filmov
tv
Thwarting Unknown Bugs: Hardening Features in the Mainline Linux Kernel
Показать описание
Thwarting Unknown Bugs: Hardening Features in the Mainline Linux Kernel - Mark Rutland, ARM
Over the last few years, it has become increasingly apparent that bugs in the Linux kernel are being exploited on deployed systems. Even when these are fixed promptly upstream, the realities of deployment mean that systems and their users can remain vulnerable for long periods afterwards.
In response to this, effort has been placed into kernel hardening: modifying the kernel to reduce the attack surface, making entire classes of attack more difficult if not impossible. A number of hardening features have made it into the mainline Linux kernel, and while not a perfect defence, the use of these features can help to mitigate the impact of bugs not yet fixed or even known about.
This presentation will cover hardening features available in the mainline Linux kernel, what they protect against, and their limitations. Attendees can learn the benefits and trade-offs of these features.
About Mark Rutland
Mark Rutland is a kernel developer at ARM Ltd, based in Cambridge, UK. Mark contributes to the arm and arm64 ports, working on boot infrastructure and firmware interfaces (e.g. ACPI, DT, PSCI, UEFI), working on both the kernel support code and the specifications themselves. Along with others he co-maintains Device Tree bindings and PSCI support.
Over the last few years, it has become increasingly apparent that bugs in the Linux kernel are being exploited on deployed systems. Even when these are fixed promptly upstream, the realities of deployment mean that systems and their users can remain vulnerable for long periods afterwards.
In response to this, effort has been placed into kernel hardening: modifying the kernel to reduce the attack surface, making entire classes of attack more difficult if not impossible. A number of hardening features have made it into the mainline Linux kernel, and while not a perfect defence, the use of these features can help to mitigate the impact of bugs not yet fixed or even known about.
This presentation will cover hardening features available in the mainline Linux kernel, what they protect against, and their limitations. Attendees can learn the benefits and trade-offs of these features.
About Mark Rutland
Mark Rutland is a kernel developer at ARM Ltd, based in Cambridge, UK. Mark contributes to the arm and arm64 ports, working on boot infrastructure and firmware interfaces (e.g. ACPI, DT, PSCI, UEFI), working on both the kernel support code and the specifications themselves. Along with others he co-maintains Device Tree bindings and PSCI support.
Thwarting Unknown Bugs: Hardening Features in the Mainline Linux Kernel
Syzbot and the Tale of Thousand Kernel Bugs - Dmitry Vyukov, Google
Kernel Hardening: Protecting the Protection Mechanisms - Igor Stoppa, Huawei
098 - A too trusty TrustZone and a few Linux Kernel bugs [Binary Exploitation Podcast]
IoT Security: A Hardened Kernel Protects Devices From Attacks
2018 - The spectre of hardware bugs
The IoT botnet wars, Linux devices, and the absence of basic security hardening
Razzer: Finding Kernel Race Bugs through Fuzzing
kR^X: Comprehensive Kernel Protection Against Just-In-Time Code Reuse
The State of Kernel Self Protection Project by Kees Cook, Google
0x16b Tracking Linux Kernel bugs in Kernel.org Bugzilla (or Bugzee as we call it in the Industry)
![[ENG] Alexander Popov:](https://i.ytimg.com/vi/oF8K9-8fXMQ/hqdefault.jpg)
[ENG] Alexander Popov: 'How STACKLEAK improves Linux kernel security'
Linux: Detecting/thwarting system modification or use of single user mode (2 Solutions!!)
Does making the kernel harder make making the kernel harder?
Secure Containers Using Kernel Self-Protection
LPC2019 - Touch but don’t look: Running the kernel in execute only memory
#HITB2016AMS D2T2 - Perf: From Profiling To Kernel Exploiting - Wish Wu
'Kernel Hardening for 32-bit Arm Processors' - Keith Packard (LCA 2022 Online)
Kernel Recipes 2017 - The State of Kernel Self-Protection - Kees Cook
Linux Hardening for Home - Part 3
The Lovecraftian Entity Iceberg Explained
Finding Linux Kernel Bugs with Syzkaller: Debugging the Kernel pt2
Flock 2015 - How to get your kernel bugs fixed - Justin Forbes
