Abstract
Although studies regarding the classification and analysis of source-level vulnerabilities in operating systems are not direct and practical solutions to the exploits with which computer systems are attacked, it is important that these studies supply the elementary technology for the development of effective security mechanisms. Linux systems are widely used on the Internet and in intra-net environments. However, researches regarding the fundamental vulnerabilities in the Linux kernel have not been satisfactorily conducted. In this paper, characteristic classification and correlation analysis of source-level vulnerabilities in the Linux kernel, open to the public and listed on the SecurityFocus site for the 6 years from 1999 to 2004, are presented. This study will enable Linux kernel maintenance groups to understand the wide array of vulnerabilities, to analyze the characteristics of the attack abusing vulnerabilities, and to prioritize their development effort according to the impact of these vulnerabilities on the Linux systems.
This research was supported by the MIC(Ministry of Information and Communication), Korea, under the ITRC(Information Technology Research Center) support program supervised by the IITA(Institute of Information Technology Assessment).
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Marick, B.: A survey of software fault surveys, Technical Report UIUCDCS-R90-1651, University of Illinois at Urbana-Chamaign (December 1990)
Jiwnani, K., Zelkowitz, M.: Maintaining Software with a Security Perspective. In: International Conference on Software Maintenance (ICSM 2002), Montreal, Quebec, Canada (2002)
Security Taxonomy, http://www.garlic.com/~lynn/secure.htm
Chillarege, R.: ODC for Process Measurement, Analysis and Control. In: Proc. of the Foruth International Conference on Software Quality, ASQC Software Division, McLean, VA, pp. 3–5 (1994)
Chillarege, R., Bhandari, I.S., Chaar, J.K., Halliday, M.J., Moebus, D.S., Ray, B.K., Wong, M.-Y.: Orthogonal Defect Classification - A Concept for In-Process Measurements. IEEE Transactions on Software Engineering 18 (1992)
Landwehr, C.E., Bull, A.R., McDermott, J.P., Choi, W.S.: A Taxonomy of Computer Program Security Flaws. ACM Computing Surveys 26 (1994)
Bishop, M.: A Taxonomy of UNIX System and Network Vulnerabilities, Technical Report CSE-95-10, Purdue University (1995)
Du, W., Mathur, A.P.: Categorization of Software Errors that led to Security Breaches. In: Proc. of the 21st National Information Systems Security Conference (NISSC 1998), Crystal City, VA (1998)
SecurityFocus, http://www.securityfocus.com
Common Vulnerabilities and Exposures, the Standard for Information Security Vulnerability Names, http://www.cve.mitre.org
Guardian Digital: Inc., http://www.linuxsecurity.com
iSEC Security Research, http://www.isec.pl
Rubini, A., Corbet, J.: Linux Device Drivers, 2nd edn. O’REILLY, Sebastopol (2001)
Bovet, D.P., Cesati, M.: Understanding the Linux Kernel, 2nd edn. O’REILLY, Sebastopol (2003)
Rescorla, E.: Security HolesÈ Who cares? In: Proc. Of the 12the USENIX Security Symposium, Washington D.C (2003)
Browne, H., Arbuagh, W., McHugh, J., Fiothen, W.: A Trend Analysis of Exploitations. In: IEEE Symposium on Security and Privacy (2001)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Ko, K., Jang, I., Kang, Yh., Lee, J., Eom, Y.I. (2005). Characteristic Classification and Correlation Analysis of Source-Level Vulnerabilities in the Linux Kernel. In: Hao, Y., et al. Computational Intelligence and Security. CIS 2005. Lecture Notes in Computer Science(), vol 3802. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11596981_172
Download citation
DOI: https://doi.org/10.1007/11596981_172
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-30819-5
Online ISBN: 978-3-540-31598-8
eBook Packages: Computer ScienceComputer Science (R0)