Filters








1,143 Hits in 6.8 sec

Linux kernel vulnerabilities

Haogang Chen, Yandong Mao, Xi Wang, Dong Zhou, Nickolai Zeldovich, M. Frans Kaashoek
2011 Proceedings of the Second Asia-Pacific Workshop on Systems - APSys '11  
This paper evaluates the current state-of-the-art with respect to kernel protection techniques, by presenting two case studies of Linux kernel vulnerabilities.  ...  First, this paper presents data on 141 Linux kernel vulnerabilities discovered from January 2010 to March 2011, and second, this paper examines how well state-of-the-art techniques address these vulnerabilities  ...  This research was partially supported by the DARPA Clean-slate design of Resilient, Adaptive, Secure Hosts (CRASH) program under contract #N66001-10-2-4089.  ... 
doi:10.1145/2103799.2103805 dblp:conf/apsys/ChenMWZZK11 fatcat:3mwqsdizsrfdxayhpj5mhahavq

An Analysis of Speculative Type Confusion Vulnerabilities in the Wild [article]

Ofek Kirzner, Adam Morrison
2021 arXiv   pre-print
We thus set out to determine the extent to which speculative type confusion affects the Linux kernel.  ...  In this paper, we investigate speculative type confusion, a Spectre v1 attack vector in which branch mispredictions make the victim execute with variables holding values of the wrong type and thereby leak  ...  Acknowledgements We thank Alla Lenchner for extending LLVM's SLH to support kernel-mode mitigation. We thank the reviewers and our shepherd, Deian Stefan, for their insightful feedback.  ... 
arXiv:2106.15601v2 fatcat:3urnzr7mobcthg62ubfx4heorq

Learning from What We Know: How to Perform Vulnerability Prediction using Noisy Historical Data [article]

Aayush Garg, Renzo Degiovanni, Matthieu Jimenez, Maxime Cordy, Mike Papadakis, Yves Le Traon
2022 arXiv   pre-print
We evaluate TROVON by comparing it with existing techniques on three security-critical open source systems, i.e., Linux Kernel, OpenSSL, and Wireshark, with historical vulnerabilities that have been reported  ...  Vulnerability prediction refers to the problem of identifying system components that are most likely to be vulnerable.  ...  The results of their exploratory study demonstrated that Text Mining's prediction power was superior to the state of the art vulnerability prediction models with good performance for both precision and  ... 
arXiv:2012.11701v2 fatcat:irfjzleaxbc2zif4ndt3zavgfi

SoK: Understanding the Prevailing Security Vulnerabilities in TrustZone-assisted TEE Systems

David Cerdeira, Nuno Santos, Pedro Fonseca, Sandro Pinto
2020 2020 IEEE Symposium on Security and Privacy (SP)  
In this paper, we aim to understand which types of vulnerabilities and limitations affect existing TrustZone-assisted TEE systems, what are the main challenges to build them correctly, and what contributions  ...  By studying publicly documented exploits and vulnerabilities as well as by reverse engineering the TEE firmware, we identified several critical vulnerabilities across existing systems which makes it legitimate  ...  Acknowledgments: We thank our shepherd David Kohlbrenner and the anonymous reviewers for their comments and suggestions. We are grateful to Joakim Bech for the insightful discussions about OP-TEE.  ... 
doi:10.1109/sp40000.2020.00061 dblp:conf/sp/Cerdeira0FP20 fatcat:pzj3uu3vvfb4ra24pre2c5s3jm

KOOBE: Towards Facilitating Exploit Generation of Kernel Out-Of-Bounds Write Vulnerabilities

Weiteng Chen, Xiaochen Zou, Guoren Li, Zhiyun Qian
2020 USENIX Security Symposium  
In our evaluation, we demonstrate the applicability of KOOBE by exhaustively analyzing 17 most recent Linux kernel OOB vulnerabilities (where only 5 of them have publicly available exploits), for which  ...  We design KOOBE to assist the analysis of such vulnerabilities based on two observations: (1) Surprisingly often, different OOB vulnerability instances exhibit a wide range of capabilities. (2) Kernel  ...  Acknowledgement We wish to thank Lucas Davi (our shepherd) and the anonymous reviewers for their valuable comments and suggestions.  ... 
dblp:conf/uss/ChenZLQ20 fatcat:mgpde2s7bvckjfu5sbyszsqzh4

Learning from what we know: How to perform vulnerability prediction using noisy historical data [article]

Aayush Garg, Renzo Degiovanni, Matthieu Jimenez, Maxime Cordy, Mike Papadakis, Yves LeTraon
2022 arXiv   pre-print
We evaluate TROVON by comparing it with existing techniques on three security-critical open source systems, i.e., Linux Kernel, OpenSSL, and Wireshark, with historical vulnerabilities that have been reported  ...  Vulnerability prediction refers to the problem of identifying system components that are most likely to be vulnerable.  ...  The results of their exploratory study demonstrated that Text Mining's prediction power was superior to the state of the art vulnerability prediction models with good performance for both precision and  ... 
arXiv:2207.11018v1 fatcat:ktsiy6xfqvaghckwj3fpxapnom

Venerable Variadic Vulnerabilities Vanquished

Priyam Biswas, Alessandro Di Federico, Scott A. Carr, Prabhu Rajasekaran, Stijn Volckaert, Yeoul Na, Michael Franz, Mathias Payer
2017 USENIX Security Symposium  
An adversary can take advantage of a mismatch between the argument types used by the caller of a variadic function and the types expected by the callee to violate the language semantics and to tamper with  ...  It is left to the programmer to ensure that the caller and callee follow this implicit specification, without the help of a static type checker.  ...  Any opinions, findings, and conclusions or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of the National Science Foundation, the Defense Advanced  ... 
dblp:conf/uss/BiswasFCRVNFP17 fatcat:4du7qpx7abcqhc3xfvzj3otetu

The Coming Era of AlphaHacking? A Survey of Automatic Software Vulnerability Detection, Exploitation and Patching Techniques [article]

Tiantian Ji, Yue Wu, Chang Wang, Xi Zhang, Zhongru Wang
2018 arXiv   pre-print
Utilizing automated system to detect, exploit and patch software vulnerabilities seems so attractive because of its scalability and cost-efficiency compared with the human expert based solution.  ...  In this paper, we give an extensive survey of former representative works related to the underlying technologies of a CRS, including vulnerability detection, exploitation and patching.  ...  In order to test the validity of SemFuzz, the author collected more than 112 Linux kernel vulnerability reported by CVE over the past five years. 16% of the vulnerabilities were detected and even zero-day  ... 
arXiv:1805.11001v2 fatcat:uh5ndhgmt5gpdk4opritn5fnsq

SyML: Guiding Symbolic Execution Toward Vulnerable States Through Pattern Learning

Nicola Ruaro, Kyle Zeng, Lukas Dresel, Mario Polino, Tiffany Bao, Andrea Continella, Stefano Zanero, Christopher Kruegel, Giovanni Vigna
2021 24th International Symposium on Research in Attacks, Intrusions and Defenses  
We implement our approach in a tool called SyML, and we evaluate it on the Cyber Grand Challenge (CGC) dataset-a well-known dataset of vulnerable programs-and on 3 real-world Linux binaries.  ...  We show that the knowledge collected from the analysis of vulnerable paths, without any explicit prior knowledge about vulnerability patterns, is transferrable to unseen binaries, and leads to outperforming  ...  Research was also sponsored by DARPA under agreements number HR001118C0060 and FA8750-19-C-0003. The U.S.  ... 
doi:10.1145/3471621.3471865 fatcat:zy5oktr57vhz7ohfc2to5no6yq

Reflections on UNIX Vulnerabilities

Matt Bishop
2009 2009 Annual Computer Security Applications Conference  
It examines how the nature of vulnerabilities has (and has not) changed since then, and presents some thoughts on the future of vulnerabilities in the UNIX operating system and its variants and other UNIXlike  ...  An action of the mind whereby we obtain a clearer view of our relation to the things of yesterday and are able to avoid the perils that we shall not again encounter. Ambrose Bierce [1]  ...  It starts with the state of the art in the beginning, up to and through the time my report was written.  ... 
doi:10.1109/acsac.2009.25 dblp:conf/acsac/Bishop09 fatcat:o2f7gi4drbcwjcrf7shortxgou

xTag: Mitigating Use-After-Free Vulnerabilities via Software-Based Pointer Tagging on Intel x86-64 [article]

Lukas Bernhard, Michael Rodler, Thorsten Holz, Lucas Davi
2022 arXiv   pre-print
Many different types of defenses have been proposed in the past to mitigate this problem.  ...  Based on this scheme, we propose a novel use-after-free mitigation scheme, called xTag, that offers better performance and strong security properties compared to state-of-the-art methods.  ...  Acknowledgments Funded by the Deutsche Forschungsgemeinschaft (DFG, German Research Foundation) under Germany's Excellence Strategy -EXC 2092 CASA -390781972.  ... 
arXiv:2203.04117v1 fatcat:t4s63gr4bbdylm2ul5d2dyozvm

SVTester: Finding DoS Vulnerabilities of Virtual Switches

Son Duc Nguyen, Mamoru Mimura, Hidema Tanaka
2021 Journal of Information Processing  
The results show that SVTester was able to rediscover DoS weaknesses on an old version of VMware hypervisor and found a novel possible vulnerability in the Oracle VirtualBox hypervisor.  ...  However, a noticeable security problem of virtualization is the fact that multiple virtual machines are run on one physical host machine called hypervisor.  ...  Acknowledgments This work was supported by the NEC C&C Foundation Grants for Non-Japanese Researchers.  ... 
doi:10.2197/ipsjjip.29.581 fatcat:tdtl7pyjuvhblcv4z2o4uevgmi

Will Zero Vulnerability Computing (ZVC) Ever Be Possible? Testing the Hypothesis

Fazal Raheman, Tejas Bhagat, Brecht Vermeulen, Peter Van Daele
2022 Future Internet  
Further research should explore whether ZVC can fully secure computers in more complex real-world scenarios and open a new epoch in the evolution of computers and the Internet.  ...  Zero vulnerability computing (ZVC) challenges the impossible with in-computer offline storage (ICOS) and Supra OS (SOS), to deliver comprehensive protection against vulnerabilities.  ...  State-of-the-Art Our problem statement identifies two "necessary evils" as the core enablers of cybersecurity breaches in legacy computing systems.  ... 
doi:10.3390/fi14080238 fatcat:raob3cbv2bcozpvptw3x3gqrsa

A Survey of Security Vulnerability Analysis, Discovery, Detection, and Mitigation on IoT Devices

Miao Yu, Jianwei Zhuge, Ming Cao, Zhiwei Shi, Lin Jiang
2020 Future Internet  
We review state-of-the-art research on IoT device vulnerability discovery, detection, mitigation, and other related works. Then, we point out the current challenges and opportunities by evaluation.  ...  With it, security vulnerabilities of IoT devices are emerging endlessly. The proliferation of security vulnerabilities will bring severe risks to users' privacy and property.  ...  Security researchers prevent these problems by modifying AI algorithms. (2) The Dependency of Third-Party and Open-Source Code IoT firmware development relies heavily on third-party and open-source code  ... 
doi:10.3390/fi12020027 fatcat:rbg5eyfvj5h7lezzzyiyhjrpci

A Tale of TwoWorlds: Assessing the Vulnerability of Enclave Shielding Runtimes

J. Bulck, D. Oswald, E. Marin, A. Aldoseri, F. Garcia, F. Piessens
2020 Zenodo  
In fact, we demonstrate that state-of-the-art mitigation techniques such as Intel's edger8r, Microsoft's "deep copy marshalling", or even memory-safe languages like Rust fail to fully eliminate this attack  ...  We have responsibly disclosed our findings, leading to 5 designated CVE records and numerous security patches in the vulnerable open-source projects, including the Intel SGX-SDK, Microsoft Open Enclave  ...  We further would like to thank the maintainers of the open-source projects we studied for their contributions to the community and for promptly responding and working on mitigations.  ... 
doi:10.5281/zenodo.3978120 fatcat:ggh2ja7dxrdaxbbozjq67mpnue
« Previous Showing results 1 — 15 out of 1,143 results