Google plans to make the Kernel Flaws custom through ‘Experimental Mitigations’ that could make it difficult for hackers to breach.
Google says it uses Linux for pretty much everything, from the cloud system to Chromebooks. Now, the company focuses on putting together a team of security researchers so they can identify the flaws within this open-source OS.
Google has been operating a Kubernetes-based, open-source ‘Capture-the-Flag’ (CTF) program called kCTF. This program allows the safety researchers to connect to the Google Kubernetes Engine (GKE), making it easier for them to catch a hacking flag. Every ‘flag’ captured ended up being a security breakout from a vulnerability of the Linux kernel.
Google develops harder-to-exploit restrictions
As a result, Google has designed a set of restrictions that it thinks will make every breach and breakout nearly impossible to exploit. Moreover, Google has announced that it will offer around $133,337 prize to any hacker who can get past these restrictions successfully.
After the reveal, Google increased the offering by adding an extra amount of $21,000 if someone highlights the new kernel exploits instead of the new vulnerabilities. Google seems to be deeply interested in developing security protections for its Linux kernel, used in Google Cloud, Android, and Chromebook.
“With the kCTF VRP program, we are building a pipeline to analyze, experiment, measure and build security mitigations to make the Linux kernel as safe as we can with the help of the security community”, said Eduardo Vela, security researcher from Google’s Product Security Response Team. “We hope that, over time, we will be able to make security mitigations that make exploitation of Linux kernel vulnerabilities as hard as possible.”