Configfs
View article
Coccinelle: 10 Years of Automated Evolution in the Linux Kernel Open
International audience
View article
Synthesizing safe and efficient kernel extensions for packet processing Open
Extended Berkeley Packet Filter (BPF) has emerged as a powerful method to extend packet-processing functionality in the Linux operating system. BPF allows users to write code in high-level languages (like C or Rust) and execute them at spe…
View article
We need kernel interposition over the network dataplane Open
Kernel-bypass networking, which allows applications to circumvent the kernel and interface directly with NIC hardware, is one of the main tools for improving application network performance. However, allowing applications to circumvent the…
View article
Comparing Live Migration between Linux Containers and Kernel Virtual Machine : Investigation study in terms of parameters Open
Context. Virtualization technologies have been extensively used in various cloud platforms. Hardware replacements and maintenance are occasionally required, which leads to business downtime. Live migration is performed to ensure high avail…
View article
Understanding the Security of Linux eBPF Subsystem Open
Linux eBPF allows a userspace application to execute code inside the Linux kernel without modifying the kernel code or inserting a kernel module. An in-kernel eBPF verifier preverifies any untrusted eBPF bytecode before running it in kerne…
View article
K-LEAK: Towards Automating the Generation of Multi-Step Infoleak Exploits against the Linux Kernel Open
The severity of information leak (infoleak for short) in OS kernels cannot be underestimated, and various exploitation techniques have been proposed to achieve infoleak in OS kernels.Among them, memory-error-based infoleak is powerful and …
View article
How to design a library OS for practical containers? Open
Container engines with operating-system virtualization have been widely used and now offer extensions to replace core functionalities that are derived from the host kernel. Because such extensions with an alternate kernel, which is often i…
View article
IskiOS: Lightweight Defense Against Kernel-Level Code-Reuse Attacks Open
Commodity operating systems such as Windows, Linux, and MacOS X form the Trusted Computing Base (TCB) of today’s computing systems. However, since they are written in C and C++, they have memory safety errors and are vulnerable to kernel-l…
View article
DSAC: Effective Static Analysis of Sleep-in-Atomic-Context Bugs in Kernel Modules Open
International audience
View article
Breaking KASLR Using Memory Deduplication in Virtualized Environments Open
Recent operating systems (OSs) have adopted a defense mechanism called kernel page table isolation (KPTI) for protecting the kernel from all attacks that break the kernel address space layout randomization (KASLR) using various side-channe…
View article
Evolution of the Linux kernel Open
Existing research analyzing evolution of the Linux kernel considers the kernel together with loadable modules delivered with it or some specific subsystems of the kernel. The aim of this paper is to evaluate evolution of the kernel without…
View article
EntryBleed: A Universal KASLR Bypass against KPTI on Linux Open
For years, attackers have compromised systems by developing exploits that rely on known locations of kernel code and data segments. KASLR (Kernel Address Space Layout Randomization) is a key mitigation in modern operating systems which ham…
View article
Automata-based modeling of interrupts in the Linux PREEMPT RT kernel Open
This paper presents a methodology to model and check the behavior of a part of the Linux kernel by applying automaton theory and in-kernel tracing from real execution. It is possible to check that the state transitions of the kernel during…
View article
Improving Real Time Performance of Linux System Using RT-Linux Open
The Linux operating system is a general-purpose operating system, and its serious lack of real-time performance limits its development in the embedded field. This paper analyses the current development status of Linux system, and uses RT-L…
View article
Effective Detection of Sleep-in-atomic-context Bugs in the Linux Kernel Open
Atomic context is an execution state of the Linux kernel in which kernel code monopolizes a CPU core. In this state, the Linux kernel may only perform operations that cannot sleep, as otherwise a system hang or crash may occur. We refer to…
View article
Practical Safe Linux Kernel Extensibility Open
The ability to extend kernel functionality safely has long been a design goal for operating systems. Modern operating systems, such as Linux, are structured for extensibility to enable sharing a single code base among many environments. Un…
View article
An In-depth Analysis of Duplicated Linux Kernel Bug Reports Open
In the past three years, the continuous fuzzing projects Syzkaller and Syzbot have achieved great success in detecting kernel vulnerabilities, finding more kernel bugs than those found in the past 20 years.However, a side effect of continu…
View article
Research of Performance Linux Kernel File Systems Open
The article describes the most common Linux Kernel File Systems. The research was carried out on a personal computer, the characteristics of which are written in the article. The study was performed on a typical workstation running GNU/Lin…
View article
Mitigation of Kernel Memory Corruption Using Multiple Kernel Memory Mechanism Open
Operating systems adopt kernel protection methods (e.g., mandatory access control, kernel address space layout randomization, control flow integrity, and kernel page table isolation) as essential countermeasures to reduce the likelihood of…
View article
Leveraging relocations in ELF-binaries for Linux kernel version identification Open
Identification of operating system kernel version is essential in a large number of forensic and security applications in both cloud and local environments. Prior state-of-the-art uses complex differential analysis of several aspects of ke…
View article
MPTCP Linux Kernel Congestion Controls Open
MultiPath TCP (MPTCP) is a promising protocol which brings new light to the TCP/IP protocol stack ossification problem by means of an impactful innovation of the transport layer. A MPTCP connection consists of a set of one or more subflows…
View article
Kernel Rootkits Detection Method by Monitoring Branches Using Hardware Features Open
An operating system is an essential piece of software that manages hardware and software resources. Thus, attacks on an operating system kernel using kernel rootkits pose a particularly serious threat. Detecting an attack is difficult when…
View article
Using fault injection for testing Linux kernel components Open
The paper presents methods aimed to extend coverage of existing tests by systematic and targeted fault injection in Linux kernel. The main goal is to test if kernel components correctly handle abnormal situations. As long as such situation…
View article
Managing Big Clones to Ease Evolution: Linux Kernel Example Open
Successful software is often enhanced and adapted to the needs of new users.During evolution, a software system grows in size, becomes more complex, and costly to maintain.In this paper, we point to big clones-large granular duplicated pro…
View article
Fundamental Structure of Linux Kernel based Device Driver and Implementation on Linux Host Machine Open
This paper discussed about Fundamental structure of device driver based on Linux Kernel.Motive of the paper is to implement simple Linux kernel device driver on Linux host machine.Linux kernel fundamental structure Explained from root leve…
View article
HACS: A Hypervisor-Based Access Control Strategy to Protect Security-Critical Kernel Data Open
Rootkits are prevalent in today’s Internet. Using virtual machine monitor (VMM) is an attractive way to deal with rootkits. However, most of the previous studies do not focus on protecting kernel data using VMMs, especially for the data …
View article
Research of File System Capacity for Linux Kernel Open
В статье рассмотрены наиболее распространённые файловые системы ядра Linux. Исследование производилось на типовом персональном компьютере, характеристики которого приведены в статье. На персональном компьютере для проведения замеров скорос…
View article
IskiOS: Intra-kernel Isolation and Security using Memory Protection Keys Open
Operating system (OS) kernels such as Windows, Linux, and MacOS are vulnerable to control-flow hijacking. Defenses exist, but many require efficient intra-address space isolation. For example, execute-only memory requires read protection o…
View article
H-KPP: Hypervisor-Assisted Kernel Patch Protection Open
We present H-KPP, hypervisor-based protection for kernel code and data structures. H-KPP prevents the execution of unauthorized code in kernel mode. In addition, H-KPP protects certain object fields from malicious modifications. H-KPP can …
View article
MemoryRanger Prevents Hijacking FILE_OBJECT Structures in Windows Kernel Open
Windows OS kernel memory is one of the main targets of cyber-attacks. By launching such attacks, hackers are succeeding in process privilege escalation and tampering with users data by accessing kernel mode memory. This paper considers a n…