Browse > Article
http://dx.doi.org/10.13089/JKIISC.2005.15.3.91

Characteristic Classification and Correlational Analysis of Source-level Vulnerabilities in Linux Kernel  

Ko Kwangsun (Sungkyunkwan University)
Jang In-Sook (National Security Research Institute)
Kang Yong-hyeog (Far East University)
Lee Jin-Seok (National Security Research Institute)
Eom Young Ik (Sungkyunkwan University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.15, no.3, 2005 , pp. 91-101 More about this Journal
Abstract
Although the studies on the analysis and classification of source-level vulnerabilities in operating systems are not direct and positive solutions to the exploits with which the host systems are attacked, It is important in that those studies can give elementary technologies in the development of security mechanisms. But, whereas Linux systems are widely used in Internet and intra-net environments recently, the information on the basic and fundamental vulnerabilities inherent in Linux systems has not been studied enough. In this paper, we propose characteristic classification and correlational analyses on the source-level vulnerabilities in Linux kernel that are opened to the public and listed in the SecurityFocus site for 6 years from 1999 to 2004. This study may contribute to expect the types of attacks, analyze the characteristics of the attacks abusing vulnerabilities, and verify the modules of the kernel that have critical vulnerabilities.
Keywords
source-level vulnerability; Linux kernel;
Citations & Related Records
연도 인용수 순위
  • Reference
1 B. Marick, 'A survey of software fault surveys,' Technical Report UIUCDCSR90- 1651, University of Illinois at Urbana-Chamaign, Dec. 1990
2 K. Jiwnani and M. Zelkowitz, 'Maintaining Software with a Security Perspective,' International Conference on Software Maintenance (ICSM'02), Montreal, Quebec, Canada, Oct. 03-06, 2002
3 http://www.garlic.com/~lynn/secure.htm
4 B. Marick, 'A survey of software fault surveys', Technical Report UIUCDCS -R-90-1651, University of Illinois at Urbana-Champaign, Dec. 1990
5 R. Chillarege, 'ODC for Process Measurement, Analysis and Control,' Proc. of the Fourth International Conference on Software Quality, ASQC Software Division, McLean, VA, USA, Oct. 3-5, 1994
6 R. Chillarege, I. S. Bhandari, J. K. Chaar, M. J. Halliday, D. S. Moebus, B. K. Ray, Man-Yuen Wong, 'Orthogonal Defect Classification - A Concept for In-Process Measurements,' IEEE Transactions on Software Engineering, Vol. 18, No. 11, Nov. 1992
7 M. Bishop, 'A Taxonomy of UNIX System and Network Vulnerabilities,' Technical Report CSE-95-10, Purdue University, May 1995
8 박태규, 임연호, '커널 기반의 보안 리눅스 운영체제 구현,' 한국정보보호학회, 정보보호학회 논문지, Vol. 11, No. 4, Aug. 2001
9 W. Du and A. P. Mathur, 'Categorization of Software Errors that led to Security Breaches,' Proc. of the 21st National Information Systems Security Conference (NISSC'98), Crystal City, VA, USA, 1998
10 T. Aslam, 'A taxonomy of Security Faults in the Unix Operating System,' M.S. Thesis, Purdue University, 1995
11 http://www.securityfocus.com
12 D. P. Bovet and M. Cesati, Understanding the Linux Kernel 2nd Ed., O'REILLY
13 C. E. Landwehr, A. R. Bull, J. P. McDermott, and W. S. Choi, 'A Taxonomy of Computer Program Security Flaws,' ACM Computing Surveys, Vol. 26, No. 3, 1994
14 A. Rubini and J. Corbet, Linux Device Drivers 2nd Ed., O'REILLY
15 T. Aslam, 'Use of a taxonomy of Security Faults,' Technical Report 96-05, COAST Laboratory, Department of Computer Science, Purdue University, Mar. 1996