Detecting Kernel Vulnerabilities During the Development Phase

摘要

Testing is one of the major problems in Linux kernel development cycle. Security analysis and ensuring no new vulnerabilities has been introduced is one of the toughest issues of testing. Kernel developers attempt to find as many security issues as possible before merging with the mainline branch. Failure to detect vulnerabilities will result in vulnerable kernel shipped by distribution and vulnerable systems. The kernel developers can choose between several industrial and open source tools to assist in the development process and shorten the development cycle. (Though not as many as user space developers. Kernel tools are limited and rare compared to user space tools) Some of these tools are used to test the reliability of the kernel and detect kernel vulnerabilities. Unfortunately, these tools are not sufficient! LgDb was introduced in [1], [2] in our previous work. LgDb is a proof-of-concept tool that was presented as an innovative framework for kernel profiling, code coverage and simulations. LgDb runs the inspected kernel on a para virtual environment based on Lguest. Most existing tools limitations stem from the nature of the task. A user space tool cannot inspect the kernel on which it runs on. By using virtualization LgDb eliminates most of the existing tools limitations. As far as the host is concerned LgDb runs as a user process and the need for complex kernel space tools is alleviated. In this work we will present an extension to LgDb in order to detect kernel security vulnerabilities. The vulnerabilities detection process is not automatic. However, LgDb allows the developer test the code during the development, similarly to a debugger. The vulnerabilities types that LgDb addresses are proved to be lacking efficient automatic detection tools and manifested in several kernel vulnerabilities.