Title | Study of Security Flaws in the Linux Kernel by Fuzzing |
Publication Type | Conference Paper |
Year of Publication | 2020 |
Authors | Teplyuk, P.A., Yakunin, A.G., Sharlaev, E.V. |
Conference Name | 2020 International Multi-Conference on Industrial Engineering and Modern Technologies (FarEastCon) |
Date Published | oct |
Keywords | Automated Response Actions, composability, composabilty, fuzzing, Industrial engineering, Kernel, Linux, Linux Operating System Security, Metrics, Operating Systems Security, Protocols, pubcrawl, resilience, Resiliency, security, security threats, stack overflow, Syzkaller, Tools, use-after-free, vulnerabilities |
Abstract | An exceptional feature of the development of modern operating systems based on the Linux kernel is their leading use in cloud technologies, mobile devices and the Internet of things, which is accompanied by the emergence of more and more security threats at the kernel level. In order to improve the security of existing and future Linux distributions, it is necessary to analyze the existing approaches and tools for automated vulnerability detection and to conduct experimental security testing of some current versions of the kernel. The research is based on fuzzing - a software testing technique, which consists in the automated detection of implementation errors by sending deliberately incorrect data to the input of the fuzzer and analyzing the program's response at its output. Using the Syzkaller software tool, which implements a code coverage approach, vulnerabilities of the Linux kernel level were identified in stable versions used in modern distributions. The direction of this research is relevant and requires further development in order to detect zero-day vulnerabilities in new versions of the kernel, which is an important and necessary link in increasing the security of the Linux operating system family. |
DOI | 10.1109/FarEastCon50210.2020.9271516 |
Citation Key | teplyuk_study_2020 |