Detecting Kernel Vulnerabilities during the Development Phase

Nezer J. Zaidenberg, Eviatar Khen

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

9 Scopus citations

Abstract

Testing is one of the major problems in Linux kernel development cycle. Security analysis and ensuring no new vulnerabilities has been introduced is one of the toughest issues of testing. Kernel developers attempt to find as many security issues as possible before merging with the mainline branch. Failure to detect vulnerabilities will result in vulnerable kernel shipped by distribution and vulnerable systems. The kernel developers can choose between several industrial and open source tools to assist in the development process and shorten the development cycle. (Though not as many as user space developers. Kernel tools are limited and rare compared to user space tools) Some of these tools are used to test the reliability of the kernel and detect kernel vulnerabilities. Unfortunately, these tools are not sufficient! LgDb was introduced in [1], [2] in our previous work. LgDb is a proof-of-concept tool that was presented as an innovative framework for kernel profiling, code coverage and simulations. LgDb runs the inspected kernel on a para virtual environment based on Lguest. Most existing tools limitations stem from the nature of the task. A user space tool cannot inspect the kernel on which it runs on. By using virtualization LgDb eliminates most of the existing tools limitations. As far as the host is concerned LgDb runs as a user process and the need for complex kernel space tools is alleviated. In this work we will present an extension to LgDb in order to detect kernel security vulnerabilities. The vulnerabilities detection process is not automatic. However, LgDb allows the developer test the code during the development, similarly to a debugger. The vulnerabilities types that LgDb addresses are proved to be lacking efficient automatic detection tools and manifested in several kernel vulnerabilities.

Original languageEnglish
Title of host publicationProceedings - 2nd IEEE International Conference on Cyber Security and Cloud Computing, CSCloud 2015 - IEEE International Symposium of Smart Cloud, IEEE SSC 2015
EditorsTao Zhang, Sajal K. Das, Tao Zhang, Meikang Qiu
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages224-230
Number of pages7
ISBN (Electronic)9781467392990
DOIs
StatePublished - 4 Jan 2016
Externally publishedYes
Event2nd IEEE International Conference on Cyber Security and Cloud Computing, CSCloud 2015 - New York, United States
Duration: 3 Nov 20155 Nov 2015

Publication series

NameProceedings - 2nd IEEE International Conference on Cyber Security and Cloud Computing, CSCloud 2015 - IEEE International Symposium of Smart Cloud, IEEE SSC 2015

Conference

Conference2nd IEEE International Conference on Cyber Security and Cloud Computing, CSCloud 2015
Country/TerritoryUnited States
CityNew York
Period3/11/155/11/15

Keywords

  • Virtualization security vulnerabilities Lguest

Fingerprint

Dive into the research topics of 'Detecting Kernel Vulnerabilities during the Development Phase'. Together they form a unique fingerprint.

Cite this