The Security War in File Systems: An Empirical Study from A Vulnerability-Centric Perspective

TL;DR

This paper systematically analyzes 377 file system vulnerabilities over 20 years from a vulnerability-centric perspective, providing insights into attack surfaces, threats, and mitigation practices to improve future security.

Contribution

It offers a comprehensive characterization of file system vulnerabilities, revealing patterns and practices that can inform better security measures and future development.

Findings

Identified common causes of vulnerabilities

Analyzed exploitation methods and consequences

Provided recommendations for mitigation strategies

Abstract

This paper presents a systematic study on the security of modern file systems, following a vulnerability-centric perspective. Specifically, we collected 377 file system vulnerabilities committed to the CVE database in the past 20 years. We characterize them from four dimensions that include why the vulnerabilities appear, how the vulnerabilities can be exploited, what consequences can arise, and how the vulnerabilities are fixed. This way, we build a deep understanding of the attack surfaces faced by file systems, the threats imposed by the attack surfaces, and the good and bad practices in mitigating the attacks in file systems. We envision that our study will bring insights towards the future development of file systems, the enhancement of file system security, and the relevant vulnerability mitigating solutions.