Go to DBLP homepageEvaluating Kernel Anti-Exploitation Capabilities: A Scalable and General Framework Based on Evaluatology
Abstract: Kernel security is pivotal to overall system security, given the kernel’s complete access to system resources and its operation at the highest privilege level. Despite obtaining high-security certifications, kernels remain vulnerable to exploitation due to underlying vulnerabilities. This paper introduces a scalable and general framework for evaluating the anti-exploitation capability of kernels, drawing upon the principles of evaluatology. Evaluatology defines evaluation as the process of deducing the impact of subjects indirectly within tailored evaluation conditions that meet stakeholders’ needs. Our framework establishes the evaluation conditions and sets the stage for conducting meaningful evaluations. By applying this framework to the Linux kernel, specific exploitation techniques are identified, and a comprehensive evaluation process is conducted. The evaluation culminates in the generation of an Anti-Exploitation Capability Score, offering a quantifiable measure of the kernel’s resilience against exploitation. The proposed framework provides critical insights for security maintenance personnel, developers, and users, guiding effective vulnerability remediation, security enhancements, and informed product selection.
Loading