Characteristic classification and correlation analysis of source-level vulnerabilities in the linux kernel

  • Authors:

  • Kwangsun Ko;Insook Jang;Yong-hyeog Kang;Jinseok Lee;Young Ik Eom

  • Affiliations:

  • School of Information and Communication Eng., Sungkyunkwan University, Suwon, Gyeonggi-do, Korea;National Security Research Institute, Daejeon, Korea;School of Business Administration, Far East University, Chungbuk, Korea;National Security Research Institute, Daejeon, Korea;School of Information and Communication Eng., Sungkyunkwan University, Suwon, Gyeonggi-do, Korea

  • Venue:
  • CIS'05 Proceedings of the 2005 international conference on Computational Intelligence and Security - Volume Part II
  • Year:
  • 2005

Quantified Score

Hi-index 0.00

Visualization

Abstract

Although studies regarding the classification and analysis of source-level vulnerabilities in operating systems are not direct and practical solutions to the exploits with which computer systems are attacked, it is important that these studies supply the elementary technology for the development of effective security mechanisms. Linux systems are widely used on the Internet and in intra-net environments. However, researches regarding the fundamental vulnerabilities in the Linux kernel have not been satisfactorily conducted. In this paper, characteristic classification and correlation analysis of source-level vulnerabilities in the Linux kernel, open to the public and listed on the SecurityFocus site for the 6 years from 1999 to 2004, are presented. This study will enable Linux kernel maintenance groups to understand the wide array of vulnerabilities, to analyze the characteristics of the attack abusing vulnerabilities, and to prioritize their development effort according to the impact of these vulnerabilities on the Linux systems.