چكيده به لاتين
Kernel level bugs, because of their drastic ramifications on the system as a whole, are considered as serious software bugs. Specifically, security bugs of a kernel which directly threaten the privacy of the users and access to system resources must be patched immediately to prevent intruders from breaking into the system. Experience has shown that even despite quick response by OS developers to patch vulnerabilities, users don't install security updates on time, due to various reasons. This leads to their systems being vulnerable to these bugs for long times. So far, the presented related works could not solve this problem effectively because either they were not fast enough or were not applicable to widespread usage. In addition, the main goal of almost all of them was only to update the kernel and make the updates in effect, without needing to reboot the computer. In our dissertation, we proposed a kernel level protection mechanism and implemented it for 3 variants of Linux operating systems for an Andorid device, a Raspberry Pi device and Debian-based desktop computer. The mechanism offers a bug recognition solution to protect all variants of an operating system against a kernel bug, immediately after the bug details are published. We studied 32 kernel level vulnerabilities which were disclosed in the recent years and could successfully protect the devices against 29 out of the 32 critical vulnerabilities with a negligible overhead (less than 1%). Our mechanism is built based on a comprehensive and flexible model, which is adaptable to many types of operating systems. In contrast to previous related works, our mechanism is not limited to publishing the new version or patch of the kernel after a vulnerability is disclosed and it's not limited to only one specific type of operating system. Our mechanism stands on 3 principals: first there's no need for the kernel developers to write a patch and hence release a new version of the kernel, second to apply the changes on the kernel and making them effective we do not need to restart the system and third we don't need the user to intervene in the operation. The results of this study can be used to improve the performance of our mechanism and to extend it to cover a wider spectrum of kernel level attacks.
Keywords: Operating System, Anomaly, Vulnerability, Linux, Kernel, Security, Defense
