Skip to main content
SpringerLink
Log in

Characteristic Classification and Correlation Analysis of Source-Level Vulnerabilities in the Linux Kernel

  • Conference paper
Computational Intelligence and Security (CIS 2005)

Part of the book series: Lecture Notes in Computer Science ((LNAI,volume 3802))

Included in the following conference series:

Abstract

Although studies regarding the classification and analysis of source-level vulnerabilities in operating systems are not direct and practical solutions to the exploits with which computer systems are attacked, it is important that these studies supply the elementary technology for the development of effective security mechanisms. Linux systems are widely used on the Internet and in intra-net environments. However, researches regarding the fundamental vulnerabilities in the Linux kernel have not been satisfactorily conducted. In this paper, characteristic classification and correlation analysis of source-level vulnerabilities in the Linux kernel, open to the public and listed on the SecurityFocus site for the 6 years from 1999 to 2004, are presented. This study will enable Linux kernel maintenance groups to understand the wide array of vulnerabilities, to analyze the characteristics of the attack abusing vulnerabilities, and to prioritize their development effort according to the impact of these vulnerabilities on the Linux systems.

This research was supported by the MIC(Ministry of Information and Communication), Korea, under the ITRC(Information Technology Research Center) support program supervised by the IITA(Institute of Information Technology Assessment).

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 169.00
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Marick, B.: A survey of software fault surveys, Technical Report UIUCDCS-R90-1651, University of Illinois at Urbana-Chamaign (December 1990)

    Google Scholar 

  2. Jiwnani, K., Zelkowitz, M.: Maintaining Software with a Security Perspective. In: International Conference on Software Maintenance (ICSM 2002), Montreal, Quebec, Canada (2002)

    Google Scholar 

  3. Security Taxonomy, http://www.garlic.com/~lynn/secure.htm

  4. Chillarege, R.: ODC for Process Measurement, Analysis and Control. In: Proc. of the Foruth International Conference on Software Quality, ASQC Software Division, McLean, VA, pp. 3–5 (1994)

    Google Scholar 

  5. Chillarege, R., Bhandari, I.S., Chaar, J.K., Halliday, M.J., Moebus, D.S., Ray, B.K., Wong, M.-Y.: Orthogonal Defect Classification - A Concept for In-Process Measurements. IEEE Transactions on Software Engineering 18 (1992)

    Google Scholar 

  6. Landwehr, C.E., Bull, A.R., McDermott, J.P., Choi, W.S.: A Taxonomy of Computer Program Security Flaws. ACM Computing Surveys 26 (1994)

    Google Scholar 

  7. Bishop, M.: A Taxonomy of UNIX System and Network Vulnerabilities, Technical Report CSE-95-10, Purdue University (1995)

    Google Scholar 

  8. Du, W., Mathur, A.P.: Categorization of Software Errors that led to Security Breaches. In: Proc. of the 21st National Information Systems Security Conference (NISSC 1998), Crystal City, VA (1998)

    Google Scholar 

  9. SecurityFocus, http://www.securityfocus.com

  10. Common Vulnerabilities and Exposures, the Standard for Information Security Vulnerability Names, http://www.cve.mitre.org

  11. Guardian Digital: Inc., http://www.linuxsecurity.com

  12. iSEC Security Research, http://www.isec.pl

  13. Rubini, A., Corbet, J.: Linux Device Drivers, 2nd edn. O’REILLY, Sebastopol (2001)

    Google Scholar 

  14. Bovet, D.P., Cesati, M.: Understanding the Linux Kernel, 2nd edn. O’REILLY, Sebastopol (2003)

    Google Scholar 

  15. Rescorla, E.: Security HolesÈ Who cares? In: Proc. Of the 12the USENIX Security Symposium, Washington D.C (2003)

    Google Scholar 

  16. Browne, H., Arbuagh, W., McHugh, J., Fiothen, W.: A Trend Analysis of Exploitations. In: IEEE Symposium on Security and Privacy (2001)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. School of Information and Communication Eng., Sungkyunkwan University, 300 Cheoncheon-dong, Jangan-gu, Suwon, Gyeonggi-do, 440-746, Korea

    Kwangsun Ko & Young Ik Eom

  2. National Security Research Institute, 161 Gajeong-dong, Yuseong-gu, Daejeon, 305-700, Korea

    Insook Jang & Jinseok Lee

  3. School of Business Administration, Far East University, 5 San Wangjang, Gamgok, Eumseong, Chungbuk, 369-851, Korea

    Yong-hyeog Kang

Authors
  1. Kwangsun Ko
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Insook Jang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Yong-hyeog Kang
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Jinseok Lee
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Young Ik Eom
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Microelectronic Instiute, Xidian University, 710071, Xi’an, China

    Yue Hao

  2. Department of Computer Science, Hong Kong Baptist University, Kowloon Tong, Hong Kong

    Jiming Liu

  3. School of Computer Science and Technology, Xidian University, Xi’an, China

    Yu-Ping Wang

  4. Department of Computer Science, Hong Kong Baptist University, Hong Kong,  

    Yiu-ming Cheung

  5. School of Electrical and Electronic Engineering, University of Manchester, UK

    Hujun Yin

  6. Life Science Research Center, School of Electronic Engineering, Xidian University, 710071, Xi’an, Shaanxi, China

    Licheng Jiao

  7. Key Laboratory of Computer Networks and Information Security(Ministry of Education), Xidian University, 710071, Xi’an, China

    Jianfeng Ma

  8. National Laboratory of Antennas and Microwave Technology, Xidian University, 710071, Xi’an, Shanxi, P.R. China

    Yong-Chang Jiao

Rights and permissions

Reprints and permissions

Copyright information

© 2005 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Ko, K., Jang, I., Kang, Yh., Lee, J., Eom, Y.I. (2005). Characteristic Classification and Correlation Analysis of Source-Level Vulnerabilities in the Linux Kernel. In: Hao, Y., et al. Computational Intelligence and Security. CIS 2005. Lecture Notes in Computer Science(), vol 3802. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11596981_172

Download citation

  • DOI: https://doi.org/10.1007/11596981_172

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-30819-5

  • Online ISBN: 978-3-540-31598-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation