A methodology for finding source-level vulnerabilities of the Linux kernel variables

Linux kernel provides several advantages to system developers and is widely used as an operating system in a variety of systems, including embedded systems, access routers and servers. These advantages are due to the fact that the Linux kernel is publicly available, however, this feature of openness can have negative impacts on system security. If an attacker wished to exploit Linux-based systems, the attacker could easily do so by finding and abusing the vulnerabilities of the systemspsila Linux kernel sources. There are several methods available that can find source-level vulnerabilities, but they are not always suitable for the Linux kernel. In this paper, we propose a two-step Onion mechanism as a methodology to find source-level vulnerabilities of the Linux kernel variables. The first step of the Onion mechanism is to select variables that may be vulnerable by exploiting their usage patterns. The second step is to inspect the vulnerabilities of the selected variables by making and analyzing system call trees. We also evaluate our proposed methodology by applying it to two well-known source-level vulnerabilities.

[1]  Ram Dantu,et al.  Risk management using behavior based attack graphs , 2004, International Conference on Information Technology: Coding and Computing, 2004. Proceedings. ITCC 2004..

[2]  Dawson R. Engler,et al.  Checking system rules using system-specific, programmer-written compiler extensions , 2000, OSDI.

[3]  Bruce Schneier,et al.  Toward a secure system engineering methodolgy , 1998, NSPW '98.

[4]  Alexander Aiken,et al.  A theory of type qualifiers , 1999, PLDI '99.

[5]  Dave Ahmad The Rising Threat of Vulnerabilities Due to Integer Errors , 2003, IEEE Secur. Priv..

[6]  John A. Hamilton,et al.  Methods for the prevention, detection and removal of software security vulnerabilities , 2004, ACM-SE 42.

[7]  Gary McGraw,et al.  ITS4: a static vulnerability scanner for C and C++ code , 2000, Proceedings 16th Annual Computer Security Applications Conference (ACSAC'00).

[8]  Stephen R. Schach,et al.  Maintainability of the Linux kernel , 2002, IEE Proc. Softw..

[9]  Massimo Bernaschi,et al.  Operating system enhancements to prevent the misuse of system calls , 2000, CCS.

[10]  Carl E. Landwehr,et al.  A taxonomy of computer program security flaws , 1993, CSUR.

[11]  Dawson R. Engler,et al.  Using programmer-written compiler extensions to catch security holes , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[12]  Wenliang Du,et al.  Testing for software vulnerability using environment perturbation , 2000, Proceeding International Conference on Dependable Systems and Networks. DSN 2000.

[13]  David A. Wagner,et al.  MOPS: an infrastructure for examining security properties of software , 2002, CCS '02.

[14]  Trent Jaeger,et al.  Using CQUAL for Static Analysis of Authorization Hook Placement , 2002, USENIX Security Symposium.

[15]  Jean Arlat,et al.  Experimental analysis of the errors induced into Linux by three fault injection techniques , 2002, Proceedings International Conference on Dependable Systems and Networks.

[16]  Tadayoshi Kohno,et al.  Token-based scanning of source code for security problems , 2002, TSEC.

[17]  Matt Bishop,et al.  A Critical Analysis of Vulnerability Taxonomies , 1996 .

[18]  Marvin V. Zelkowitz,et al.  Maintaining software with a security perspective , 2002, International Conference on Software Maintenance, 2002. Proceedings..