Google wants to make Linux kernel flaws harder to exploit

tech-workers-digital-jobs-team-programmer-developer-deisgn-hinterhaus.jpg

Image: Hinterhaus Productions/ GETTY

Google says it uses Linux in “almost everything” from Chromebooks to the cloud. Now it is increasing its rewards for security researchers who can spot flaws in the open source operating system.

Since 2020, Google has run an open-source Kubernetes-based Capture-the-Flag (CTF) project called kCTF which allows researchers connect to its Google Kubernetes Engine (GKE) instances, and try to hack them to capture a flag. Every ‘flag’ caught so far has been a container breakout through a Linux kernel vulnerability.

Now Google has built a set of mitigations it believes will make most of the vulnerabilities and exploits it has received this past year more difficult to exploit. 

Google said it is offering up to $133,337 to hackers who can beat these mitigations.

Now it’s offering an extra $21,000 for new exploits that compromise the latest Linux kernel and another $21,000 for hackers who can “clearly” bypass its experimental exploit mitigations in its custom instance. This brings total rewards up to a maximum of $133,337. 

The kCTF program emphasizes finding new exploits against the kernel rather than new vulnerabilities. Google is keen to develop protections for the Linux kernel, which is used in Android, Chromebook and in Google Cloud workloads.  

Google is also now offering $20,000 to $91,337 for new kernel exploits indefinitely after introducing this reward range on a temporary basis in February. 

“Rather than simply learning about the current state of the stable kernels, the new instances will be used to ask the community to help us evaluate the value of both our latest and more experimental security mitigations,” says Google’s Eduadro Vela. 

“With the kCTF VRP program, we are building a pipeline to analyze, experiment, measure and build security mitigations to make the Linux kernel as safe as we can with the help of the security community. We hope that, over time, we will be able to make security mitigations that make exploitation of Linux kernel vulnerabilities as hard as possible.”

For all the latest Technology News Click Here 

 For the latest news and updates, follow us on Google News

Read original article here

Denial of responsibility! TechNewsBoy.com is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.