Servers

Analyzing and Improving Linux Kernel Memory Protection: A Model Checking Approach

Download Now Free registration required

Executive Summary

Code injection continues to pose a serious threat to computer systems. Among existing solutions, W+ X is a notable approach to prevent the execution of injected code. In this paper, the authors focus on the Linux kernel memory protection and systematically check for possible W + X violations in the Linux kernel design and implementation. In particular, they have developed a Murphi-based abstract model and used it to discover several serious shortcomings in the current Linux kernel that violate the W + X property. They have confirmed with the Linux community the presence of these problems and accordingly developed five Linux kernel patches. (Four of them are in the process of being integrated into the main-line Linux kernel.)

  • Format: PDF
  • Size: 356.17 KB