{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,25]],"date-time":"2025-03-25T14:33:27Z","timestamp":1742913207595,"version":"3.40.3"},"publisher-location":"Cham","reference-count":31,"publisher":"Springer Nature Switzerland","isbn-type":[{"type":"print","value":"9783031757563"},{"type":"electronic","value":"9783031757570"}],"license":[{"start":{"date-parts":[[2024,10,17]],"date-time":"2024-10-17T00:00:00Z","timestamp":1729123200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2024,10,17]],"date-time":"2024-10-17T00:00:00Z","timestamp":1729123200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2025]]},"DOI":"10.1007\/978-3-031-75757-0_10","type":"book-chapter","created":{"date-parts":[[2024,10,22]],"date-time":"2024-10-22T11:03:12Z","timestamp":1729594992000},"page":"190-208","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["A Lightweight Defense Scheme Against Usermode Helper Privilege Escalation Using Linux Capability"],"prefix":"10.1007","author":[{"given":"Jingzi","family":"Meng","sequence":"first","affiliation":[]},{"given":"Yuewu","family":"Wang","sequence":"additional","affiliation":[]},{"given":"Lingguang","family":"Lei","sequence":"additional","affiliation":[]},{"given":"Chunjing","family":"Kou","sequence":"additional","affiliation":[]},{"given":"Peng","family":"Wang","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2024,10,17]]},"reference":[{"key":"10_CR1","unstructured":"PrivGuard: Protecting Sensitive Kernel Data From Privilege Escalation Attacks | IEEE Journals & Magazine | IEEE Xplore (2018)"},{"key":"10_CR2","doi-asserted-by":"publisher","unstructured":"Akritidis, P., Cadar, C., Raiciu, C., Costa, M., Castro, M.: Preventing memory error exploits with WIT. In: 2008 IEEE Symposium on Security and Privacy (sp 2008), pp. 263\u2013277 (2008). https:\/\/doi.org\/10.1109\/SP.2008.30. iSSN: 2375-1207","DOI":"10.1109\/SP.2008.30"},{"key":"10_CR3","unstructured":"Castro, M., Costa, M., Harris, T.: Securing software by enforcing data-flow integrity (2006)"},{"key":"10_CR4","doi-asserted-by":"publisher","unstructured":"Chen, Q., Azab, A.M., Ganesh, G., Ning, P.: Privwatcher: non-bypassable monitoring and protection of process credentials from memory corruption attacks. In: Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security, ASIA CCS 2017, pp. 167-178. Association for Computing Machinery, New York (2017). https:\/\/doi.org\/10.1145\/3052973.3053029","DOI":"10.1145\/3052973.3053029"},{"key":"10_CR5","unstructured":"CVE-2022-0492 (2022). https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2022-0492"},{"key":"10_CR6","unstructured":"CVE-2022-0847 (2022). https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2022-0847"},{"key":"10_CR7","unstructured":"CVE-2023-0179 (2023). https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2023-0179"},{"key":"10_CR8","unstructured":"Dirty COW Vulnerability (2016). https:\/\/en.wikipedia.org\/wiki\/Dirty_COW"},{"key":"10_CR9","unstructured":"Exploit database (2024). https:\/\/www.exploit-db.com\/"},{"key":"10_CR10","unstructured":"First public implementation of usermode helper in LinuxKit (2017). https:\/\/github.com\/linuxkit\/linuxkit\/blob\/master\/pkg\/init\/usermode-helper.c"},{"key":"10_CR11","doi-asserted-by":"publisher","unstructured":"Hasan, M.M., Ghavamnia, S., Polychronakis, M.: Decap: deprivileging programs by reducing their capabilities. In: Proceedings of the 25th International Symposium on Research in Attacks, Intrusions and Defenses, RAID 2022, pp. 395\u2013408. Association for Computing Machinery, New York (2022). https:\/\/doi.org\/10.1145\/3545948.3545978","DOI":"10.1145\/3545948.3545978"},{"key":"10_CR12","doi-asserted-by":"publisher","unstructured":"Kang, H., Kim, J., Shin, S.: MiniCon: automatic enforcement of a minimal capability set for security-enhanced containers. In: 2021 IEEE International IOT, Electronics and Mechatronics Conference (IEMTRONICS), pp.\u00a01\u20135 (2021). https:\/\/doi.org\/10.1109\/IEMTRONICS52119.2021.9422529","DOI":"10.1109\/IEMTRONICS52119.2021.9422529"},{"key":"10_CR13","doi-asserted-by":"publisher","unstructured":"Kuzuno, H., Yamauchi, T.: KDRM: kernel data relocation mechanism to mitigate privilege escalation attack. In: Li, S., Manulis, M., Miyaji, A. (eds.) Network and System Security, pp. 61\u201376. Springer, Cham (2023). https:\/\/doi.org\/10.1007\/978-3-031-39828-5_4","DOI":"10.1007\/978-3-031-39828-5_4"},{"key":"10_CR14","doi-asserted-by":"publisher","unstructured":"Lee, S., Seo, J., Nam, J., Shin, S.: Poster: TCLP: enforcing least privileges to prevent containers from kernel vulnerabilities. In: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, CCS 2019, pp. 2665\u20132667. Association for Computing Machinery, New York (2019). https:\/\/doi.org\/10.1145\/3319535.3363282","DOI":"10.1145\/3319535.3363282"},{"key":"10_CR15","doi-asserted-by":"publisher","unstructured":"Lin, X., Lei, L., Wang, Y., Jing, J., Sun, K., Zhou, Q.: A measurement study on linux container security: attacks and countermeasures. In: Proceedings of the 34th Annual Computer Security Applications Conference, ACSAC 2018, pp. 418\u2013429. Association for Computing Machinery, New York (2018). https:\/\/doi.org\/10.1145\/3274694.3274720","DOI":"10.1145\/3274694.3274720"},{"key":"10_CR16","unstructured":"Linux kernel exploitation (2024). https:\/\/github.com\/xairy\/linux-kernel-exploitation?tab=readme-ov-file#lpe"},{"key":"10_CR17","unstructured":"Linux kernel (operating system) : Product details, threats and statistics (2024). https:\/\/www.cvedetails.com\/product\/47\/Linux-Linux-Kernel.html?vendor_id=33"},{"key":"10_CR18","unstructured":"LLVM Project (2023). https:\/\/llvm.org\/"},{"key":"10_CR19","doi-asserted-by":"publisher","unstructured":"Maar, L., Schwarzl, M., Rauscher, F., Gruss, D., Mangard, S.: Dope: domain protection enforcement with pks. In: Proceedings of the 39th Annual Computer Security Applications Conference, ACSAC 2023, pp. 662\u2013676. Association for Computing Machinery, New York (2023). https:\/\/doi.org\/10.1145\/3627106.3627113","DOI":"10.1145\/3627106.3627113"},{"key":"10_CR20","doi-asserted-by":"publisher","unstructured":"Proskurin, S., Momeu, M., Ghavamnia, S., Kemerlis, V.P., Polychronakis, M.: xMP: selective memory protection for kernel and user space. In: 2020 IEEE Symposium on Security and Privacy (SP), pp. 563\u2013577 (2020). https:\/\/doi.org\/10.1109\/SP40000.2020.00041. iSSN: 2375-1207","DOI":"10.1109\/SP40000.2020.00041"},{"key":"10_CR21","unstructured":"Rostedt, S., Oltmanns, E., Dunlap, R., Morton, A., Kacur, J., Teigland, D.: ftrace - function tracer (2017). https:\/\/www.kernel.org\/doc\/html\/v4.17\/trace\/ftrace.html"},{"key":"10_CR22","unstructured":"Smith, B., Grehan, R., Yager, T., Niemi, D.C., Voellm, A.F.: Byte-unixbench: a unix benchmark suite. Technical report (2011)"},{"key":"10_CR23","doi-asserted-by":"crossref","unstructured":"Song, C., Lee, B., Lu, K., Harris, W.R., Kim, T., Lee, W.: Enforcing kernel security invariants with data flow integrity. In: Proceedings of the 2016 Annual Network and Distributed System Security Symposium (NDSS), San Diego, CA (2016)","DOI":"10.14722\/ndss.2016.23218"},{"key":"10_CR24","doi-asserted-by":"crossref","unstructured":"Srivastava, A., Giffin, J.: Efficient protection of kernel data structures via object partitioning. In: Proceedings of the 28th Annual Computer Security Applications Conference, ACSAC 2012, pp. 429\u2013438. Association for Computing Machinery, New York (2012)","DOI":"10.1145\/2420950.2421012"},{"key":"10_CR25","doi-asserted-by":"publisher","unstructured":"Sun, M., Song, Z., Ren, X., Wu, D., Zhang, K.: LiCA: a fine-grained and path-sensitive linux capability analysis framework. In: Proceedings of the 25th International Symposium on Research in Attacks, Intrusions and Defenses, RAID 2022, pp. 364\u2013379. Association for Computing Machinery, New York (2022). https:\/\/doi.org\/10.1145\/3545948.3545966","DOI":"10.1145\/3545948.3545966"},{"key":"10_CR26","unstructured":"The userspace side of Linux\u2019 CONFIG_STATIC_USERMODEHELPER (2019). https:\/\/github.com\/tych0\/huldufolk\/tree\/master"},{"key":"10_CR27","unstructured":"Wang, Z., Chen, Y., Zeng, Q.: PET: prevent discovered errors from being triggered in the linux kernel. In: 32nd USENIX Security Symposium (USENIX Security 2023), pp. 4193\u20134210. USENIX Association, Anaheim (2023). https:\/\/www.usenix.org\/conference\/usenixsecurity23\/presentation\/wang-zicheng"},{"key":"10_CR28","doi-asserted-by":"publisher","unstructured":"Wei, L., Zuo, Y., Ding, Y., Dong, P., Huang, C., Gao, Y.: Security identifier randomization: a method to prevent kernel privilege-escalation attacks. In: 2016 30th International Conference on Advanced Information Networking and Applications Workshops (WAINA), pp. 838\u2013842 (2016). https:\/\/doi.org\/10.1109\/WAINA.2016.19","DOI":"10.1109\/WAINA.2016.19"},{"issue":"4","key":"10_CR29","doi-asserted-by":"publisher","first-page":"461","DOI":"10.1007\/s10207-020-00514-7","volume":"20","author":"T Yamauchi","year":"2021","unstructured":"Yamauchi, T., Akao, Y., Yoshitani, R., Nakamura, Y., Hashimoto, M.: Additional kernel observer: privilege escalation attack prevention mechanism focusing on system call privilege changes. Int. J. Inf. Secur. 20(4), 461\u2013473 (2021). https:\/\/doi.org\/10.1007\/s10207-020-00514-7","journal-title":"Int. J. Inf. Secur."},{"key":"10_CR30","unstructured":"Zhang, T., Shen, W., Lee, D., Jung, C., Azab, A.M., Wang, R.: PeX: a permission check analysis framework for linux kernel. In: Proceedings of the 28th USENIX Security Symposium, pp. 1205\u20131220 (2019). https:\/\/www.usenix.org\/conference\/usenixsecurity19\/presentation\/zhang-tong"},{"key":"10_CR31","doi-asserted-by":"publisher","unstructured":"Zhou, M., et al.: Container privilege escalation and escape detection method based on security-first architecture. In: 2023 IEEE International Conference on High Performance Computing & Communications, Data Science & Systems, Smart City & Dependability in Sensor, Cloud & Big Data Systems & Application (HPCC\/DSS\/SmartCity\/DependSys), pp. 490\u2013498 (2023). https:\/\/doi.org\/10.1109\/HPCC-DSS-SmartCity-DependSys60770.2023.00073","DOI":"10.1109\/HPCC-DSS-SmartCity-DependSys60770.2023.00073"}],"container-title":["Lecture Notes in Computer Science","Information Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-75757-0_10","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,10,22]],"date-time":"2024-10-22T11:05:01Z","timestamp":1729595101000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-75757-0_10"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,10,17]]},"ISBN":["9783031757563","9783031757570"],"references-count":31,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-75757-0_10","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2024,10,17]]},"assertion":[{"value":"17 October 2024","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"ISC","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Information Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Arlington, VA","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"USA","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2024","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"24 October 2024","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"26 October 2024","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"27","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"isw2024","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/isc24.cs.gmu.edu\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}