Browse > Article
http://dx.doi.org/10.13089/JKIISC.2005.15.6.13

A Source-Level Discovery Methodology for Vulnerabilities of Linux Kernel Variables  

Ko Kwangsun (Sungkyunkwan University)
Kang Yong-hyeog (Far East University)
Eom Young Ik (Sungkyunkwan University)
Kim Jaekwang (Sungkyunkwan University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.15, no.6, 2005 , pp. 13-25 More about this Journal
Abstract
In these days, there are various uses of Linux such as small embedded systems, routers, and huge servers, because Linux gives several advantages to system developers by allowing to use the open source code of the Linux kernel. On the other hand, the open source nature of the Linux kernel gives a bad influence on system security. If someone wants to exploit Linux-based systems, the attacker can easily do it by finding vulnerabilities of their Linux kernel sources. There are many kinds of existing methods for lading source-level vulnerabilities of softwares, but they are not suitable for finding source-level vulnerabilities of the Linux kernel which has an enormous amount of source code. In this paper, we propose the Onion mechanism as a methodology of finding source-level vulnerabilities of Linux kernel variables. The Onion mechanism is made up of two steps. The Int step is to select variables that may be vulnerable by using pattern matching mechanism and the second step is to inspect vulnerability of each selected variable by constructing and analyzing the system call trees. We also evaluate our proposed methodology by applying it to two well-known source-level vulnerabilities.
Keywords
Linux Kernel; Vulnerability; Source-Level Discovery Methodology;
Citations & Related Records
연도 인용수 순위
  • Reference
1 I. Arce and E. Leby, 'The Rising Threat of Vulnerabilities Due to Integer Errors,' IEEE Security & Privacy, pp. 77-82, Jul./Aug. 2003
2 C. Salter, O. S. Saydjari, B. Schneier, and J. Wallner, 'Toward a Secure System Engineering Methodology,' New Security Paradigms Workshop, Sep. 1998
3 J. J. Tevis and J. A. Hamilton, 'Methods for The Prevention, Detection and Removal of Software Security Vulnerabilities,' Proc. of the 42nd annual Southeast regional conference, Huntsville, Alabama, 2004
4 Secure Programming Lint Specificat ions Lint, http://www.splint.org
5 CQual, http://www.cs.umd.edu/~jfoster/ cqual
6 C. E. Landwehr, A. R. Bull, J. P. McDermott, and W. S. Choi, 'A Taxonomy of Computer Program Security Flaws,' ACM Computing Surveys, Vol. 26(3), pp. 211-254, 1994   DOI   ScienceOn
7 K. Jiwnani and M. Zelkowitz, 'Maintaining Software with a Security Perspective,' International Conference on Software Maintenance(ICSM'02), Montreal, Quebec, Canada, Oct. 03-06, 2002
8 T. Jarboui, J. Arlat, Y. Crouzet, and K. Kanoun, 'Experimental Analysis of the Errors Induced into Linux by Three Fault Injection Techniques,' Proc. of the International Conference on Dependable Systems and Networks (DSN'02), 2002
9 S. C. Johnson, 'Yacc: Yet Another Compiler Compiler,' Computing Science Technical Report No. 32, Bell Laboratories, Murray Hill, NJ 07974, 1975
10 T. Jaeger, A. Edwards, and X. Zhang, 'Consistency Analysis of Authorization Hook Placement in the Linux Security Modules Framework,' ACM Transactions on Information and System Security (TISSEC) Vol. 7, Issue 2, pp. 175-205, May 2004   DOI
11 SecurityFocus, http://www.securityfocus.com
12 K. Ashcraft and D. Engler, 'Using Programmer-Written Compiler Extensions to Catch Security Holes,' Proc. of the 2002 IEEE Symposium on Security and Privacy, IEEE Computer Society, Washington, DC, USA, 2002
13 J. Viega, J. T. Bloch, T. Kohno, and G. McGraw, 'ITS4: A Static Vulnerability Scanner for C and C++ Code,' ACM Transactions on Information and System Security, 2000
14 S. R. Schach, B. Jin, D. R. Wright, G. Z. Heller, and A. J. Offutt, 'Maintainability of the Linux Kernel,' IEE Proc. Software, 2002
15 http://www.jimbrooks.org/web/hypersrc/hypersrc.php
16 ITS4, http://www.cigital.com/its4
17 J. S. Foster, M. Fahndrich, and A. Aiken, 'A Theory of Type Qualifiers,' Programming Language Design and Implementation (PLDI'99), pp. 192-203. Atlanta, Georgia. May 1999
18 X. Zhang, A. Edwards, and T. Jaeger, 'Using CQUAL for Static Analysis of Authorization Hook Placement,' Proc. of the 11th USENIX Security Symposium, San Francisco, California, USA, Aug. 5-9, 2002
19 B. Marick, 'A survey of software fault surveys,' Technical Report UIUCDCS-R-90-1651, University of Illinois at Urbana-Chamaign, Dec. 1990
20 J. Viega, J. T. Bloch, T. Kohno, and G, Mcgraw, 'Token-Based Scanning of Source Code for Security Problems,' ACM Transactions on Information and System Security, Vol. 5, No. 3, pp. 238-261, Aug. 2002   DOI
21 M. Bishop and D. Bailey, 'A Critical Analysis of Vulnerability Taxonomies,' CSE-96-11, Sep. 1996
22 RATS, http://www.securesoftware.com
23 김재광, 고광선, 조은경, 박제호, 강용혁, 장인숙, 엄영익, '취약 원인에 따른 리눅스 커널 취약성 분류법,' 한국인터넷정보학회 2004 추계학술발표대회논문집, Vol. 5, No. 2, pp. 127-130, Nov. 2004
24 R. Dantu, K. Loper, and P. Kolan, 'Rist Management using Behavior based Attack Graphs,' Proc. of the International Conference on Information Technology: Coding and Computing (ITCC'04), 2004
25 W. Du and A. P. Mathur, 'Testing for Software Vulnerability Using Environment Perturbation,' International Conference on Dependable Systems and Networks (DSN 2000), NY, USA. IEEE Computer Society 2000, pp. 603-612, 25-28 Jun. 2000
26 M. E. Lesk and E. Schmidt, 'lex: A Lexical Analyzer Generator,' UNIX Programmer's Manual, Vol. 2, pp. 388-400. Holt, Rinehart, and Winston, New York, NY, USA, 1979
27 H. Chen and D. Wagner, 'MOPS: an Infrastructure for Examining Security Properties of Software,' Proc. of CCS'02, Washington, DC, USA, Nov. 18-22, 2002
28 D. Engler, B. Chelf, A. Chou, and S. Hallem, 'Checking System Rules Using System-Specific, Programmer-Written Compiler Extensions,' Proc. 4th USENIX OSDI, 2000
29 D. P. Bovet and M. Cesati, Understanding the Linux Kernel, O'Reilly, 2003
30 장인숙, 남택준, 강정민, 이진석, '공개된 소스레벨 운영체제 취약성 현황 분석,' 한국정보처리학회 추계학술발표대회논문집, Vol. 11, No. 2, 2004
31 M. Bernaschi, E. Gabrielli, and L. V. Mancini, 'Operating System Enhancements to Prevent the Misuse of System Calls,' Proc. of the 7th ACM conference on Computer and communications security, Athens, Greece, ACM Press, NY, USA, pp. 174-183, 2000