A Large-Scale Study on Vulnerabilities in Linux using Vtopia

被引：0

作者：

Shao, Yanjie ^{[1
]}

Wu, Yanjun ^{[1
]}

Yang, Mutian ^{[2
]}

Luo, Tianyue ^{[1
]}

Wu, Jingzheng ^{[1
]}

机构：

[1] Chinese Acad Sci, Inst Software, Beijing, Peoples R China

[2] Beijing ZhongKeWeiLan Technol Co Ltd, Beijing, Peoples R China

来源：

2021 21ST INTERNATIONAL CONFERENCE ON SOFTWARE QUALITY, RELIABILITY AND SECURITY COMPANION (QRS-C 2021) | 2021年

基金：

中国国家自然科学基金;

关键词：

study; Linux; operating system; security; vulnerabilities; Vtopia;

D O I：

10.1109/QRS-C55045.2021.00157

中图分类号：

TP31 [计算机软件];

学科分类号：

081202 ; 0835 ;

摘要：

As the controller of software and hardware resources, the operating system is the cornerstone of the normal operation of the entire computer system, and its safety is of utmost importance. Since vulnerabilities are one of the main causes of security problems, in this paper, we choose to study the security of the OS mainly from the perspective of vulnerabilities. To this end, we design a system called Vtopia. By using it, we not only identify and analyze the vulnerabilities of 150 Linux OSes, but also explore the correlation between system security and some other features of Linux. The experiments have yielded many valuable findings. For example, Gentoo system generally has the most vulnerabilities, while illuestar has the least. There is no obvious correlation between the number of software and the number of vulnerabilities in the systems.

引用

页码：1033 / 1042

页数：10

共 50 条

[1] Large-Scale Analysis of Format String Vulnerabilities in Debian Linux
Chen, Karl
Wagner, David
[J]. PLAS'07: PROCEEDINGS OF THE 2007 ACM SIGPLAN WORKSHOP ON PROGRAMMING LANGUAGES AND ANALYSIS FOR SECURITY, 2007, : 75 - 84
[2] A Large-Scale Study on the Security Vulnerabilities of Cloud Deployments
Iosif, Andrei-Cristian
Gasiba, Tiago Espinha
Zhao, Tiange
Lechner, Ulrike
Pinto-Albuquerque, Maria
[J]. UBIQUITOUS SECURITY, 2022, 1557 : 171 - 188
[3] The Secret Life of Software Vulnerabilities: A Large-Scale Empirical Study
Iannone, Emanuele
Guadagni, Roberta
Ferrucci, Filomena
De Lucia, Andrea
Palomba, Fabio
[J]. IEEE TRANSACTIONS ON SOFTWARE ENGINEERING, 2023, 49 (01) : 44 - 63
[4] PDGraph: A Large-Scale Empirical Study on Project Dependency of Security Vulnerabilities
Li, Qiang
Song, Jinke
Tan, Dawei
Wang, Haining
Liu, Jiqiang
[J]. 51ST ANNUAL IEEE/IFIP INTERNATIONAL CONFERENCE ON DEPENDABLE SYSTEMS AND NETWORKS (DSN 2021), 2021, : 161 - 173
[5] Performance analysis tools for large-scale linux clusters
Cvetanovic, Z
[J]. 2004 IEEE INTERNATIONAL CONFERENCE ON CLUSTER COMPUTING, 2004, : 361 - 369
[6] Administration tools for managing large-scale Linux cluster
Manabe, A
Kawabata, S
[J]. NUCLEAR INSTRUMENTS & METHODS IN PHYSICS RESEARCH SECTION A-ACCELERATORS SPECTROMETERS DETECTORS AND ASSOCIATED EQUIPMENT, 2003, 502 (2-3): : 475 - 477
[7] Industrial Experience of Finding Cryptographic Vulnerabilities in Large-scale Codebases
Xiao, Ya
Zhao, Yang
Allen, Nicholas
Keynes, Nathan
Yao, Danfeng Daphne
Cifuentes, Cristina
[J]. DIGITAL THREATS: RESEARCH AND PRACTICE, 2023, 4 (01):
[8] DongTing: A large-scale dataset for anomaly detection of the Linux kernel
Duan, Guoyun
Fu, Yuanzhi
Cai, Minjie
Chen, Hao
Sun, Jianhua
[J]. JOURNAL OF SYSTEMS AND SOFTWARE, 2023, 203
[9] Large-Scale Empirical Study of Important Features Indicative of Discovered Vulnerabilities to Assess Application Security
Zhang, Mengyuan
de Carnavalet, Xavier de Carne
Wang, Lingyu
Ragab, Ahmed
[J]. IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, 2019, 14 (09) : 2315 - 2330
[10] Understanding the Origins of Mobile App Vulnerabilities: A Large-scale Measurement Study of Free and Paid Apps
Watanabe, Takuya
Akiyama, Mitsuaki
Kanei, Funinhiro
Shioji, Eitaro
Takata, Yuta
Sun, Bo
Ishi, Yuta
Shibahara, Toshiki
Yagi, Takeshi
Mori, Tatsuya
[J]. 2017 IEEE/ACM 14TH INTERNATIONAL CONFERENCE ON MINING SOFTWARE REPOSITORIES (MSR 2017), 2017, : 14 - 24

← 1 2 3 4 5 →