Earn Your Business Degree, Tuition-Free, 100% Online!
2,000+ Free Courses with Certificates: Coding, AI, SQL, and More
Overview
Google, IBM & Meta Certificates – 40% Off
One plan covers every Professional Certificate on Coursera.
Unlock All Certificates
Learn about KernJC, an automated tool for generating vulnerable environments for Linux kernel vulnerabilities in this 32-minute Black Hat conference presentation. Discover how researchers from the National University of Singapore address critical challenges in kernel vulnerability reproduction by developing innovative patch-based and graph-based approaches. Explore the difficulties in establishing effective vulnerable environments, including incorrect vulnerability version claims in online databases and the need for intricate non-default kernel configurations that are often undocumented. Understand how KernJC's patch-based method identifies genuinely vulnerable kernel versions while its graph-based approach determines necessary configurations for activating specific vulnerabilities. Examine the comprehensive evaluation conducted on 66 representative real-world vulnerabilities from the past five years, revealing that 48.5% require non-default configurations and 4 have incorrect version claims in the National Vulnerability Database. Gain insights into the large-scale spurious version detection that identified 128 vulnerabilities with incorrect version claims in NVD, and learn about the tool's open-source release and accompanying dataset designed to foster future research in kernel security.
Syllabus
KernJC: Automated Vulnerable Environment Generation for Linux Kernel Vulnerabilities
Taught by
Black Hat