Mokhov, Serguei A. and Laverdière, Marc-André and Benredjem, Djamel (2008) Taxonomy of Linux Kernel Vulnerability Solutions. In: International Joint Conferences on Computer, Information, and Systems Sciences, and Engineering (CISSE 2007) , December 2007.
report.pdf - Accepted Version
Official URL: http://dx.doi.org/10.1007/978-1-4020-8739-4_86
This paper presents the results of a case study on software vulnerability solutions in the Linux kernel. Our major contribution is the introduction of a classification of methods used to solve vulnerabilities. Our research shows that error handling, redesign, and precondition validation are the most used methods in solving vulnerabilities in the Linux kernel. This contribution is accompanied with statistics on the occurrence of the different types of vulnerabilities and their solutions that we observed during our case study, combined with example source code patches. We also combine our findings with existing programming guidelines to create the first security-oriented coding guidelines for the Linux kernel.
|Divisions:||Concordia University > Faculty of Engineering and Computer Science > Computer Science and Software Engineering|
Concordia University > Faculty of Engineering and Computer Science > Concordia Institute for Information Systems Engineering
Concordia University > Research Units > Computer Security Laboratory
|Item Type:||Conference or Workshop Item (Paper)|
|Authors:||Mokhov, Serguei A. and Laverdière, Marc-André and Benredjem, Djamel|
|Digital Object Identifier (DOI):||10.1007/978-1-4020-8739-4_86|
|Keywords:||Linux kernel, Software Vulnerabilities, Vulnerability Remedial, Vulnerability Solutions Taxonomy|
|Deposited By:||Serguei Mokhov|
|Deposited On:||30 Sep 2011 15:15|
|Last Modified:||05 Nov 2016 01:42|
Repository Staff Only: item control page