Most systems have a super-user, such as “root” or “administrator” which is permitted to bypass access controls, disable security features, and interact directly with system hardware. Administrator-level access is generally restricted by the operating system kernel, as well as by authentication mechanisms for the root user. As a result, many systems developers are led to believe that they just need to prevent users or attackers from gaining “root” level access on the system in order to be secure. Unfortunately this approach has continued to be proven insufficient in real-world systems, most recently by the Mirai IoT botnet malware and the 9-year old kernel vulnerability (CVE-2016-5195).

Read More