linux research paper

ONE Summit 2024 - April 29 - May 1, San Jose, CA  LEARN MORE

LINUX FOUNDATION RESEARCH

We’re investigating the impact of open source collaboration to solve the world’s most pressing challenges..

About LF Research

Featured research: open source for sustainability.

Linux Foundation Research set out to understand how the open source community has advanced the United Nations' Sustainable Development Goals (SDGs), conducting a comprehensive study of the LF’s diverse portfolio of projects.

Interested in conducting research?

Review our prospectus for more information, and email us at [email protected]

Explore Linux Foundation Research and Publications

Discover the Linux Foundation’s most recent collection of short- and long-form research and publications on open source topics of interest.

2024 State of Tech Talent Report

LF Research and LF Training & Certification partnered again this year to study trends in the technical talent market, surveying individuals responsible for hiring and training IT professionals.

Cloud Native 2023: The Undisputed Infrastructure of Global Technology

Cloud Native Computing Foundation (CNCF)'s Annual Survey represents an important marker in time to understand trends in the cloud native community. CNCF partnered with LF Research once again to develop its 2023 study, measuring adoption, understanding motivations for use and contribution, and forecasting new opportunities.

The State of eBPF

Learn how to make the most of eBPF's offerings and how you can get involved with the project to support its growth and continuous improvement.

Maintainer Perspectives on Open Source Software Security

As we look to build out tooling and practices that increase software security, how do we make sure that these tools empower maintainers, and not add additional burden? This research tackles this question, surveying the practices, challenges, and expectations of maintainers across the open source community.

2023 Open Source Generative AI Survey Report

With the explosion in generative AI, the Linux Foundation wanted to understand how the technology is being adopted at an organization level and the benefits and challenges of an open source solution in comparison to closed source.

Open Source License Compliance

From comprehensive software composition analysis tools to promoting the right development culture, read more about how to effectively address these challenges in the full report!

Hyperledger Foundation 2023 Brand Study

The aim of this project was to measure perceptions of the enterprise-grade blockchain technology market, with a specific focus on Hyperledger technologies’ place in this market.

Standing Together on Shared Challenges: Report on the 2023 Open Source Congress

Read the full report to learn about open source leaders' reflections on priority areas, opportunities, and next steps for the community!

World of Open Source: Japan Spotlight 2023

This report gleans its insight from the 2023 World of Open Source survey data we collected from Japanese respondents, analyzing the region’s specific trends in open source adoption, use, and contributions.

The 2023 State of Open Source in Financial Services

In its third year, the annual FINOS research report analyzes quantitative and qualitative data to understand industry-wide trends in open source adoption, from banking, to asset management, to hedge funds.

World of Open Source: Global Spotlight 2023

This report covers a wide range of opportunities and concerns related to open source around the world, with insights collected from the global survey launched earlier this year. This report incorporates a regional comparison of open source adoption, contribution, value propositions, and sustainability.

A New Direction for the Mobile Industry

This research report, sponsored by Futurewei and in partnership with numerous open source projects, features interviews from subject matter experts to understand the current state of the mobile industry, the challenges this industry faces, and how these challenges could be addressed by open sourcing the mobile technology stack.

World of Open Source: Europe Spotlight 2023

This report covers a range of open source trends, opportunities, and concerns in Europe and provides data-backed conclusions to help the ecosystem unlock even greater value from open source.

The European Public Sector Open Source Opportunity

While the EU increasingly recognizes the value of open source, the public sector is still behind in embracing open source software, with little contribution to the ecosystem and policymaking that inhibits its potential. This report examines the present-day trends, challenges, and opportunities for OSS adoption in this sector.

The 2023 State of OSPOs and OSS Initiatives

Earlier this year, the TODO Group partnered with Linux Foundation Research to run its sixth annual state of the OSPO survey. Survey data was collected from participants in a wide variety of job roles, companies, industries, and geographies, with the goal of capturing a global view of OSPOs.

Open Source for Sustainability

Open source maintainers.

The software that powers so much of our technology infrastructure would not be possible without the individuals who maintain them. To understand more about this group of individuals and to capture their experiences, observations, and success stories, the Linux Foundation interviewed some of the community’s most influential maintainers.

The 2023 State of Open Standards

This report synthesizes findings from a survey that asked LF and survey partner communities about their involvement in standards, the value of and growth in standards, and what challenges they have experienced in this practice.

2023 Energy Transformation Readiness Study

The Linux Foundation Energy set out on a mission to transform the energy sector through open source investment and collaboration. This survey-based research furthers this cause by exploring the adoption of open source technology stacks vital to achieving climate targets.

The Open Source Opportunity for Microgrids

Microgrids are small and independent energy generation and storage systems that connect to traditional utility grids. Linux Foundation Research partnered with Futurewei, LF Energy, and Intentional Futures to research the state of open source in the microgrids market.

2023 State of Tech Talent Report

Linux Foundation Research partnered with LF Training and Certification for its annual talent report, this time from the perspective of hiring managers. An insightful tool for organizations, developers, and hiring managers, this report sheds light on the priorities, challenges, and changes that this year brings to the tech workforce.

Recommended Practices for Hosting and Managing Open Source Projects on GitHub

This report is a reflection on the power of GitHub to manage open source projects. It is based on a compilation of best practices to help developers enhance project engagement, understandability, and organization.

The Business Value of the OSPO

Why are Open Source Program Offices (OSPOs) valuable from a business perspective? This qualitative study takes the reader through different value propositions that OSPO champions can use to connect OSPOs to business objectives, as well as the challenges to expect on an OSPO's journey.

Open Source Innovation as a Potential Lever for Economic Recovery

As the third installment in our World of Open Source series, this report takes a global view of open source, investigating its role in economic recovery across sectors and geographies.

Measuring the Economic Value of Open Source

Professor Henry Chesbrough, a pioneer on the subject of open innovation, conducted a survey to measure the economic value of open source, analyzing where and to what extent companies experience benefits of open source adoption. This report explores the perceived economic benefits of open source software.

Why the World Needs an Open Source Digital Wallet Right Now

The Open Wallet Foundation (OWF) was formed to support the development of wallets that are portable, secure, and that anyone can use. This whitepaper traces the origins of digital wallets, the opportunities and obstacles in this area of development, and where the OWF comes in.

Web3 and Sustainability

The promise of digital asset ownership and transfer through Web3 technologies has been countered with concern for its significant energy consumption. To manage this sustainability issue while still encouraging innovation requires collective action on technology, tracking, and policy. This report summarizes three areas of action.

A Road Map to Improve the Effectiveness and Impact of Enterprise Open Source Development

As open source continues to grow at the enterprise level, there is increasing recognition of the challenges inherent to enterprise open source consumption and contribution. This report covers several practices that enterprises can adopt to effectively participate in open source.

Enabling Global Collaboration: How Open Source Leaders Are Confronting the Challenges of Fragmentation

Today’s open source community is made up of millions of projects and contributors that are as diverse as they are numerous. This report takes an in-depth look at the benefits and costs of this fragmentation from the perspective of open source leaders around the world.

Mentorship in Open Source

Mentorship in Open Source examines the intrinsic, economic, and career value of mentorship programs throughout the technology industry and among open source organizations such as the Linux Foundation.

The 2022 State of Open Source in Financial Services

This report identifies the extent to which the financial services industry is increasingly active in open source. Further, the report highlights the obstacles and challenges to overcome in order to improve industry-wide collaboration and concludes with a set of actionable insights for improving the state of open source in financial services.

Data and Storage Trends 2022

In July 2022, the SODA Foundation, in partnership with Linux Foundation Research, launched a worldwide survey to understand evolving data and storage trends. This report uses survey data to guide end users and vendors on important issues, and helps them be better equipped to make decisions.

WebAssembly (Wasm) for Legal Professionals

WebAssembly is a technology currently gaining traction. This report functions as a starting point for a discussion about what open source license compliance for WebAssembly could look like and its potential for implementation in several ways.

Releasing Internal Code into a New Open Source Project: A Guide for Stakeholders

For companies that plan to open source proprietary code as a standalone open source project, this report is a vital resource, offering an overview of the process and identifying the critical elements that ensure the necessary tasks are properly captured and executed.

CTO Summit Report EU 2022: Resiliency in Multi-Cloud

Multi-Cloud resiliency means avoiding or mitigating an adverse event's impact and being ready for unexpected outcomes. In May 2022, the Linux Foundation and the CNCF hosted the first-ever Chief Technology Officer (CTO) Summit about Multi-Cloud resiliency, and how to achieve it. This report captures the significant findings of the Summit ...

World of Open Source: Europe Spotlight 2022

World of Open Source: Europe Spotlight 2022 explores the “state of open source” across Europe and builds a comprehensive picture by examining the current activity levels through consumption and contribution, inhibitors, motivators, and opportunities.

A Deep Dive into Open Source Program Offices: Structure, Roles, Responsibilities, and Challenges

Open source projects and initiatives provide enterprises with proven, successful models to collaborate with other organizations, create new technologies, and support the development of new communities. Organizations across many industries are establishing Open Source Program Offices (OSPOs) and staffing them with highly skilled individuals to ...

The 10th Annual Open Source Jobs Report

According to 93% of the hiring managers surveyed, open source talent is increasingly difficult to find. As a result, companies are now turning towards training their staff in new cloud automation, orchestration, and developer productivity tools to close that gap as much as possible. This year the Linux Foundation once again teamed up with edX to ...

Addressing Cybersecurity Challenges in Open Source Software

To help improve the state of software supply chain security, new research was conducted in partnership with the Open Source Security Foundation (OpenSSF), Snyk, the Eclipse Foundation, CNCF, and CI/CD Foundation as a means to help focus efforts in programming, incentives, and other resourcing to support the creation of more secure software. This ...

A Guide to Enterprise Open Source

Open source software (OSS) has transformed our world and become the backbone of our digital economy and the foundation of our digital world. Organizations are creating open source program offices (OSPOs) to manage their open source activities, from adopting OSS and compliance with applicable licenses to participating in open standards and ...

The Carbon Footprint of NFTs: Not All Blockchains Are Created Equal

Produced in partnership with Palm NFT Studio and the Hyperledger Foundation, this report lays out key climate-related barriers to NFTs and suggests some concrete strategies for embracing and building on the exciting innovations that NFTs enable. Adopting these strategies may unlock new opportunities for global collaborations and partnerships for ...

Artificial Intelligence and Data in Open Source

Artificial intelligence (AI) is no different from any other technology domain where OSS dominates. As with other industries, OSS adoption in the AI field has increased the use of open source in products and services, contributions to existing projects, the creation of projects fostering collaboration, and the development of new technologies. ...

Paving the Way to Battle Climate Change: How Two Utilities Embraced Open Source to Speed Modernization of the Electric Grid

Paving the Way to Battle Climate Change is a case study of how two large European distribution and transmission systems operators, the Netherlands’ Alliander and France’s RTE, adopted and contributed to three significant LF Energy projects, SEAPATH, CoMPAS, and OpenSTEF so that their electrical substations can become more modular, interoperable, ...

Open Source in Entertainment: How the Academy Software Foundation Creates Shared Value

Open Source in Entertainment: How the Academy Software Foundation Creates Value tells the story of the ASWF; how it came to be, where it came from, what it has achieved so far, and where it aims to go next. It is a story about engineers and leaders who collectively generate value by developing critical open source software that powers much of the ...

Census II of Free and Open Source Software — Application Libraries

Produced in partnership with Harvard Laboratory for Innovation Science (LISH) and the Open Source Security Foundation (OpenSSF), Census II is the second investigation into the widespread use of Free and Open Source Software (FOSS). The Census II effort utilizes data from partner Software Composition Analysis (SCA) companies including Snyk, the ...

The Evolution of the Open Source Program Office (OSPO)

Produced in partnership with the TODO Group, this report provides rich insight, direction, and tools to help implement an OSPO (Open Source Program Office) or an open source initiative within corporate, academic, or public sector environments. Readers will come away with an understanding of OSPO Stages and Archetypes (or personas), which drive ...

The State of Software Bill of Materials (SBOM) and Cybersecurity Readiness

The State of Software Bill of Materials (SBOM) and Cybersecurity Readiness, produced in partnership with SPDX, OpenChain, and OpenSSF, reports on the extent of organizational SBOM readiness and adoption and its significance to improving cybersecurity throughout the open source ecosystem. The study comes on the heels of the US Administration’s ...

Diversity, Equity, and Inclusion in Open Source

The Linux Foundation Report on Diversity, Equity, and Inclusion in Open Source in collaboration with 14 industry partners seeks to understand the demographics and dynamics concerning overall participation in open source communities and identify gaps to be addressed, all as a means to advancing inclusive cultures within open source environments. ...

Data and Storage Trends Report

This report reveals the top data and storage challenges faced by users, storage use trends, vendor product strategies, cloud storage use cases, and the important priorities for enterprises in the next three years and beyond. It was produced in partnership with the SODA Foundation, Cloud Native Computing Foundation, Storage Networking Industry ...

The State of Open Source in Financial Services Report

The first annual report, produced in partnership with FINOS, Scott Logic, Wipro, and GitHub, explores the state of open source in the financial services sector. The report identifies current levels of consumption and contribution of open source software and standards in this industry and the governance, cultural, and aspirational issues pertaining ...

9th Annual Open Source Jobs Report

Produced in partnership with edX, this report provides actionable insights on the state of open source talent that employers can use to inform their hiring, training, and diversity awareness efforts. It also provides IT professionals with clear insight on which skills are most marketable and how training and certification efforts benefit job ...

Hyperledger Brand Study

Over the summer of 2021, Linux Foundation Research undertook an independent survey to explore the state of the enterprise blockchain market and the Hyperledger brand. The research team collected quantitative and qualitative data from a broad community with knowledge of enterprise blockchain covering a range of topics, including familiarity with ...

• Advisory Board

Hilary Carter

SVP Research and Communications

Hilary Carter leads teams dedicated to the development of decision-useful research projects and digital communications that describe open source as a paradigm for mass collaboration at scale. Together, the Research and Communications department broadens the understanding of the impact of open source software, open hardware, open standards, and open data on business, government, and society.

Hilary’s career began in financial services with experiences in corporate finance, research and analysis, and global private banking. Her career pivoted to digital technology, where she focused on mobile communications and digital media consulting. Before joining the Linux Foundation, Hilary led a global, syndicated research institute focused on blockchain technology.

She earned an MSc in Management from the London School of Economics.

Stephen Hendrick

VP of Research

Steve Hendrick is VP of Linux Foundation Research. He has expertise in developing content and services to support product development, product positioning, marketing, business strategy, and messaging. Steve is a subject matter expert in application development and deployment topics, including DevOps, application management, application platforms, and middleware. He has authored comprehensive primary research publications and provided advice and support for some of the world’s most prominent software vendors and Fortune 100 enterprises.

Before joining The Linux Foundation, Steve was a Research Director and Principal Investigator at Enterprise Management Associates (EMA). Steve acquired his experience in application development at Chase Manhattan Bank, Interactive Data Corp, Dynamics Associates, and Charles River Associates. 

Steve received a B.A. in economics from Hartwick College and an M.B.A. from Boston University.

Adrienn Lawson

Data Analyst

Adrienn is a data analyst at the Linux Foundation. She obtained a Master’s degree from the University of Oxford in Social Data Science. She supports LF Research with survey development, analysis, and report writing. Adrienn has previously conducted research at the University of Oxford, the Budapest Institute for Policy Analysis, and the U.K.’s Office for National Statistics.

Anna Hermansen

Research & Ecosystem Manager

Anna is the Ecosystem Manager for LF Research where she supports end-to-end management of the Linux Foundation's research projects. She has conducted qualitative and systematic review research in health data infrastructure and the integration of new technologies to better support data sharing in healthcare. She is a generalist with experience in client services, program delivery, project management, and writing for academic, corporate, and web user audiences. Prior to the Linux Foundation, she worked for two different research programs, the Blockchain Research Institute and BC Cancer's Research Institute.

Lucian Balea

Lucian is Open Source Program Director at RTE, the French power transmission system operator. He is leading the open source strategy of RTE which aims at moving the digitalization of the power grid into a new era. Early 2018, he started a collaboration with The Linux Foundation to launch LF Energy, an open source coalition to speed technological innovation and support the energy transition across the world. Today, Lucian is deeply involved in LF Energy and serves as Chair of the Governing Board.

Lucian has been with RTE since 2003 where he held several management positions in the fields of R&D, markets and finance.

Henry Chesbrough

UC Berkeley

Henry Chesbrough is best known as “the father of Open Innovation”.  He teaches at the Haas School of Business at the University of California-Berkeley, where he is the Faculty Director of the Garwood Center for Corporate Innovation.  He is also Maire Tecnimont Professor of Open Innovation and Sustainability at Luiss University in Rome. Previously he was an Assistant Professor at Harvard Business School.  He holds a PhD from UC Berkeley, and MBA from Stanford, and a BA from Yale University. He has written books such as  Open Innovation   (Harvard Business School Press, 2003),  Open Business Models  (Harvard Business School Press, 2006),  Open Services Innovation  (Jossey-Bass, 2011) and  Open Innovation Results  (Oxford, 2020).  His research has been cited more than 90,000 times, according to Google Scholar. He has been recognized as one of the leading business thinkers by Thinkers50.  He received an Innovation Luminary award from the European Commission in 2014.  He received the Industrial Research Institute Medal of Achievement in 2017, and has two honorary doctorates.

Melissa Evers

Melissa E. Evers is Vice President in the Software and Advanced Technology Group and General Manager of the Strategy to Execution organization at Intel Corporation where she is responsible for a portfolio of transformative software capabilities including Intel’s open source strategy.

Melissa holds a bachelor’s degree in engineering from the University of Texas at Austin and an MBA degree from the university’s McCombs School of Business. An active champion of diversity and inclusion, as well as a certified coach, Melissa frequently coaches leaders across the industry.

Margot Gerritsen

WiDS Worldwide

Stanford Prof [Emerita] Margot Gerritsen is the Executive Director of Women in Data Science Worldwide, a nonprofit she co-founded in 2015. Margot received her MSc from Delft University of Technology in 1990, and her PhD from Stanford University in 1996, both in computational mathematics. After five years as a Lecturer at the University in Auckland, New Zealand, Margot returned to Stanford in 2001 as a faculty member in Energy Science & Engineering. She was the Director of Stanford’s Institute for Mathematical & Computational Engineering from 2010-2018, and Senior Associate Dean in the School of Earth Sciences from 2015-2020. Margot is a Fellow of the Society of Industrial & Applied Mathematics and holds honorary doctorates from Uppsala University and the University of Eindhoven.

Peixin Hou is currently serving as the Chief Architect of Open Software and Systems in the Central Software Institute, Huawei. He has been working in the software industry for over 20 years and has experience in operating systems, mobile software, media processing, and cloud computing.

Peixin started his open source journey in 2000 and is now an active strategist and evangelist in the field. He is involved in defining various key strategies on open source for Huawei and leads the company’s FOSS development in areas such as Linux and containers. He also serves as a board or steering committee member in several open source projects, such as Cloud Native Computing Foundation and Core Infrastructure Initiative. Peixin has also represented Huawei on the board of Linaro.

Peixin received his Ph.D. from the University of Surrey, UK in electronic and electrical engineering.

Jessica Murillo

Jessica Murillo is Vice President, Open Systems Development at IBM. She leads a broad set of software development teams, including the IBM Linux Technology Center, collaborative software development, virtualization, containers, cloud computing, and next generation workload solutions across IBM’s POWER and IBM Z servers. The Open Systems Development organization is a worldwide team that is distributed across Australia, Brazil, China, France, Germany, India, and the United States.

Sachiko Muto

Sachiko Muto is the Chair of OpenForum Europe and a senior researcher at RISE Research Institutes of Sweden. She originally joined OFE in 2007 and served for several years as Director with responsibility for government relations and then as CEO. She has degrees in Political Science from the University of Toronto and the London School of Economics and has been a guest researcher at UC Berkeley and TU Delft.

Daniel Park

Dr. Daniel Park is a head of open source group in Samsung where he is responsible for open source strategy, corporate governance and compliance operation, project development and developer relationship and all kinds of open source stuffs. He has many experiences in terms of global standard and collaboration including W3C advisory board and working group chair, IETF working group chair, OCF vice president and open source work group chair, and currently his experience is being expanded to open source communities. He received his Ph.D from Kyung Hee University in Computer Engineering.

Phil is the Head of Ericsson Software Technology (EST), where he leads a passionate group of engineers developing open source software across a wide range of projects including Linux, OpenStack, Kubernetes, and ONAP among many others.

Prior to Ericsson, Phil was the V.P. of Operations for the Networking Projects at the Linux Foundation including ORAN, ONAP, OpenDaylight, and Anuket. In that role, Phil led a team of technical staff who oversaw community software development based on DevOps and open source best practices. Prior to the Linux Foundation, Phil spent 12 years with Hewlett Packard working on Linux and Open Source starting in 2001. There, Phil formed and led HP’s Open Source Program Office responsible for open source strategy, tools, processes, and investments as HP transitioned from Unix to Linux in the Enterprise Server market.

Maria Roche

Harvard Business School

Maria Roche is an Assistant Professor of Business Administration in the Strategy Unit at Harvard Business School. She teaches Strategy in the MBA required curriculum. Her research focuses on the sourcing, production and diffusion of knowledge, which she examines in various contexts including cities, co-working spaces, universities, and open source platforms. Her work, published at The Review of Economics and Statistics , Organization Science and Research Policy , has been featured, a.o., in The Atlantic , Handelsblatt and the WSJ .

Professor Roche earned her PhD in Management (Strategy and Innovation) at the Scheller College of Business, Georgia Institute of Technology, where she was a recipient of a NSF Science of Science and Innovation Policy Doctoral Dissertation Research Improvement Grant. She earned an MS in Business Administration and a BA in International Cultural and Business Studies at the University of Passau, Germany.

Nithya Ruff

LF Board Chair

Nithya A. Ruff is the Head of the Amazon Open Source Program Office. She drives open source culture and coordination inside of Amazon and engagement with external communities. Open Source has proven to be one of the world’s most prolific enabler of innovation and collaboration, and Amazon’s customers increasingly value open source innovation and the cloud’s role in helping them adopt and run important open source services. Prior to Amazon, she started and grew Comcast and Western Digital’s Open Source Program Offices. Open Source Program Offices are a critical part of a company’s digital transformation and innovation journey and enable the intentional and systematic engagement with open source for companies. 

Nithya has been director-at-large on the Linux Foundation Board for the last 5 years and in 2019 was elected to be Chair of the influential Linux Foundation Board. She works actively to advance the mission of the Linux Foundation around building sustainable ecosystems that are built on open collaboration.

Keiichi Seki

Keiichi Seki is a leading member of the open source program office in NEC Corporation, and is responsible for NEC’s open source strategy. He leads NEC’s developer teams who are actively contributing to open source communities, such as Kubernetes and OpenStack. He also helps encourage people in the NEC group of companies to join and contribute to open source communities. He handles intellectual property issues regarding open source software patents, and has been a technical committee member of the Open Invention Network since 2019.

Mark Shan has a long career and practical experience in cloud-native, microservices, big data, edge computing, and open-source ecosystem. As the chairperson of Tencent Open Source Alliance, he works full of passion to build the ecosystem for Tencent Open Source and makes great efforts to accelerate innovation in technology and product with the open-source way.

At Tencent Cloud, Mark leads the open-source team and works with organizations and communities including Apache Software Foundation, Linux Foundation, Open Atom Foundation, CAICT, COPU and others to build open-source ecosystem. He is also the observer of Linux Foundation Board, chairperson of TARS Foundation, TOC member of Open Atom Foundation and Magnolia Open Source Community, TSC member of Akraino Edge Stack, fellow of China Cloud Native Industry Alliance, advisor of Open Source Community, member of CCF Open Source Committee.

Rick Stevens

Argonne National Laboratory

Rick Stevens is a Professor of Computer Science at the University of Chicago and the Associate Laboratory Director of the Computing, Environment and Life Sciences (CELS) Directorate and Argonne Distinguished Fellow at Argonne National Laboratory. His research spans the computational and computer sciences from high-performance computing architecture to the development of tools and methods for bioinformatics, cancer, infectious disease, and other challenges in science and engineering. Recently, he has focused on developing AI methods for a variety of scientific and biomedical problems, and also has significant responsibility in delivering on the U.S. national initiative for Exascale computing and developing the DOE’s Frontiers in Artificial Intelligence for Science, Security, and Technology (FASST) national initiative.

Stevens is a member of the American Association for the Advancement of Science and has received many national honors for his research, including being named a Fellow of the Association of Computer Machinery (ACM) for his continuing contributions to high-performance computing.

Stephen Walli

Stephen Walli is a principal program manager at Microsoft in the Azure Office of the CTO. Stephen has been a Distinguished Technologist at Hewlett-Packard, technical director at the Outercurve Foundation, founded a start-up, and been a writer and consultant. He's been around open source software for 30+ years. He is governing board chair for the Confidential Computing Consortium, Microsoft board member to the Eclipse Foundation, and an IEEE standards working group chair. Stephen is adjunct faculty at Johns Hopkins University.

Irving Wladawsky-Berger

Dr. Irving Wladawsky-Berger is Visiting Lecturer at MIT’s Sloan School of Management, a Fellow of MIT’s Initiative on the Digital Economy and of MIT Connection Science.

He retired from IBM in May of 2007 after a 37 year career with the company, where his primary focus was on innovation and technical strategy. He’s been an Adviser on Digital Strategy at Citigroup, at HBO, and at MasterCard. He’s been writing a weekly blog,irvingwb.com, since 2005, and was a guest columnist at the Wall Street Journal CIOJournal.

Dr. Wladawsky-Berger received an M.S. and a Ph. D. in physics from the University of Chicago.

Chris Xie serves as the Head of Open Source Strategy at Futurewei, where he leads various strategic open source initiatives. His involvement in diverse open source communities has established him as a knowledgeable and strategic thought leader. Chris plays an active role in several key projects and committees, contributing to organizations like LF Research, LF Energy, Green Software Foundation, OpenSSF, and the Todo Group (OSPO). Earlier in his career, Chris started a software startup company as a Silicon Valley entrepreneur , focusing on decentralized computing. Chris holds patents in network management and distributed systems, reflecting his strong technical expertise. Recognized for his cross-cultural leadership, he has been featured in the San Francisco Chronicle Business News.

Senior Vice President and GM of Projects

Mike Dolan’s career spans three of the largest technology trends to rise over the last decade: mobile computing, cloud computing, and open source software. Today, as executive director of The Linux Foundation, he uses this experience to accelerate innovation in technology through the use of open source and Linux. At The Linux Foundation, Jim works with the world’s largest technology companies, including IBM, Intel, Google, Samsung, Qualcomm, and others to help define the future of computing on the server, in the cloud, and on a variety of mobile computing devices. His work at the vendor-neutral Linux Foundation gives him a unique and aggregate perspective on the global technology industry. Jim has been recognized for his insights on the changing economics of the technology industry, and he is a regular keynote speaker at industry events. He advises a variety of startups, including Splashtop, and sits on the boards of the Global Economic Symposium, Open Source For America, and Chinese Open Source Promotion Union.

Executive Director

Jim Zemlin’s career spans three of the largest technology trends to rise over the last decade: mobile computing, cloud computing, and open source software. Today, as executive director of The Linux Foundation, he uses this experience to accelerate innovation in technology through the use of open source and Linux. At The Linux Foundation, Jim works with the world’s largest technology companies, including IBM, Intel, Google, Samsung, Qualcomm, and others to help define the future of computing on the server, in the cloud, and on a variety of mobile computing devices. His work at the vendor-neutral Linux Foundation gives him a unique and aggregate perspective on the global technology industry. Jim has been recognized for his insights on the changing economics of the technology industry, and he is a regular keynote speaker at industry events. He advises a variety of startups, including Splashtop, and sits on the boards of the Global Economic Symposium, Open Source For America, and Chinese Open Source Promotion Union.

Stay Connected with the Linux Foundation

Academia.edu no longer supports Internet Explorer.

To browse Academia.edu and the wider internet faster and more securely, please take a few seconds to  upgrade your browser .

•  We're Hiring!
•  Help Center
• Most Cited Papers
• Most Downloaded Papers
• Newest Papers
• Save to Library
• Last »
• Windows Follow Following
• Apple Follow Following
• Multicore Programming Follow Following
• Cluster Follow Following
• Wireless Sensor Networks Follow Following
• Robotics Follow Following
• Embedded Systems Follow Following
• Networking Follow Following
• Open Source Software Follow Following
• Computer Science Follow Following

Enter the email address you signed up with and we'll email you a reset link.

• Academia.edu Publishing
•   We're Hiring!
•   Help Center
• Find new research papers in:
• Health Sciences
• Earth Sciences
• Cognitive Science
• Mathematics
• Computer Science
• Academia ©2024

Linux, the Operating System of Choice Research Paper

Introduction, overview the linux operating system, growth trends of linux operating system, linux: why it’s a better choice than windows or mackintosh, reference list.

In recent years, the global marketplace has witnessed an enormous rise in the use of computers and ultimately the software used in them. Computers have principally made their mark in almost all the spheres of mankind (Kirby, 2000), and with this growth the softwares required for them have also grown at an exponential rate (Kumbhar et al., 2011).

With an abundant rise of the computer industry, new software products keep on creeping in the market, adding more capabilities as well as complexities to the assiduous and conscientious end users. Now, more than ever before, customers or end users have a wide range of software options available at their disposal which can be used for their requirements and/or business purposes (Lone & Wani, 2011).

As acknowledged by Kumbhar et al (2011), the development of high quality software has followed two main trajectories, namely open source and closed source softwares. A recent trend in the field of software is the open source genre, and it can rightly be said that the Linux operating system has become the embodiment of this genre (Kirby, 2000). The present paper purposes to argue that Linux has not only emerged as a competitor to both Microsoft Windows and Macintosh operating systems, but is a better choice than the other two.

The history of the Linux operating system can be traced back to 1991 when Linus Torvalds, a student at the University of Finland in Helsinki, decided to develop a UNIX-type operating system called MINIX (McLaren, 2000). Available literature demonstrates that the MINIX platform was initially developed by university student Andrew S. Tannenbaum, but Linus decided to add more functionality into the system than originally proposed by Tannenbaum (Delozier, 2009).

As acknowledged by Balakrishnan (1999), Linus “…released version 0.02 of the operating system in 1991 and worked steadily on till 1994 when he released version 1.0 of the Linux Kernel” (p. 3). Eventually, according to this particular author, more and more programmers around the world came together and decided to give a Portable Operating System Interface for Computer Environments (POSIX) compliant UNIX-like system hinged on the founder’s operating system to global users under the GNU General Public License (GPL).

Technically, according to MacKinnon (1999), “…Linux just refers to the core of the operating system, the so called kernel, which interacts directly with the hardware and supervises the operation of other programs” (P. 2). However, it is imperative to underline the fact that a fully functional Linux system includes many other components, without which the system would not be of much use.

The important fact that makes Linux more appealing than Windows or Mackintosh operating system in this context is that most of these components are entirely non-commercial, and are developed and maintained by thousands of volunteers across the world (Delozier, 2009).

The popularity of Linux, the open source operating system originally developed and launched by Linus Torvalds, has grown noticeably over the past decade, (Delozier, 2009) and even more tenaciously over the past three years (Hong & Rezende, 2011).

While some sources cited in McLaren (2000) now claim that millions of end-users have already installed Linux on their computers, a report released by the International Data Corporation (IDC) and cited in Kirby (2000) point to a “…rapidly increasing usage of the Linux operating environment among a large sampling of organizations” (p. 85).

In 2006, the IDC projected that Linux-based server shipments would reach 25.7% of total shipments by 2008, and that Linux-based packaged software was expected to surpass $14 million the same year (Economides & Katsamakas, 2006).

In 2006 some studies suggested that the market-share of Linux operating system was around 3% though it was largely anticipated to rise to 7% by 2007 (Economides & Katsamakas, 2006).

As acknowledged by these authors, the slow growth of Linux in these formative years was largely “…attributed to lack of ease of use, small variety of applications and problems with drivers that [enabled] users to connect other devices to their computing systems” (p. 210). Many of these challenges have been adequately solved by the open source community, making Linux to become the operating system of choice as we progress deeper into the 21 st century (Hong & Rezende, 2011).

Statistics released in 2011 by the IDC demonstrated that Linux server demand was increasingly growing and represented “…18.4% of all server revenue, up 1.7 points when compared with the fourth quarter of 2010” (Vaughan-Nichols, 2012, para. 2). It is important to note that while the market share for Windows and UNIX-oriented software shrank in 2011, the demand for servers running on Linux open source software grew due to high performance computing (HPC) as well as cloud infrastructure deployments (Vaughan-Nichols, 2012).

Available literature demonstrates that “…with a reputation for speed, reliability, and efficiency, GNU/Linux now has more than 12 million users worldwide and an estimated growth rate of 40% per year” (Lone & Wani, 2011, p. 166). The market threat of Linux to Microsoft’s and Apple’s proprietary software (Windows and Mackintosh) is becoming more evident because more that 50% of Fortune 500 companies has already made the big switch to GNU/Linux (Lone & Wani, 2011).

A strand of existing literature (e.g., Hong & Rezende, 2011; Lone & Wani, 2011) demonstrates that with the recent surge in the use and adoption of Linux operating system by individuals and organizations, it may be just a matter of time before users of Linux eventually outshine those using Microsoft’s and Apple’s proprietary software.

This section attempts to demonstrate why Linux is a better choice than Windows or Mackintosh by analyzing several issues, including: code accessibility; cost concerns; security issues; distrust of monopolies; functionality and features; applications; support availability; as well as ease of use and quality.

Code Accessibility

A predominant attribute of the Linux operating system that differentiates it from Windows, Mackintosh, and other proprietary software is that it is one of the few feasible operating systems whose source code is also easily obtainable as free software under the protocols of the GNU GPL. According to Balakrishnan (1999), “…the GNU GPL is intended to safeguard and guarantee the freedom of any user of free software to share, modify and also share the modified software” (p. 1).

This view is reinforced by Mackinnon (1999), who argue that open-source software such as Linux “…is free in the sense that it can be obtained without payment, and it is free in the sense that users are allowed to modify it, but it is not free in the sense that anyone can do whatever they want with it” (p. 2).

This orientation, according to Balakrishnan (1999), is in sharp contrast to the authorization agreements given for Windows and Mackintosh commercial software that forbids customers or end-users to distribute or adjust the software without seeking express permission from the parent companies.

It can be remembered that “…Apple pioneered the home computer, only to pay the penalty for steadfastly refusing to make its Mackintosh operating system available to users of other PCs” (Daisy, 2004, p. 12). In sharp contrast, Linux software code is freely available online and thus holds the advantage of being entirely customizable to cater for the unique needs and demands of different customers and end-users (Delozier, 2009).

According to Daisy (2004), this is precisely the reason why Linux is increasingly becoming the operating system of choice for government-sponsored institutions within emerging countries like China and India who are also using a Sun Systems package instead of the well known Microsoft Office operating system.

Cost Concerns

As noted by McLaren (2000), “…the most obvious way in which Linux differs from Microsoft Windows is in its price: Linux is free” (p.82). Indeed, Linux and many of its components can be downloaded from hundreds of FTP sites on the internet for free because it was developed, and continues to be developed and fine-tuned, by a huge number of hobbyists and enthusiasts from all over the world (Kumbhar et al., 2011).

The difference in cost between Linux and other proprietary software such as Windows and Mackintosh makes Linux operating system a very serious contender in the home, business, government, and academic domains (McLaren, 2000). The cost consideration seems to put Linux squarely ahead of other operating systems, including Microsoft’s Windows and Apple’s Mackintosh.

Security Issues

Security challenges and risks are hurting windows operating system, thereby giving millions of computer users a reason to migrate to Linux (Schryen, 2011). An independent study cited in Economides & Katsamakas (2006) demonstrates “…that Linux kernel has 0.17security flaws per 1,000 lines of code, compared to average 10-20 flaws of proprietary software” (p. 211).

According to Schryen (2011), the Linux open source software development is credited for preventing extremely bad patching behavior that is repeatedly accused of leading to potentially harmful security vulnerabilities in Windows and Mackintosh operating systems. The way the account privileges are assigned in Linux makes it impossible for users to be given administrator access by default as is the case with Windows (Kumbhar et al., 2011).

In Windows, users have access to everything on the system, making it vulnerable to attacks from viruses and worms. However, due to the incapacity by users to get ‘root’ privileges in a Linux system, the viruses and worms are denied access to critical system resources, implying that only a few user local files and programs are damaged in the event of an attack (Noyes, 2010). This in effect means that Linux has more efficient security features than either Windows or Mackintosh and therefore is a better choice.

Distrust of Monopolies

One of the reasons that continue to draw more customers into the Linux fold is the modicum of distrust associated with Microsoft. As noted by McLaren (2000), Microsoft is viewed by many enlightened software consumers as an undemocratic organization because it has “…too much money, too much control, [and] too much industry influence” (p. 82).

This author bravely contend that monopolies are not good for consumers and Microsoft is a monopoly in the software market due to too much control and too much influence on the industry. In sharp contrast, there is no “corporation” or “influence” behind Linux as it is a grassroots operating system that has the interests of customers and end-user organizations at heart (McLaren, 2000).

Functionality & Features

Theoretically, the fact that Linux is a fully-fledged operating system makes it “…a viable alternative to any other operating systems, including DOS, Windows, UNIX, NetWare, and so on” (McLaren, 2000, p. 82).

Extant literature demonstrates that “…Linux does true multitasking and includes virtual memory, shared libraries, demand loading, memory management, TCP/IP networking and other features that are available with current full featured commercial operating systems” (Balakrishnan, 1999, p. 1).

In multi-tasking, the Linux operating system allows manifold programs to share a computer system that give the end-user the illusion that the programs are running simultaneously either preemptively or cooperatively (Schryen, 2011). Virtual memory, according to Balakrishnan (1999), “…is a scheme employed by the operating system to provide means of executing programs whose code occupy more space than the size of the on-board semiconductor memory” (p. 2).

The Linux operating system is capable of accomplishing this important function by provisionally managing recently used constituents of a program from memory into the system’s hard disk and replicating them back on demand (Delozier, 2009).

When combined with Linux’s low initial purchase price and an ever-increasing number of enterprises willing to provide fee-based technical support for Linux, these two features provide a compelling reason for customers and end-user companies to consider Linux as an effective and efficient alternative to commercial operating systems such as Windows and Macintosh (Kirby, 2000).

Moving on, it is imperative to mention that shared libraries are used with dynamic linking in the Linux open source software not only to distribute commonly used routines but also to achieve efficiency and reliability. As suggested by Balakrishnan (1999), “…each reference to a library routine is replaced with a stub that indicates how the appropriate routine can be located in memory” (p. 2).

A stub primarily executes/implements and substitutes itself with the signature of the suitable library schedule, meaning that the next time round a similar code fragment is triggered the library schedule is executed/implemented directly with no additional outlay of situating the memory-resident sector of the library (Balakrishnan, 1999).

The overall effect of this functionality is that Linux operating system is efficient in optimizing resources and therefore runs faster on slow computers (Kirby 2000). Proprietary software such as Windows has this functionality but is expensive to purchase and heavy on slow computers, ultimately affecting efficient optimization of resources (Loni & Wani, 2011).

Additionally, The Linux operating system has the demand loading functionality, which is basically “…a method of loading only parts of the program that is currently being executed into primary memory (RAM) from secondary memory (disk)” (Balakrishnan, 1999, p. 2). In memory management, the Linux operating system bears the capability to share “…the memory in a computer system among several programs or several programs or several modules of the same program” (Balakrishnan, 1999, p. 2).

Applications

Many computer users all over the world think that the most obvious drawback for Linux operating system must be the sustained lack of software applications that run on the system. However, this belief is further from the truth as “…there are thousands of applications that will run on Linux, and most of these are also free, from Web browsers to word processors to spreadsheets” (McLaren, 2000, p. 83).

The OpenOffice.org, which is an office software suite incorporating word processing, spreadsheet, presentation and drawing applications, runs well on the Linux platform and has inherent advantages when compared to the Windows Microsoft Office package not only because it utilizes XML file formats, but also because it is open source and multiplatform (Wusteman, 2004).

Additionally, while it is often difficult for users to read a document using a previous version of Word software because Microsoft is yet to provide filters on its Web site, the OpenOffice.org appears to have no difficulty in availing filters for all versions of Microsoft’s Word currently in use (Wusteman, 2004). This predisposition, in scope and context, implies that Linux is a better choice than Windows.

Other end-users believe that although Linux is supported by many applications, it is incredibly hard to use these applications and probably this is the sole reason why the operating system is being held back by Microsoft Windows in terms of competition (Karimi & Noori, 2011).

However, as noted by McLaren (2000), “…Linux has a number of GUI shells that can be loaded over the top of the command line interface (just as Windows 98 was loaded over DOS) that will give it a Windows look and feel” (p. 83). Two of the most recognized shells used by Linux, according to this author, include the K Desktop Environment (KDE) and Gnome, not mentioning that Linux has an actual Windows emulator available called WINE.

This view is reinforced by Economides and Katsamakas (2006), who observe that “Linux has been mostly an operating system for power-users who have Unix-like skills but this may change since the open source community is developing several friendly user interfaces such as KDE” (p. 210). These applications, it is argued, make Linux unbelievably easy to use for computer amateurs (Loni & Wani, 2011).

Extant literature demonstrates that Linux operating system has in recent years emerged as a viable competitor to other proprietary operating systems, such as Microsoft Windows, Mackintosh and other commercial implementations of UNIX, primarily due to its solid support systems (Choi et al., 2007), as well as multifaceted functionalities (Delozier, 2009).

Indeed, as postulated by Kirby (2000), “…Linux provides a robust, stable computing environment on a variety of architectures including Intel X86, SPARC, and Alpha” (p. 85). Overall, these capabilities have made it possible for a substantial number of desktop and server applications to be ported to Linux (Kirby, 2000), making it the operating system of choice in the 21 st century.

Support Availability

McLaren (2000) is clear in his analysis of the advantages and disadvantages of Linux that “…it will fail precisely because it does not have the one characteristic that causes so many to hate Microsoft Windows: a huge corporation backing it up” (p. 83).

Microsoft Windows users can escalate challenges discovered at their workstations or mission-critical servers to Microsoft technical support on a 24/7 basis, but it may not be possible for Linux users to receive immediate support to deal with their challenges because the system is developed by a global team of enthusiasts and lobbyists who appear thrillingly uncontrolled and unregulated (Schryen, 2011).

It may take a while for Linux users to get the kind of guarantees of system compatibility and stability provided by Windows and Macintosh operating systems (Apple Computers, Inc., 1997; Daisy, 2004), but this incapacity does not necessarily implies that Linux is simply inoperable due to support hitches (Economides & Katsamakas, 2006).

On the contrary, millions of users across the world are making the switch to Linux operating system due to small startup companies like Red Hat and Caldera that are beginning to get into the support act for Linux for a small fee (McLaren, 2000).

More importantly, according to McLaren (2000), “…is the interest that industry juggernauts like IBM and Hewlett Packard are starting to pay to Linux support” (p. 84). It has been reported in the literature that multinational computer company IBM is investing billions of dollars in Linux operating system and backing its distributors/ suppliers such as Red Hat and Novell (Moranda, 2005).

Available projections indicate that Linux may have a global support platform by 2015 (Delozier, 2009), further demonstrating that it is increasingly becoming the operating system of choice due to a multiplicity of variables that put Windows and Mackintosh operating systems at a distinct disadvantage, such as cost overruns and limitations of use (Hong & Rezende, 2011).

Even so, users must be cautious that it may take a very long duration of time before these companies demonstrate any support capabilities which may be equated to Microsoft’s or Apple’s knowledge base (Weber, 2007).

Ease of Use & Quality

Extant literature demonstrates that Linux is “…far easier to use out of the box than any proprietary version of UNIX, partly because it comes with so many useful programs already installed” (MacKinnon, 1999, p.3).

It is noted in the literature that most of these programs, including the comprehensive GNU tool kit, can be easily downloaded and installed on any adaptation of UNIX but fulfilling this command would generally consume time and effort (Delozier, 2009). Additionally, it is important to note that “…commercial training and support are available for most widely used OSS [open source software] such as Linux and Apache” (Wusteman, 2004, p. 232).

In terms of quality, extant literature demonstrates that the approach used in the development of Linux “…can result in software of higher quality and greater stability than that of many commercial rivals” (Wusteman, 2004, p. 232). Additionally, according to this particular author, the Linux operating system avail a Web site and discussion lists for users and programmers, as well as other documentation which assists to improve the quality attributes of the open source software when compared to either Windows or Mackintosh.

From the ongoing, it is indeed clear that Linux has gained much acceptance from users for a number of reasons. Indeed, the growth of Linux operating system in the global marketplace augurs well when factors such as code accessibility, cost concerns, security issues, functionality and features, as well as applications, ease of use, and quality issues are concerned.

Although Microsoft has evolved to become the dominant force in the computer software sector for almost a generation (Moranda, 2005), a sense of their decimation of the competition in the operating systems sector tends to be the prevailing feeling among mainstream commentators due to the increasing use and adoption of Linux by individuals and organizations across the world.

While Microsoft and Apple face challenges of their own and their dominance even in operating systems business seems not secure, Linux is increasingly becoming popular among users and governmental organizations in the developing world not only due to its low cost solution, but also its efficiency, security and enhanced functionalities.

Indeed, it is now correct to say that Linux has not only emerged as the new threat to Microsoft and Apple in developing markets, but will soon surpass them and become the incumbent operating system of choice.

Apple Computer, Inc. (1997). 75 Mackintosh advantages: Why mackintosh computers are better than PCs running windows . Web.

Barakrishnan, S. (1999). The Linux operating system . Web.

Choi, C. J., Millar, C. J. M., Chu, R. T. J. & Berger, R. (2007). Increasing returns and marketing strategy in the twenty-first century: Nokia versus Microsoft versus Linux. Journal of business & Industrial Marketing, 22 (5), 295-301.

Daisy, L. M. (2004). What does the future hold for Intel, Apple and Microsoft? Big three face new challenges ahead. Strategic Direction, 20 (11), 10-13.

Delozier, E. P. (2009). The GNU/Linux desktop: An open source primer for libraries. OCLC Systems & Services, 25 (1), 35-42.

Economides, N. & Katsamakas, E. (2006). Linux vs. Windows: A comparison of application and platform innovation incentives for open source and proprietary software platforms. Journal of Econometrics 85 (2), 207-217.

Hong, S. H. & Rezende, L. (2011). Lock-in and unobserved preferences in server operating systems: A case of Linux vs. Windows. Journal of Econometrics, 167 (2), 494-503.

Karimi, A. & Noori, A. (2011). Threads in the operating systems. International Journal of Academic Research, 3 (2), 1008-1013.

Kirby, S. (2000). Free to Choose: The real power of Linux. Library Hi Tech, 18 (1), 85-88.

Kumbhar, S.S., Ghotkar, S.N., & Tumma, A.K. (2011). Appraisal and dissemination of open source operating systems and other utilities. Trends in Information Management, 7 (2), 154-162.

Lone, M.I., & Wani, Z.A. (2011). Analysis of operating systems and browsers: A usage metrics. Trends in Information Management, 7 (2), pp. 163-175.

MacKinnon, J. G. (1999). The Linux operating system: Debian GNU/Linux . Web.

McLaren, S. (2000). Linux: A viable alternative or direct mirage? Library Hi Tech, 18 (1), 82-84.

Moranda, M. I. (2005). Microsoft’s fighting future: software giant’s dilemmas and lessons in ring craft. Strategic Direction, 21 (10), 5-8.

Noyes, K. (2010). Why Linux is more secure than Windows . PC World. Web.

Schryen, G. (2011). Is open source security a myth? Communications of the ACM, 54 (5), 130-140.

Vaughan-Nichols, S. (2012). Linux servers keep growing, windows & UNIX keep shrinking . Web.

Weber, R. M. (2007). I (mostly) love my Mac. Journal of Financial Service Professionals, 61 (2), 34-36.

Wusteman, J. (2004). Potentially ridiculous. Library Hi Tech , 22(2), 231-237.

• Chicago (A-D)
• Chicago (N-B)

IvyPanda. (2024, February 15). Linux, the Operating System of Choice. https://ivypanda.com/essays/linux-the-operating-system-of-choice-research-paper/

"Linux, the Operating System of Choice." IvyPanda , 15 Feb. 2024, ivypanda.com/essays/linux-the-operating-system-of-choice-research-paper/.

IvyPanda . (2024) 'Linux, the Operating System of Choice'. 15 February.

IvyPanda . 2024. "Linux, the Operating System of Choice." February 15, 2024. https://ivypanda.com/essays/linux-the-operating-system-of-choice-research-paper/.

1. IvyPanda . "Linux, the Operating System of Choice." February 15, 2024. https://ivypanda.com/essays/linux-the-operating-system-of-choice-research-paper/.

Bibliography

IvyPanda . "Linux, the Operating System of Choice." February 15, 2024. https://ivypanda.com/essays/linux-the-operating-system-of-choice-research-paper/.

• Charles Rennie Mackintosh: Formative Years and Education
• Administering a UNIX User Environment
• Linux OS: Review and Analysis
• How Has the Linux Operating System Made Our Lives Better?
• Investigating Operating System Architecture
• Making Informed User Decisions: Windows v. Linux
• Enhancing Data Security on Corporate Servers
• Comparing Windows With Linux
• History of Linux
• Gender and Racial Issues as Portrayed by P. Mcintosh and S. Farough
• Internet Key Exchange Protocol
• Security Vulnerabilities in Software
• MANETs Security Issues and Solutions
• Dependency on Computers
• Strategy And Controls In Information Security

Analysis of the Linux random number generator

Ieee account.

• Change Username/Password
• Update Address

Purchase Details

• Payment Options
• Order History
• View Purchased Documents

Profile Information

• Communications Preferences
• Profession and Education
• Technical Interests
• US & Canada: +1 800 678 4333
• Worldwide: +1 732 981 0060
• Contact & Support
• About IEEE Xplore
• Accessibility
• Terms of Use
• Nondiscrimination Policy
• Privacy & Opting Out of Cookies

A not-for-profit organization, IEEE is the world's largest technical professional organization dedicated to advancing technology for the benefit of humanity. © Copyright 2024 IEEE - All rights reserved. Use of this web site signifies your agreement to the terms and conditions.

Navigation Menu

Search code, repositories, users, issues, pull requests..., provide feedback.

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly.

To see all available qualifiers, see our documentation .

• Notifications

Research paper collection for Linux kernel security from top security conferences.

maxking/linux-security-papers

Folders and files, repository files navigation, list of security papers related to linux kernel, ieee s&p (2009-2016), space traveling across vm: automatically bridging the semantic gap in virtual machine introspection via online kernel data redirection.

This paper presents an alternative methodology for VMI that tries to fix the problem of semantic gap between the operating systems and hypervisor for a more isolation between the OS and monitor. This presents a different mechanism as compared to the tradition system call interposition methods.

https://csdl.computer.org/csdl/proceedings/sp/2012/4681/00/06234438.pdf

Smashing the Gadgets: Hindering Return-Oriented Programming Using In-Place Code Randomization

This paper focuses on fixing the ROP vulnerabilities by trying to strip off gadgets from a binary. It does so by randomizing the instructions locally and thus breaking the chains of instructions that can be potentially used to perform an ROP attack, decreasing the probability of the attack by 90%.

https://csdl.computer.org/csdl/proceedings/sp/2012/4681/00/06234439.pdf

Missing the Point(er): On the Effectiveness of Code Pointer Integrity

This paper presents attacks against a recent technique Code Pointer Integrity (CPI) which defends against memory corruption attacks by focusing on safety of code pointers. They present an attack which bypasses the current state of the art mechanisms within 6secc with 13 observed crashes and within 98 hours with no crashes.

http://www.ieee-security.org/TC/SP2015/papers-archived/6949a781.pdf

KCoFI: Complete Control-Flow Integrity for Commodity Operating System Kernels

Control Flow Integrity is one of the biggest problems in the systems security today. Compromising the control flow means user can perform any action that a Kernel can effectively do by jumping from one point to other in the code. This paper presents a new technique to provide integrity of code flow in OS Kernel, effective preventing the class of attacks called ROP.

https://csdl.computer.org/csdl/proceedings/sp/2014/4686/00/4686a292.pdf

Dancing with Giants: Wimpy Kernels for On-demand Isolated I/O

Small and simple (wimpy) vs Large and Complex (giants) work with each other to provide a security architecture where that provides an on-demand isolated I/O for the applications running on wimpy kernel. The size and complexity of the wimpy kernel is small and done so by relying on a un-trusted general purpose operating system for I/O and moving the I/O subsystem and drivers to the userspace.

https://csdl.computer.org/csdl/proceedings/sp/2014/4686/00/4686a308.pdf

Practical Control Flow Integrity & Randomization for Binary Executables

Yet another CFI technique that claims to provide better performance as compared to the previous CFI techniques. CFI collects all the points of indirect-control transfer in one single place and then limits the indirect control flow transfers only through them. Because the indirect control transfers are only supposed to be from this one single place, the verification process for pointers becomes easier and hence the higher performance. It also claims to be compatible with legacy binaries.

http://www.ieee-security.org/TC/SP2013/papers/4977a559.pdf

SoK: Eternal War in Memory

A must read summary paper about the different types of memory corruption attacks, the paths for different attacks based on the types of bugs exploited through a control flow diagram which explains how these attacks use the existing memory corruption bugs of different types. It also talks in depth about the solutions proposed in the past and comments on their usefulness in modern age.

http://dl.acm.org/citation.cfm?id=2498101

CCS (2009-2016)

Aslr-guard: stopping address space leakage for code reuse attacks.

This paper aims to solve the traditional problems with ASLR, information disclosure via memory leaks. It aims to either prevent code pointer leaks or render them useless for actually deriving the address of code points by encoding them. It separates code and data, provides a secure storage for code and data, and encodes the code pointers when treated as data. They claim to offer performance overhead of less than 1% for C/C++ programs.

https://sslab.gtisc.gatech.edu/assets/papers/2015/lu:aslrguard.pdf

Timely Rerandomization for Mitigating Memory Disclosures

This is an interesting idea to extend ASLR to prevent the memory corruption attack by using a simple mechanism. Since, outputs are the chief source of address leakage which renders ASLR useless in traditional scenarios, they re-randomize the address space every time the program gives an output. They add some extra information when compiling the binary to locate code-pointers and re-randomize them at run-time.

http://web.mit.edu/ha22286/www/papers/CCS15_2.pdf

CCFI: Cryptographically Enforced Control Flow Integrity

Another control flow integrity protection mechanism that uses MACs to protect the control flow of the applications. The MAC of the pointer depends on the type of Pointer which classification can happen at runtime (with type casts) or at compile time with static analysis of code. A pointer with same type cannot replace another pointer because of the MAC and also another pointer cannot replace a pointer with different types. Theoretically, it supports over 2^80 types of pointers.

http://dl.acm.org/citation.cfm?id=2813676

Practical Context-Sensitive CFI

A lot of CFI techniques exist today in research but the practicality of CFI is still on the big hurdle in their wide-spread adoption. Solutions often have a battle between performance and security guarantees and a comprise on either one of them makes the solution difficult to use in real world. This paper presents a CFI technique that takes into account the context of the control transfer to effectively increase the security guarantees provided by the traditional context-insensitive CFI techniques. It includes static analysis of code, binary instrumentation and relies on commodity hardware feature to enhance the performance.

http://dl.acm.org/citation.cfm?id=2813673

Losing Control: On the Effectiveness of Control-Flow Integrity under Stack Attacks

This is an interesting paper which claims to find shortcomings in the proposed CFI techniques and evaluates their effectiveness against stack-based memory corruption attacks. Their attacks are specially targetted towards stack corruption and bypassing the CFI techniques, both coarse grained and fine grained. They also present a technique against shadow stack implementation.

https://pdfs.semanticscholar.org/67b0/86caacc543b7d30b2f006f77a315bc9572e0.pdf

Control Jujutsu: On the Weaknesses of Fine-Grained Control Flow Integrity

Another paper that exploits the weakness in the fine-grained CFI techniques by mainly focusing on the requirements of the techniques and some common currently available programs. They present proof-of-concept attacks against Apache and Nginx in the presence of a fine gained CFI technique with unlimited tagging and support for a shadow stack.

https://people.csail.mit.edu/stelios/papers/jujutsu_ccs15.pdf

Per-Input Control-Flow Integrity

This paper aims to solve the problem of generating Control Flow Graph for Specific Inputs instead of generic inputs thus implementing a finer-grained CFI. This technique uses a run-time addition of input data-types allowed to run; to prevent attackers to add random edges to the CFG for input types, it compares it against the all-allowable edges which is also extracted by statically analyzing the source code.

http://www.cse.psu.edu/~gxt29/paper/picfi.pdf

A Tale of Two Kernels: Towards Ending Kernel Hardening Wars with Split Kernel

This is a new and innovative concept that claims to solve the problem of poor performance when using hardened kernels. They compile the kernel with some modifications into not one but two kernel, hardened and normal. The process of choosing between them can happen at runtime or by administrator. The un-trusted processes run on the hardened kernel and the other trusted processes run on the normal kernel thus increasing the overall performance as compared to only hardened kernel. They use binary instrumentation techniques and flexiblity of ELF format to have two copy of each function, hardened and normal. They have some checks to keep the hardened control flow within itself by manipulating the code pointers that point to the normal un-hardened functions.

http://dl.acm.org/citation.cfm?id=2660331

Hypervision Across Worlds: Real-time Kernel Protection from the ARM TrustZone Secure World

This paper presents a technique to provide security in ARM SoC by leveraging the virtualization for isolation of a security monitoring VM and the normal OS VM. Using different ARMv7 and ARMv8 specific features, they isolate the monitoring VM in such a way that it has full access to the address space of the other VM and can hence host security monitors that verify the run-time integrity of the Operating System in the normal VM. To make sure that the VM cannot bypass the protections, they remove all the memory management related instructions in the kernel and monitor the kernel’s integrity so that any malicious process cannot add them back by loading a malicious module or anything else.

http://dl.acm.org/citation.cfm?id=2660350

You Can Run but You Can’t Read: Preventing Disclosure Exploits in Executable Code

This paper presents a new technique called as XnR, eXecute but not Read, which allows the running of executable portion of the code but does not allow reading the code as data effective preventing memory disclosure attacks. They claim to have 2.2% and 3.4% overheads for Linux and Windows operating systems even with the absence of any hardware support for XnR.

http://dl.acm.org/citation.cfm?id=2660378

DieHarder: Securing the Heap

A new memory allocator design that prevents the heap corruption attacks. This paper talks about the shortcomings of the existing heap allocators in different operating systems today which enable the attacks on heap. It also talks about all the different types of heap based attacks and their countermeasures.

TODO: Compare this with freelist randomization technique that is under discussion right now in the Linux kernel.

https://people.cs.umass.edu/~emery/pubs/ccs03-novark.pdf

Countering kernel rootkits with lightweight hook protection

This paper presents a technique to prevent hook-indirection in Linux kernel by different attacks that redirect the control flow. It assumes that most of the kernel hooks are not dynamic and aren’t changed after initialization. Since modern hardware doesn’t provide memory protections are byte granularity, but at page granularity, they move the hooks to page-aligned addresses and control their write access using the hardware protection mechanisms. It adds a 6% overhead.

http://dl.acm.org/citation.cfm?id=1653728

Secure In-VM Monitoring Using Hardware Virtualization

This paper presents a secure in-vm monitoring by using the hypervisor to isolate the address space of the monitoring program from the rest of the operating system. This improves the performance of the monitor because there is no need to re-create the semantic information like in out-of-VM solutions.

https://www.microsoft.com/en-us/research/wp-content/uploads/2016/02/sim-ccs09.pdf

Return-Oriented Programming without Returns

https://www.cs.uic.edu/~s/papers/noret_ccs2010/noret_ccs2010.pdf

Breaking Kernel Address Space Layout Randomization with Intel TSX

Timing channel attack against Linux KASLR.

http://dl.acm.org/citation.cfm?id=2978321

Prefetch Side-Channel Attacks: Bypassing SMAP and Kernel ASLR

Side channel attacks against SMAP and KASLR.

https://gruss.cc/files/prefetch.pdf

USENIX Security

Baggy bounds checking: an efficient and backwards-compatible defense against out-of-bounds errors.

https://www.usenix.org/legacy/event/sec09/tech/full_papers/akritidis.pdf

Cling: A Memory Allocator to Mitigate Dangling Pointers

This paper presents a new memory allocator to defend against use-after-free vulnerabilities. It infers the type information about the pointers by inspecting the call stack and prevent type unsafe address space re-use among pointers of different types.

https://www.usenix.org/legacy/events/sec10/tech/full_papers/Akritidis.pdf

kGuard: Lightweight Kernel Protection against Return-to-User Attacks

This paper presents kGuard as a defense mechanism against ROP attacks which leverage userspace to inject ROP gadget chains in the Kernel. kGuard is a compiler plugin which adds inline guards in the kernel which prevent ret2usr attacks with low performance and memory overheads than the previous works in this area. The size of the kernel grows by 3.5-5.6% but the impact of that on real-life applications is minimal.

https://www.usenix.org/conference/usenixsecurity12/technical-sessions/presentation/kemerlis

Enhanced Operating System Security Through Efficient and Fine-grained Address Space Randomization

This paper claims to present the first fine-grained ASLR technique for modern operating systems. The acknowledge the fact that the assumptions are different when we talk about Kernels as compared to userspace applications. They claim better performance and security than any proposed technique and present a technique called live randomization.

https://www.usenix.org/conference/usenixsecurity12/technical-sessions/presentation/giuffrida

Poking Holes in Information Hiding

This papers aims to break the ASLR in an yet another innovative way proving that ASLR is no longer a valid protection mechanism against memory disclosure attacks. They claim there is no need for complicated side-channel, probing of mapped region to determine the address of the known code regions in the address-space. Instead, they continuously allocate large chunks of memory to determine the holes in the address space and use that to break the ASLR.

https://www.usenix.org/conference/usenixsecurity16/technical-sessions/presentation/oikonomopoulos

What Cannot Be Read, Cannot Be Leveraged? Revisiting Assumptions of JIT-ROP Defenses

A recent paper proposed the idea of XnR, eXecute but not Read, to protect against JIT-ROP attacks. This paper analyzes the solution presented in that paper and proves that a successful JIT-ROP attack can still be mounter even in the presence of XnR protection. It then proposes a new mechanism that extends XnR to prevent against JIT-ROP attacks.

https://www.usenix.org/conference/usenixsecurity16/technical-sessions/presentation/maisuradze

Trustworthy Whole-System Provenance for the Linux Kernel

Provenance-aware systems track the data objects as it changes and gets used in a system. This could help in Kernel protection mechanisms like taint tracking. This paper talks about the security of such provenance-aware systems and presents a system that can be securely deployed as a Linux Provenance Modules (LPM), a generic framework for Linux.

https://www.usenix.org/conference/usenixsecurity15/technical-sessions/presentation/bates

Automatic Generation of Data-Oriented Exploits

Recently, data-only attacks have gained a lot of attention from researchers. As the code-injection and ROP defenses are being actively worked on, there is little work put into protecting data. There are papers that claim the data only attacks are a real threat today. This paper goes a step ahead and creates an automatic framework to create data-only attacks by leveraging known memory vulnerabilities.

https://www.usenix.org/conference/usenixsecurity15/technical-sessions/presentation/hu

Control-Flow Bending: On the Effectiveness of Control-Flow Integrity

This paper finds limitations in modern fine-grained CFI techniques which have claimed in past to provide tight security, albeit at the cost of performance. However, they rename data-only attacks to a new term called Control-Flow Bending and prove that CFI techniques cannot successfully prevent data-only attacks. They also talk about the usefulness of shadow-stacks in prevention of a majority of such attacks.

https://www.usenix.org/conference/usenixsecurity15/technical-sessions/presentation/carlini

How the ELF Ruined Christmas

This paper talks about the security of ELF executable format and explains how the ability to dynamically determine the location of critical functions can may help in bypassing protection mechanisms like ASLR which aim to prevent memory disclosure attacks which in turn help in attacks like ROP.

https://www.usenix.org/conference/usenixsecurity15/technical-sessions/presentation/di-frederico

ROP is Still Dangerous: Breaking Modern Defenses

This paper claims to bypass previously proposed solutions against ROP attacks, specifically kBouncer and ROPecker by proposing techniques to bypass these protections. They present three new attack models that can bypass most of the proposed defenses against ROP, including CFI techniques.

https://www.usenix.org/conference/usenixsecurity14/technical-sessions/presentation/carlini

Stitching the Gadgets: On the Ineffectiveness of Coarse-Grained Control-Flow Integrity Protection

Yet another paper that explores the in-effectiveness of the CFI techniques proposed in the past. They analyze the security of all previously proposed coarse-grained CFI techniques. Also, they present new attack primitives that can effectively bypass all the protection mechanism against ROP by slightly modifying the existing attacks.

https://www.usenix.org/conference/usenixsecurity14/technical-sessions/presentation/davi

Size Does Matter: Why Using Gadget-Chain Length to Prevent Code-Reuse Attacks is Hard

Some defenses for ROP actually make assumptions about the length of the gadget chains that are practically usable to deploy a successful attack. This paper means to analyze on that assumption trying to prove that finding out a reasonable threshold for that length is a difficult problem and can often result either in bypass of large false positives if the length is over or under estimated.

https://www.usenix.org/conference/usenixsecurity14/technical-sessions/presentation/goktas

Oxymoron: Making Fine-Grained Memory Randomization Practical by Allowing Code Sharing

This paper talks about the drawbacks of removing code-sharing by using shared libraries as a preventive measure for ROP attacks. Further, they propose a per-process level memory randomization technique which is safe against JIT-ROP attacks while allowing shared libraries.

https://www.usenix.org/conference/usenixsecurity14/technical-sessions/presentation/backes

Dynamic Hooks: Hiding Control Flow Changes within Non-Control Data

This paper builds upon the existing attacks which modify the control flow of a program by modifying the control-data , which can be easily detected by mechanisms that looks for changes in such hooks. They instead propose a technique which modifies the transient-data and it gets invoked only a run-time bypassing most of the protection techniques proposed against the control-data attacks.

https://www.usenix.org/conference/usenixsecurity14/technical-sessions/presentation/vogl

ret2dir: Rethinking Kernel Isolation

This is a novel new technique called return-to-direct-mapped memory which is a variant of the return-to-libc or other ROP style attacks. In this paper, they bypass all the hardware enforced protection mechanism liek PXN, SMEP, SMAP introduced in the recent past. They leverage the direct-mapped memory in Linux kernel which maps the entire userspace into the kernel space and uses some techniques to determine the address of the shell code added in the userspace to perform ROP in kernel space.

https://www.usenix.org/conference/usenixsecurity14/technical-sessions/presentation/kemerlis

Enforcing Forward-Edge Control-Flow Integrity in GCC & LLVM

This paper improves the CFI techniques proposed in the past with impractical assumptions and heuristic techniques which can only work in research environments. They present a fine-grained CFI techniques for modern GCC and LLVM compilers and claim to have significant reduction in overheads caused by previous CFI techniques and are thus more practical.

https://www.usenix.org/conference/usenixsecurity14/technical-sessions/presentation/tice

Dowsing for Overflows: A Guided Fuzzer to Find Buffer Boundary Violations

This paper presents a fuzzing mechanism to find buffer overflow vulnerabilities in programs. They utilize static analysis of the source code and taint analysis to determine which parts of the code are likely candidates to host buffer overflow violations. They however focus only the loops which accesses array as the potential points for buffer overflow in the system.

https://www.usenix.org/conference/usenixsecurity13/technical-sessions/papers/haller

Control Flow Integrity for COTS Binaries

This paper presents a new technique to apply CFI to binaries which do not have any debugging information in them, which most of the previous CFI techniques in the past depend on. They claim to be the first one to work on a large shared binary like libc and implement their CFI technique on it.

https://www.usenix.org/conference/usenixsecurity13/technical-sessions/presentation/Zhang

Transparent ROP Exploit Mitigation Using Indirect Branch Tracing

This paper uses indirect branch tracing techniques to prevent ROP attacks in Windows. Based on the observation that ROP attacks have a pattern of jumps and calls in a series, which is not common in programs, they use hardware indirect branch tracking technique to determine if the code running is a malicious ROP attack.

https://www.usenix.org/conference/usenixsecurity13/technical-sessions/paper/pappas

Seeing Through The Same Lens: Introspecting Guest Address Space At Native Speed

This is an interesting paper which aims to solve the problem of VMI by allowing memory access at native speeds. VMI techniques are usually slow because they tend to do memory translations in software as opposed to the VMs which actually use the MMU for translation. Allowing guest memory access at native speeds means the VMI techniques can perform much better now.

https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/zhao

Oscar: A Practical Page-Permissions-Based Scheme for Thwarting Dangling Pointers

This paper argues for the old technique to prevent dangling pointers by placing them on page boundaries and managing their permissions. They claim that recent techniques with canaries and guard pages are less efficient and secure when compares to the old techniques. Their mechanism doesn’t require the source code the programs, and also hammers down previous known limitations of this scheme.

https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/dang

Towards Efficient Heap Overflow Discovery

This paper presents a new mechanism to trace Heap overflow vulnerabilities in binary programs by analyzing heap allocation and heap access operations and performing in-depth offline analysis on the program flow graphs.

https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/jia

Efficient Protection of Path-Sensitive Control Security

This paper presents yet another variation of the CFI techniques that uses runtime path-sensitive analysis to determine legitimate control transfer targets. They have implemented a execution environment that enforces runtime path-sensitive CFI by using hardware monitoring and runtime point-to analysis.

https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/ding

Interesting but unrelated

Thwarting memory disclosure with efficient hypervisor-enforced intra-domain isolation.

http://ipads.se.sjtu.edu.cn/zh/publications/LiuCCS15.pdf

Security by Any Other Name: On the Effectiveness of Provider Based Email Security

http://dl.acm.org/citation.cfm?id=2813607

DeTrust: Defeating Hardware Trust Verification with Stealthy Implicitly-Triggered Hardware Trojans

http://dl.acm.org/citation.cfm?id=2660289

The Last Mile: An Empirical Study of Timing Channels on seL4

http://dl.acm.org/citation.cfm?id=2660294

ASIST: architectural support for instruction set randomization

http://dl.acm.org/citation.cfm?id=2516670

PIkit: A New Kernel-Independent Processor-Interconnect Rootkit

A kernel rootkit that hides itself without attacking the kernel by using the common flaws in modern hardware often used in the public cloud data centers.

https://www.usenix.org/conference/usenixsecurity16/technical-sessions/presentation/song

Tracking Rootkit Footprints with a Practical Memory Analysis System

This paper presents a fast and robust forensic analysis technique that can analyze memory snapshots to find out rootkits.

https://www.usenix.org/conference/usenixsecurity12/technical-sessions/presentation/cui

Capsicum: practical capabilities for UNIX

https://www.usenix.org/legacy/events/sec10/tech/full_papers/Watson.pdf

Q: Exploit Hardening Made Easy

https://www.usenix.org/legacy/events/sec11/tech/full_papers/Schwartz.pdf

The content of this repository are licensed under Apache License 2.0. Please see the [LICENSE](./LICENSE) for more details.