A Source-Level Discovery Methodology for Vulnerabilities of Linux Kernel Variables |
Ko Kwangsun
(Sungkyunkwan University)
Kang Yong-hyeog (Far East University) Eom Young Ik (Sungkyunkwan University) Kim Jaekwang (Sungkyunkwan University) |
1 | I. Arce and E. Leby, 'The Rising Threat of Vulnerabilities Due to Integer Errors,' IEEE Security & Privacy, pp. 77-82, Jul./Aug. 2003 |
2 | C. Salter, O. S. Saydjari, B. Schneier, and J. Wallner, 'Toward a Secure System Engineering Methodology,' New Security Paradigms Workshop, Sep. 1998 |
3 | J. J. Tevis and J. A. Hamilton, 'Methods for The Prevention, Detection and Removal of Software Security Vulnerabilities,' Proc. of the 42nd annual Southeast regional conference, Huntsville, Alabama, 2004 |
4 | Secure Programming Lint Specificat ions Lint, http://www.splint.org |
5 | CQual, http://www.cs.umd.edu/~jfoster/ cqual |
6 | C. E. Landwehr, A. R. Bull, J. P. McDermott, and W. S. Choi, 'A Taxonomy of Computer Program Security Flaws,' ACM Computing Surveys, Vol. 26(3), pp. 211-254, 1994 DOI ScienceOn |
7 | K. Jiwnani and M. Zelkowitz, 'Maintaining Software with a Security Perspective,' International Conference on Software Maintenance(ICSM'02), Montreal, Quebec, Canada, Oct. 03-06, 2002 |
8 | T. Jarboui, J. Arlat, Y. Crouzet, and K. Kanoun, 'Experimental Analysis of the Errors Induced into Linux by Three Fault Injection Techniques,' Proc. of the International Conference on Dependable Systems and Networks (DSN'02), 2002 |
9 | S. C. Johnson, 'Yacc: Yet Another Compiler Compiler,' Computing Science Technical Report No. 32, Bell Laboratories, Murray Hill, NJ 07974, 1975 |
10 | T. Jaeger, A. Edwards, and X. Zhang, 'Consistency Analysis of Authorization Hook Placement in the Linux Security Modules Framework,' ACM Transactions on Information and System Security (TISSEC) Vol. 7, Issue 2, pp. 175-205, May 2004 DOI |
11 | SecurityFocus, http://www.securityfocus.com |
12 | K. Ashcraft and D. Engler, 'Using Programmer-Written Compiler Extensions to Catch Security Holes,' Proc. of the 2002 IEEE Symposium on Security and Privacy, IEEE Computer Society, Washington, DC, USA, 2002 |
13 | J. Viega, J. T. Bloch, T. Kohno, and G. McGraw, 'ITS4: A Static Vulnerability Scanner for C and C++ Code,' ACM Transactions on Information and System Security, 2000 |
14 | S. R. Schach, B. Jin, D. R. Wright, G. Z. Heller, and A. J. Offutt, 'Maintainability of the Linux Kernel,' IEE Proc. Software, 2002 |
15 | http://www.jimbrooks.org/web/hypersrc/hypersrc.php |
16 | ITS4, http://www.cigital.com/its4 |
17 | J. S. Foster, M. Fahndrich, and A. Aiken, 'A Theory of Type Qualifiers,' Programming Language Design and Implementation (PLDI'99), pp. 192-203. Atlanta, Georgia. May 1999 |
18 | X. Zhang, A. Edwards, and T. Jaeger, 'Using CQUAL for Static Analysis of Authorization Hook Placement,' Proc. of the 11th USENIX Security Symposium, San Francisco, California, USA, Aug. 5-9, 2002 |
19 | B. Marick, 'A survey of software fault surveys,' Technical Report UIUCDCS-R-90-1651, University of Illinois at Urbana-Chamaign, Dec. 1990 |
20 | J. Viega, J. T. Bloch, T. Kohno, and G, Mcgraw, 'Token-Based Scanning of Source Code for Security Problems,' ACM Transactions on Information and System Security, Vol. 5, No. 3, pp. 238-261, Aug. 2002 DOI |
21 | M. Bishop and D. Bailey, 'A Critical Analysis of Vulnerability Taxonomies,' CSE-96-11, Sep. 1996 |
22 | RATS, http://www.securesoftware.com |
23 | 김재광, 고광선, 조은경, 박제호, 강용혁, 장인숙, 엄영익, '취약 원인에 따른 리눅스 커널 취약성 분류법,' 한국인터넷정보학회 2004 추계학술발표대회논문집, Vol. 5, No. 2, pp. 127-130, Nov. 2004 |
24 | R. Dantu, K. Loper, and P. Kolan, 'Rist Management using Behavior based Attack Graphs,' Proc. of the International Conference on Information Technology: Coding and Computing (ITCC'04), 2004 |
25 | W. Du and A. P. Mathur, 'Testing for Software Vulnerability Using Environment Perturbation,' International Conference on Dependable Systems and Networks (DSN 2000), NY, USA. IEEE Computer Society 2000, pp. 603-612, 25-28 Jun. 2000 |
26 | M. E. Lesk and E. Schmidt, 'lex: A Lexical Analyzer Generator,' UNIX Programmer's Manual, Vol. 2, pp. 388-400. Holt, Rinehart, and Winston, New York, NY, USA, 1979 |
27 | H. Chen and D. Wagner, 'MOPS: an Infrastructure for Examining Security Properties of Software,' Proc. of CCS'02, Washington, DC, USA, Nov. 18-22, 2002 |
28 | D. Engler, B. Chelf, A. Chou, and S. Hallem, 'Checking System Rules Using System-Specific, Programmer-Written Compiler Extensions,' Proc. 4th USENIX OSDI, 2000 |
29 | D. P. Bovet and M. Cesati, Understanding the Linux Kernel, O'Reilly, 2003 |
30 | 장인숙, 남택준, 강정민, 이진석, '공개된 소스레벨 운영체제 취약성 현황 분석,' 한국정보처리학회 추계학술발표대회논문집, Vol. 11, No. 2, 2004 |
31 | M. Bernaschi, E. Gabrielli, and L. V. Mancini, 'Operating System Enhancements to Prevent the Misuse of System Calls,' Proc. of the 7th ACM conference on Computer and communications security, Athens, Greece, ACM Press, NY, USA, pp. 174-183, 2000 |