Kevin AdameitQuelle: TUMKolleg

Kevin Adameit



Titel der Forschungsarbeit: Patching Exposed Variables in the Linux Kernel Core and Drivers

Fakultät: Fakultät für Informatik

Lehrstuhl: Lehrstuhl für Sicherheit in der Informatik

Betreuung: Marius Momeu

Abstract der Forschungsarbeit

The Linux operating system has become increasingly important for both companies and private individuals. For that reason, the secure use of Linux has to be guaranteed at all times. This work examines exposed global variables in the Linux kernel which are writable but are never supposed to be written to. An attacker can potentially write to those instances and thus achieve malicious control flow or data flow. Given the vast Linux kernel code base, automatic approaches need to be considered to find such instances and turn them read only, preventing write access. For that reason, this work introduces a Kernel Patcher script automatically patching those exposed variables in the Linux kernel’s core and driver source code by making them constant and thus read only. The static analysis tool ICARUS is used to identify the variables which should be patched. The experiment was conducted on the Linux kernel version v5.4. Out of 6847 variables, the Kernel Patcher script successfully patched 311 variables in 58:33h. Booting the patched kernel version in a virtual machine as well as running a benchmark validated that the patches did not break functionality. The variables which are made read only by the script cannot be written to anymore at runtime and, thus, the attack surface of the Linux kernel could successfully be reduced.