines for the Linux kernel.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
EUR 32.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or Ebook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 169.00
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 219.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free ship** worldwide - see info
Hardcover Book
USD 219.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free ship** worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. AusCERT. Secure unix programming checklist, 1996. http://www. auscert.org.au/render.html?it=1975.

  2. BitKeeper. Bitkeeper, 2005. http://linux.bkbits.net/.

  3. Bugtraq. Bugtraq, 2005. http://groups.google.ca/group/mailing.unix. bugtraq and http://www.securityfocus.com/archive/1.

  4. CERT. Cert advisories, 2005. http://www.us-cert.gov/cas/techalerts/ index.html.

  5. Shuo Chen, Zbigniew Kalbarczyk, Jun Xu, Ravishankar, and K. Iyer. A data-driven finite state machine model for analyzing security vulnerabilities. In 2003 International Conference on Dependable Systems and Networks (DSN’03), page 605. IEEE, 2003.

    Google Scholar 

  6. Various Contributors. Linux Kernel Mailing List Archives via Google. 2005. http://groups.google.com/groups?q=linux+kernel.

  7. Debian. The debian’s svn repository, 2005. http://svn.debian.org/wsvn/ kernel/.

  8. Dawson Engler, Benjamin Chelf, Andy Chou, and Seth Hallem. Checking system rules using system-specific, programmer-written compiler extensions. In Proceedings of OSDI 2000. Usenix, 2000.

    Google Scholar 

  9. David Evans and David Larochelle. Improving security using extensible lightweight static analysis. IEEE Software, Jan/Feb 2002.

    Google Scholar 

  10. Steve Hamm. Linux inc. BusinessWeek Online, 01 2001. http://www. businessweek.com/magazine/content/05 05/b3918001 mz001.htm.

  11. Brian Hatch, James Lee, and George Kurtz. Hacking Exposed Linux, 2nd Edition. McGraw-Hill Osborne Media, 2002.

    Google Scholar 

  12. Simon Horman. Ultra monkey: Kernel security bug database, 2005. http://www.ultramonkey.org/bugs/cve/.

  13. M. Howard and D. LeBlanc. Writing Secure Code, 2nd edition. Microsoft Press, 2002.

    Google Scholar 

  14. **e Huagang. Lids: Linux intrusion detection system. http://www.lids. org/.

  15. Jack Koziol, David Litchfield, Dave Aitel, Chris Anley, Sinan“noir”Eren, Neel Mehta, and Riley Hassell. The Shellcoder’s Handbook : Discovering and Exploiting Security Holes. John Wiley & Sons, 2004.

    Google Scholar 

  16. Macadamian. Macadamian’s code review checklist. http://www.macadamian.com/index.php?option=com content&task= view&id=27&Itemid=31.

  17. D. Mackenzie, P. Eggert, and R. Stallman. Comparing and Merging Files. Free Software Foundation, 2002. http://www.gnu.org/software/ diffutils/manual/ps/diff.ps.gz.

  18. Scott Mann, Ellen Mitchell, and Mitchell Krell. Linux System Security. Pearson Education, 2002.

    Google Scholar 

  19. Sun Microsystems. Security code guidelines, 2000. http://java.sun.com/ security/seccodeguide.html.

  20. NIST. National vulnerability database, 2005. http://nvd.nist.gov/.

  21. NIST. National vulnerability database statistics, 2005. http://nvd.nist. gov/statistics.cfm.

  22. OpenWall. Openwall gnu/*/linux (owl) -a security-enhanced server platform. http://www.openwall.com/Owl/.

  23. Marc-André Laverdière-Papineau. Towards Systematic Software Security Hardening. Master’s thesis, Concordia Institute for Information Systems Engineering, Concordia University, August 2007.

    Google Scholar 

  24. B. Schwarz, Hao Chen, D. Wagner, J. Lin, Wei Tu, G. Morrison, and J. West. Model checking an entire linux distribution for security violations. In Proceedings of the 21st Annual Computer Security Applications Conference, pages 13–22. IEEE, 2005.

    Google Scholar 

  25. R. Seacord. Secure Coding in C and C++. SEI Series. Addison-Wesley, 2005.

    Google Scholar 

  26. Adam Shostack. Security code review guidelines, 2004. http://www. homeport.org/ adam/review.html.

  27. Stephen Smalley, Chris Vance, and Wayne Salamon. Implementing selinux as a linux security module. http://www.nsa.gov/selinux/papers/ module.pdf.

  28. Visual Studio Team System. Guidelines for writing secure code. http://msdn2.microsoft.com/en-us/library/ms182020.aspx.

  29. Linus Torvalds. Linux kernel coding style. http://www.llnl.gov/linux/ slurm/coding style.pdf.

  30. Dimitri van Heesch. doxygen Manual for version 1.4.6. Doxygen, 2004. ftp://ftp.stack.nl/pub/users/dimitri/doxygen manual-1.4.6.pdf.zip.

  31. Steven J. Vaughan-Nichols. Linux server market share keeps growing. Linux-Watch Online, May 2007. http://www.linux-watch.com/news/ NS5369154346.html.

  32. D. Wheeler. Unix and linux secure coding howto, 2003.

    Google Scholar 

  33. R. Wita and Y. Teng-Amnuay. Vulnerability profile for linux. In Proceedings of the 19th International Conference on Advanced Information Networking and Applications, pages 953–958. IEEE, 2005.

    Google Scholar 

  34. C. Wright, C. Cowan, J. Morris, S. Smalley, and G. Kroah-hartman. Linux security modules: General security support for the linux kernel, 2002.

    Google Scholar 

  35. Chris Wright. OOPS Linux Kernel Security Patches in the GIT Repository. 2005.http://www.kernel.org/git/?p=linux/kernel/git/chrisw/ stable-queue.git;a=tree.

  36. Various Contributors and GNU Project. GNU Compiler Collection (GCC). Free Software Foundation, Inc., 1998-2005. http://gcc.gnu.org/onlinedocs/gcc/

Download references

Author information

Authors and Affiliations

  1. Computer Security Laboratory Concordia Institute for Information Systems Engineering, Concordia University, Montreal, Quebec, Canada Montreal

    Serguei A. Mokhov, Marc-André Laverdière & Djamel Benredjem

Authors
  1. Serguei A. Mokhov
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Marc-André Laverdière
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Djamel Benredjem
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Civil Engineering, Polytechnic Institute of New York University, 333 Jay Street, Brooklyn, NY 11201, USA

    Magued Iskander

Rights and permissions

Reprints and permissions

Copyright information

© 2008 Springer Science+Business Media B.V.

About this paper

Cite this paper

Mokhov, S.A., Laverdière, MA., Benredjem, D. (2008). Taxonomy of Linux Kernel Vulnerability Solutions. In: Iskander, M. (eds) Innovative Techniques in Instruction Technology, E-learning, E-assessment, and Education. Springer, Dordrecht. https://doi.org/10.1007/978-1-4020-8739-4_86

Download citation

  • DOI: https://doi.org/10.1007/978-1-4020-8739-4_86

  • Publisher Name: Springer, Dordrecht

  • Print ISBN: 978-1-4020-8738-7

  • Online ISBN: 978-1-4020-8739-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation