Sumup:There are some papers, articles and materials about kernel security.
Keep updating...
(1)2015-CCS:From collision to exploitation_ Unleashing Use-After-Free vulnerabilities in Linux Kernel
(2)2017-NDSS:Unleashing Use-Before-Initialization Vulnerabilities in the Linux Kernel Using Targeted Stack Spraying note
(3)2018-USENIX:FUZE-Towards Facilitating Exploit Generation for Kernel Use-After-Free Vulnerabilities note
(4)2019-USENIX:KEPLER-Facilitating Control-flow Hijacking Primitive Evaluation for Linux Kernel Vulnerabilities note
(5)2019-CCS:SLAKE-Facilitating Slab Manipulation for Exploiting Vulnerabilities in the Linux Kernel-CCS2019 note
(1)2014-Black Hat:QSEE TrustZone Kernel Integer Overflow
(2)2014-USENIX:SKI:Exposing Kernel Concurrency Bugs through Systematic Schedule Exploration
(3)2016-USENIX:UniSan-Proactive Kernel Memory Initialization to Eliminate Data Leakages
(4)2017-USENIX:CAB-Fuzz:Practical Concolic Testing Techniques for {COTS} Operating Systems
(5)2017-CCS:DIFUZE-Interface Aware Fuzzing for Kernel Drivers note
(6)2017-USENIX:Digtool- A Virtualization-Based Framework for Detecting Kernel Vulnerabilities-usenix note
(7)2017-USENIX:How Double-Fetch Situations turn into DoubleFetch
(8)2017-USENIX:DR. CHECKER- A Soundy Analysis for Linux Kernel Drivers
(9)2017-USENIX:kAFL- Hardware-Assisted Feedback Fuzzing for OS Kernels-usenix note
(10)2018-S&P:DEADLINE-Precise and Scalable Detection of Double-Fetch Bugs in OS Kernels note
(11)2018-CCS:Check It Again- Detecting Lacking-Recheck Bugs in OS Kernels note
(12)2018-USENIX:MoonShine:Optimizing OS Fuzzer Seed Selection with Trace Distillation note
(13)2019-S&P:LBM- A Security Framework for Peripherals within the Linux Kernel
(14)2019-S&P:Razzer:Finding Kernel Race Bugs through Fuzzing note
(15)2019-WOOT:Unicorefuzz- On the Viability of Emulation for Kernelspace Fuzzing
(16)2019-FSE:Detecting Concurrency Memory Corruption Vulnerabilities
(17)2019-S&P:Fuzzing File Systems via Two-Dimensional Input Space Exploration note
(18)2019-USENIX:Detecting Missing-Check Bugs via Semantic- and Context-Aware Criticalness and Constraints Inferences
(19)2019-NDSS:PeriScope:An Effective Probing and Fuzzing Framework for the Hardware-OS Boundary note
2017-USENIX:CAn’t Touch This: Software-only Mitigation against Rowhammer Attacks targeting Kernel Memory
2017-USENIX:Oscar: A Practical Page-Permissions-Based Scheme for Thwarting Dangling Pointers
2019-USENIX:PeX: A Permission Check Analysis Framework for Linux Kernel
2019-USENIX:ERIM: Secure, Efficient In-process Isolation with Protection Keys (MPK)
2019-USENIX:SafeHidden: An Efficient and Secure Information Hiding Technique Using Re-randomization
2017-USENIX:Oscar: A Practical Page-Permissions-Based Scheme for Thwarting Dangling Pointers
- linux内核漏洞利用初探(1):环境配置
- linux内核漏洞利用初探(2):demo-null_dereference
- linux内核漏洞利用初探(3):demo-stack_overflow
- 【Linux内核漏洞利用】2018强网杯core_栈溢出
- 【Linux内核漏洞利用】CISCN2017-babydriver_UAF漏洞
- 【Linux内核漏洞利用】0CTF2018-baby-double-fetch
- 【Linux内核漏洞利用】强网杯2018-solid_core-任意读写
- 【linux内核漏洞利用】StringIPC—从任意读写到权限提升三种方法
- 【linux内核漏洞利用】STARCTF 2019 hackme—call_usermodehelper提权路径变量总结
- 【linux内核漏洞利用】WCTF 2018 klist—竞争UAF-pipe堆喷
- 【linux内核漏洞利用】TokyoWesternsCTF-2019-gnote Double-Fetch
- 【linux内核userfaultfd使用】Balsn CTF 2019 - KrazyNote
- linux内核提权系列教程(1):堆喷射函数sendmsg与msgsend利用
- linux内核提权系列教程(2):任意地址读写到提权的4种方法
- linux内核提权系列教程(3):栈变量未初始化漏洞
- Linux kernel 4.20 BPF 整数溢出漏洞分析
- 【CVE-2017-16995】Linux ebpf模块整数扩展问题导致提权漏洞分析
- 【CVE-2017-7184】Linux xfrm模块越界读写提权漏洞分析