Visible to the public Linux Privilege Increase Threat Analysis

TitleLinux Privilege Increase Threat Analysis
Publication TypeConference Paper
Year of Publication2020
AuthorsDmitry, Morozov, Elena, Ponomareva
Conference Name2020 Ural Symposium on Biomedical Engineering, Radioelectronics and Information Technology (USBEREIT)
Date PublishedMay 2020
PublisherIEEE
ISBN Number 978-1-7281-3165-8
Keywordscomposability, confidentiality, Information security, Linux operating system, Linux Operating System Security, Metrics, operating system, privilege increase, pubcrawl, resilience, Resiliency, rights differentiation, Vulnerability
AbstractToday, Linux is one of the main operating systems (OS) used both on desktop computers and various mobile devices. This OS is also widely applied in state and municipal structures, including law enforcement agencies and automated control systems used in the Armed Forces of the Russian Federation. It's worth noting that the process of replacing the Linux OS with domestic protected OSs that use the Linux kernel has now begun. In this regard, the analysis of threats to information security of the Linux OS is highly relevant. In this article, the authors discuss the security problems of Linux OS associated with unauthorized user privileges increase, as a result of which an attacker can gain full control over the OS. The approaches to differentiating user privileges in Linux are analyzed and their advantages and disadvantages are considered. As an example, the causes of the vulnerability CVE-2018-14665 were identified and measures to eliminate it were proposed.
URLhttps://ieeexplore.ieee.org/document/9117739
DOI10.1109/USBEREIT48449.2020.9117739
Citation Keydmitry_linux_2020