{"updated":"2025-01-19T10:43:43.291884+00:00","links":{},"created":"2025-01-19T01:31:54.657305+00:00","metadata":{"_oai":{"id":"oai:ipsj.ixsq.nii.ac.jp:00231545","sets":["581:11107:11121"]},"path":["11121"],"owner":"44499","recid":"231545","title":["Identification of Vulnerable Kernel Code Using Kernel Tracing Mechanism"],"pubdate":{"attribute_name":"公開日","attribute_value":"2023-12-15"},"_buckets":{"deposit":"018bfbe8-6832-440b-9638-d8c478aea9eb"},"_deposit":{"id":"231545","pid":{"type":"depid","value":"231545","revision_id":0},"owners":[44499],"status":"published","created_by":44499},"item_title":"Identification of Vulnerable Kernel Code Using Kernel Tracing Mechanism","author_link":["625169","625168","625171","625170"],"item_titles":{"attribute_name":"タイトル","attribute_value_mlt":[{"subitem_title":"Identification of Vulnerable Kernel Code Using Kernel Tracing Mechanism"},{"subitem_title":"Identification of Vulnerable Kernel Code Using Kernel Tracing Mechanism","subitem_title_language":"en"}]},"item_keyword":{"attribute_name":"キーワード","attribute_value_mlt":[{"subitem_subject":"[特集:次世代デジタルプラットフォームにおける情報流通を支えるセキュリティとトラスト（推薦論文）] kernel vulnerability, dynamic analysis, system security","subitem_subject_scheme":"Other"}]},"item_type_id":"2","publish_date":"2023-12-15","item_2_text_3":{"attribute_name":"著者所属","attribute_value_mlt":[{"subitem_text_value":"Graduate School of Engineering, Kobe University"},{"subitem_text_value":"Faculty of Natural Science and Technology, Okayama University"}]},"item_2_text_4":{"attribute_name":"著者所属(英)","attribute_value_mlt":[{"subitem_text_value":"Graduate School of Engineering, Kobe University","subitem_text_language":"en"},{"subitem_text_value":"Faculty of Natural Science and Technology, Okayama University","subitem_text_language":"en"}]},"item_language":{"attribute_name":"言語","attribute_value_mlt":[{"subitem_language":"eng"}]},"publish_status":"0","weko_shared_id":-1,"item_file_price":{"attribute_name":"Billing file","attribute_type":"file","attribute_value_mlt":[{"url":{"url":"https://ipsj.ixsq.nii.ac.jp/record/231545/files/IPSJ-JNL6412003.pdf","label":"IPSJ-JNL6412003.pdf"},"date":[{"dateType":"Available","dateValue":"2025-12-15"}],"format":"application/pdf","billing":["billing_file"],"filename":"IPSJ-JNL6412003.pdf","filesize":[{"value":"1.5 MB"}],"mimetype":"application/pdf","priceinfo":[{"tax":["include_tax"],"price":"0","billingrole":"5"},{"tax":["include_tax"],"price":"0","billingrole":"6"},{"tax":["include_tax"],"price":"0","billingrole":"8"},{"tax":["include_tax"],"price":"0","billingrole":"44"}],"accessrole":"open_date","version_id":"3c224d7f-0ab8-422a-a497-c108d51d5572","displaytype":"detail","licensetype":"license_note","license_note":"Copyright (c) 2023 by the Information Processing Society of Japan"}]},"item_2_creator_5":{"attribute_name":"著者名","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"Hiroki, Kuzuno"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Toshihiro, Yamauchi"}],"nameIdentifiers":[{}]}]},"item_2_creator_6":{"attribute_name":"著者名(英)","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"Hiroki, Kuzuno","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Toshihiro, Yamauchi","creatorNameLang":"en"}],"nameIdentifiers":[{}]}]},"item_2_source_id_9":{"attribute_name":"書誌レコードID","attribute_value_mlt":[{"subitem_source_identifier":"AN00116647","subitem_source_identifier_type":"NCID"}]},"item_resource_type":{"attribute_name":"資源タイプ","attribute_value_mlt":[{"resourceuri":"http://purl.org/coar/resource_type/c_6501","resourcetype":"journal article"}]},"item_2_publisher_15":{"attribute_name":"公開者","attribute_value_mlt":[{"subitem_publisher":"情報処理学会","subitem_publisher_language":"ja"}]},"item_2_source_id_11":{"attribute_name":"ISSN","attribute_value_mlt":[{"subitem_source_identifier":"1882-7764","subitem_source_identifier_type":"ISSN"}]},"item_2_description_7":{"attribute_name":"論文抄録","attribute_value_mlt":[{"subitem_description":"Vulnerable kernel code is a threat to an operating system kernel. An adversary's user process can forcefully invoke vulnerable kernel code to cause privilege escalation or denial of service (DoS). Although security engineers belong Computer Security Incident Response Team (CSIRT) and Product Security Incident Response Team (PSIRT) of service providers or security operators have to consider the effect of kernel vulnerability on their system environment when deciding whether or not to update a kernel, the list of vulnerable kernel code is not provided in the Common Vulnerabilities and Exposures (CVE) report In addition, it is difficult to identify the vulnerable kernel code from the exploitation results in the kernel which indicates the account or the kernel suspension information. To identify the details of kernel vulnerability, we propose a vulnerable kernel code tracer (vkTracer), which uses an alternative viewpoint using proof-of-concept (PoC) code to create a profile of kernel vulnerability. vkTracer traces the user process of the PoC code and the running kernel to hook the invocation of the vulnerable kernel code. Moreover, vkTracer extracts the whole kernel component's information using the running and static kernel image and debug section. This ensures that vkTracer identifies the virtual address range and function name of the invoked kernel code from the traced user process; a profile of kernel vulnerability is then created. The evaluation results indicate that vkTracer could trace PoC code execution (e.g., privilege escalation or DoS), identify vulnerable kernel code, and generate a kernel vulnerability profile. Additionally, vkTracer could trace the kernel code of system call invocation regarding CVE information. Furthermore, the implementation of vkTracer reveals that the identification overhead ranges from 5.2683 s to 5.2728 s on the PoC codes and the acceptable system call latency is 3.7197 μs. Moreover, vkTracer represents 0.37% and 0.56% of the dynamic kernel tracing overhead for the web client program access overhead of 100,000 Hypertext Transfer Protocol sessions.\n------------------------------\nThis is a preprint of an article intended for publication Journal of\nInformation Processing(JIP). This preprint should not be cited. This\narticle should be cited as: Journal of Information Processing Vol.31(2023) (online)\nDOI　http://dx.doi.org/10.2197/ipsjjip.31.788\n------------------------------","subitem_description_type":"Other"}]},"item_2_description_8":{"attribute_name":"論文抄録(英)","attribute_value_mlt":[{"subitem_description":"Vulnerable kernel code is a threat to an operating system kernel. An adversary's user process can forcefully invoke vulnerable kernel code to cause privilege escalation or denial of service (DoS). Although security engineers belong Computer Security Incident Response Team (CSIRT) and Product Security Incident Response Team (PSIRT) of service providers or security operators have to consider the effect of kernel vulnerability on their system environment when deciding whether or not to update a kernel, the list of vulnerable kernel code is not provided in the Common Vulnerabilities and Exposures (CVE) report In addition, it is difficult to identify the vulnerable kernel code from the exploitation results in the kernel which indicates the account or the kernel suspension information. To identify the details of kernel vulnerability, we propose a vulnerable kernel code tracer (vkTracer), which uses an alternative viewpoint using proof-of-concept (PoC) code to create a profile of kernel vulnerability. vkTracer traces the user process of the PoC code and the running kernel to hook the invocation of the vulnerable kernel code. Moreover, vkTracer extracts the whole kernel component's information using the running and static kernel image and debug section. This ensures that vkTracer identifies the virtual address range and function name of the invoked kernel code from the traced user process; a profile of kernel vulnerability is then created. The evaluation results indicate that vkTracer could trace PoC code execution (e.g., privilege escalation or DoS), identify vulnerable kernel code, and generate a kernel vulnerability profile. Additionally, vkTracer could trace the kernel code of system call invocation regarding CVE information. Furthermore, the implementation of vkTracer reveals that the identification overhead ranges from 5.2683 s to 5.2728 s on the PoC codes and the acceptable system call latency is 3.7197 μs. Moreover, vkTracer represents 0.37% and 0.56% of the dynamic kernel tracing overhead for the web client program access overhead of 100,000 Hypertext Transfer Protocol sessions.\n------------------------------\nThis is a preprint of an article intended for publication Journal of\nInformation Processing(JIP). This preprint should not be cited. This\narticle should be cited as: Journal of Information Processing Vol.31(2023) (online)\nDOI　http://dx.doi.org/10.2197/ipsjjip.31.788\n------------------------------","subitem_description_type":"Other"}]},"item_2_biblio_info_10":{"attribute_name":"書誌情報","attribute_value_mlt":[{"bibliographic_titles":[{"bibliographic_title":"情報処理学会論文誌"}],"bibliographicIssueDates":{"bibliographicIssueDate":"2023-12-15","bibliographicIssueDateType":"Issued"},"bibliographicIssueNumber":"12","bibliographicVolumeNumber":"64"}]},"relation_version_is_last":true,"weko_creator_id":"44499"},"id":231545}