Detecting Kernel Vulnerabilities During the Development Phase

2015 IEEE 2nd International Conference on Cyber Security and Cloud Computing Pub Date : 2015-11-03 DOI:10.1109/CSCloud.2015.91

N. Zaidenberg, E. Khen

{"title":"Detecting Kernel Vulnerabilities During the Development Phase","authors":"N. Zaidenberg, E. Khen","doi":"10.1109/CSCloud.2015.91","DOIUrl":null,"url":null,"abstract":"Testing is one of the major problems in Linux kernel development cycle. Security analysis and ensuring no new vulnerabilities has been introduced is one of the toughest issues of testing. Kernel developers attempt to find as many security issues as possible before merging with the mainline branch. Failure to detect vulnerabilities will result in vulnerable kernel shipped by distribution and vulnerable systems. The kernel developers can choose between several industrial and open source tools to assist in the development process and shorten the development cycle. (Though not as many as user space developers. Kernel tools are limited and rare compared to user space tools) Some of these tools are used to test the reliability of the kernel and detect kernel vulnerabilities. Unfortunately, these tools are not sufficient! LgDb was introduced in [1], [2] in our previous work. LgDb is a proof-of-concept tool that was presented as an innovative framework for kernel profiling, code coverage and simulations. LgDb runs the inspected kernel on a para virtual environment based on Lguest. Most existing tools limitations stem from the nature of the task. A user space tool cannot inspect the kernel on which it runs on. By using virtualization LgDb eliminates most of the existing tools limitations. As far as the host is concerned LgDb runs as a user process and the need for complex kernel space tools is alleviated. In this work we will present an extension to LgDb in order to detect kernel security vulnerabilities. The vulnerabilities detection process is not automatic. However, LgDb allows the developer test the code during the development, similarly to a debugger. The vulnerabilities types that LgDb addresses are proved to be lacking efficient automatic detection tools and manifested in several kernel vulnerabilities.","PeriodicalId":278090,"journal":{"name":"2015 IEEE 2nd International Conference on Cyber Security and Cloud Computing","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2015-11-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"7","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2015 IEEE 2nd International Conference on Cyber Security and Cloud Computing","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CSCloud.2015.91","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 7

Abstract

Testing is one of the major problems in Linux kernel development cycle. Security analysis and ensuring no new vulnerabilities has been introduced is one of the toughest issues of testing. Kernel developers attempt to find as many security issues as possible before merging with the mainline branch. Failure to detect vulnerabilities will result in vulnerable kernel shipped by distribution and vulnerable systems. The kernel developers can choose between several industrial and open source tools to assist in the development process and shorten the development cycle. (Though not as many as user space developers. Kernel tools are limited and rare compared to user space tools) Some of these tools are used to test the reliability of the kernel and detect kernel vulnerabilities. Unfortunately, these tools are not sufficient! LgDb was introduced in [1], [2] in our previous work. LgDb is a proof-of-concept tool that was presented as an innovative framework for kernel profiling, code coverage and simulations. LgDb runs the inspected kernel on a para virtual environment based on Lguest. Most existing tools limitations stem from the nature of the task. A user space tool cannot inspect the kernel on which it runs on. By using virtualization LgDb eliminates most of the existing tools limitations. As far as the host is concerned LgDb runs as a user process and the need for complex kernel space tools is alleviated. In this work we will present an extension to LgDb in order to detect kernel security vulnerabilities. The vulnerabilities detection process is not automatic. However, LgDb allows the developer test the code during the development, similarly to a debugger. The vulnerabilities types that LgDb addresses are proved to be lacking efficient automatic detection tools and manifested in several kernel vulnerabilities.

查看原文本刊更多论文

在开发阶段检测内核漏洞

测试是Linux内核开发周期中的主要问题之一。安全性分析和确保没有引入新的漏洞是测试中最棘手的问题之一。内核开发人员试图在与主线分支合并之前找到尽可能多的安全问题。检测漏洞失败将导致发行版发布的易受攻击的内核和易受攻击的系统。内核开发人员可以在几个工业和开源工具之间进行选择，以帮助开发过程并缩短开发周期。(虽然没有用户空间开发者那么多。与用户空间工具相比，内核工具是有限和罕见的)其中一些工具用于测试内核的可靠性和检测内核漏洞。不幸的是，这些工具是不够的!在我们之前的工作中，我们在[1]、[2]中介绍了LgDb。LgDb是一个概念验证工具，作为内核分析、代码覆盖和模拟的创新框架而出现。LgDb在基于Lguest的准虚拟环境中运行检查过的内核。大多数现有工具的限制源于任务的性质。用户空间工具不能检查它所运行的内核。通过使用虚拟化，LgDb消除了大多数现有工具的限制。就主机而言，LgDb作为用户进程运行，减轻了对复杂内核空间工具的需求。在这项工作中，我们将提供对LgDb的扩展，以检测内核安全漏洞。漏洞检测过程不是自动的。但是，LgDb允许开发人员在开发过程中测试代码，类似于调试器。事实证明，LgDb所解决的漏洞类型缺乏有效的自动检测工具，并表现在几个内核漏洞中。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2015 IEEE 2nd International Conference on Cyber Security and Cloud Computing

自引率

0.00%

发文量