TUM Logo

Measuring the Linux Kernel Attack Surface

Measuring the Linux Kernel Attack Surface

Supervisor(s): Felix Wruck, Dr. Michael Weiß
Status: finished
Topic: Linux stuff
Author: Petra Peuker
Submission: 2021-03-15
Type of Thesis: Bachelorthesis
Thesis topic in co-operation with the Fraunhofer Institute for Applied and Integrated Security AISEC, Garching


The Linux kernel as the interface between hardware and software plays an important role in computer systems and their security. To quantify the attack surface of this great system, code quality metrics were supposed to be suited for this measurement, although these metrics were not designed for measuring vulnerability. Hence, this thesis aims to answer the question whether these metrics are suitable to measure the vulnerability and thus to measure the attack surface of the Linux kernel.

We consider the system calls that cover a common entry point into the kernel and generate their call graphs. To determine the vulnerability of each system call, we analyzed a vulnerability database and mapped the security flaws to the functions of the system calls. The system calls are also measured with code quality metrics and the strength of the correlation with the vulnerability is identified with the Spearman rank correlation coefficient. This showed a statistically significant and strong correlation between most of the considered code quality metrics and the number of known vulnerabilities up to including kernel versions 4.x. Due to the low discovery rate in the more recent versions, we can only assume a strong correlation for versions 5.x. Finally, these results indicated the suitability of the code quality metrics to measure the attack surface of the Linux kernel up to version 4.x.