Moving Vulnerable Kernel Logic Into User Space
Date
Authors
Journal Title
Journal ISSN
Volume Title
Publisher
Abstract
Programs which run at ring zero are a security risk. Moving code into user space can mitigate this risk. As a demonstration, a simple kernel module with vulnerable logic was used as a control case. This module was capable of targeted data exfiltration from the kernel. It was shown that moving the application logic into user space decreased the severity of the vulnerability. Furthermore, rewriting the user space program in Guile – a very high-level language – removed the vulnerability entirely.
Description
Keywords
Guile, Linux, C, Security, Exfiltration, Module, Kernel, Lisp, Microkernel