the state of kernel self protection
play

The State of Kernel Self Protection Linux Security Summit NA August - PowerPoint PPT Presentation

Apr 25, 2023 •274 likes •431 views

The State of Kernel Self Protection Linux Security Summit NA August 27, 2018 Vancouver, Canada Kees (Case) Cook keescook@chromium.org @kees_cook https://outflux.net/slides/2018/lss/kspp.pdf Kernel Self Protection Project

  1. The State of Kernel Self Protection Linux Security Summit NA August 27, 2018 Vancouver, Canada Kees (“Case”) Cook keescook@chromium.org @kees_cook https://outflux.net/slides/2018/lss/kspp.pdf

  2. Kernel Self Protection Project https://kernsec.org/wiki/index.php/Kernel_Self_Protection_Project ● KSPP focuses on the kernel protecting the kernel from attack (e.g. ● refcount overflow) rather than the kernel protecting userspace from attack (e.g. brute force detection) but any area of related development is welcome Currently ~12 organizations and ~10 individuals working on about ● ~20 technologies Slow and steady ●

  3. Upstream Bug Lifetime ● In 2010 Jon Corbet researched security flaws, and found that the average time between introduction and fix was about 5 years. ● My analysis of Ubuntu CVE tracker for the kernel from 2011 through 2018 has now creeped up to 6 years: – Critical: 3 @ 5.3 years – High: 71 @ 5.9 years – Medium: 662 @ 5.9 years – Low: 313 @ 5.9 years

  4. critical & high CVE lifetimes

  5. A year's worth of kernel releases ...

  6. v4.14 ● 3 r conversions (bikeshedding stall) e f c o u n t _ t ● randstruct plugin (automatic mode) ● SLUB freelist pointer obfuscation ● structleak plugin (by-reference mode) ● V , arm64 M A P _ S T A C K ● s removal progress e t _ f s ( ) ● s balance detection, x86, arm64, arm e t _ f s ( )

  7. v4.15 ● 35 r conversions (32 remaining...) e f c o u n t _ t ● PTI, x86 ● retpoline ● s . field removal t r u c t t i m e r _ l i s t d a t a ● fast refcount overflow protection, x86 (also in v4.14 -stable) ● % hashing p

  8. v4.16 ● 12 r conversions (20 more?) e f c o u n t _ t ● PTI, arm64 ● hardened usercopy whitelisting ● C O N F I G _ C C _ S T A C K P R O T E C T O R _ A U T O

  9. v4.17 ● 51 VLAs removed (80 remaining...) ● Clear stack on fork ● More fixes to stack RLIMIT on exec ● M A P _ F I X E D _ N O R E P L A C E ● Unused register clearing on syscall entry, x86 ● Speculative Store Bypass Disable, x86

  10. v4.18 ● 38 VLAs removed (42 remaining...) ● Arithmetic overflow detection helpers ● Allocation overflow detection refactoring ● Speculative Store Bypass Disable, arm64

  11. Expected for v4.19 ● 33 VLAs removed (9 remaining: all in crypto API) ● Shift overflow helpers ● L1TF defenses ● Restrict O for existing files and pipes in / _ C R E A T t m p ● Unused register clearing on syscall entry, arm64 ● Speculative Store Bypass Disable, arm64

  12. Hopefully in v4.20 ● VLAs removed completely, - added W v l a ● stackleak gcc plugin (x86 and arm64)

  13. Various soon and not-so-soon features ● Link-Time Optimization ● Control Flow Integrity ● eXclusive Page Frame Owner ● integer overflow detection ● switch fallthrough marking ● per-task stack canary, non-x86 ● SMAP emulation, x86 ● per-CPU page tables ● brute force detection ● read-only page tables ● write-rarely memory ● {str,mem}cpy alloc size checks ● memory tagging ● hardened slab allocator ● KASLR, arm ● hypervisor magic :)

  14. Challenges Cultural : Conservatism, Responsibility, Sacrifice, Patience Technical : Complexity, Innovation, Collaboration Resources : Dedicated Developers, Reviewers, Testers, Backporters

  15. Thoughts? Kees (“Case”) Cook keescook@chromium.org keescook@google.com kees@outflux.net https://outflux.net/slides/2018/lss/kspp.pdf http://www.openwall.com/lists/kernel-hardening/ http://kernsec.org/wiki/index.php/Kernel_Self_Protection_Project

Recommend

1 Processes and the Kernel The Kernel Processes and the Kernel The Kernel Today, all

1 Processes and the Kernel The Kernel Processes and the Kernel The Kernel Today, all

Memory Protection Memory Protection Paging Virtual memory provides protection by: Each process (user or OS) has different virtual memory space. Machines and Virtualization Machines and Virtualization The OS maintain the page tables

83 views • 5 slides
1 CPU Events: Interrupts and Exceptions CPU Events: Interrupts and Exceptions Protecting Entry

1 CPU Events: Interrupts and Exceptions CPU Events: Interrupts and Exceptions Protecting Entry

Processes and the Kernel Processes and the Kernel The kernel sets processes up process in private data data execution Processes, Protection and the Kernel: Processes, Protection and the Kernel: virtual contexts to address

540 views • 9 slides
The State of Kernel Self Protection Linux Conf AU, Sydney Jan 26, 2018 Kees (Case) Cook

The State of Kernel Self Protection Linux Conf AU, Sydney Jan 26, 2018 Kees (Case) Cook

The State of Kernel Self Protection Linux Conf AU, Sydney Jan 26, 2018 Kees (Case) Cook keescook@chromium.org @kees_cook https://outflux.net/slides/2018/lca/kspp.pdf Agenda Background Why we need to change what were doing

695 views • 57 slides
Processes, Protection and the Kernel: Processes, Protection and the Kernel: Mode, Space, and

Processes, Protection and the Kernel: Processes, Protection and the Kernel: Mode, Space, and

Processes, Protection and the Kernel: Processes, Protection and the Kernel: Mode, Space, and Context Mode, Space, and Context Processes and the Kernel Processes and the Kernel The kernel sets processes up process in private data data

614 views • 50 slides
Kernel Self Protection Kernel Summit 2016, Santa Fe Kees (Case) Cook keescook@chromium.org

Kernel Self Protection Kernel Summit 2016, Santa Fe Kees (Case) Cook keescook@chromium.org

Kernel Self Protection Kernel Summit 2016, Santa Fe Kees (Case) Cook keescook@chromium.org @kees_cook http://kernsec.org/wiki/index.php/Kernel_Self_Protection_Project http://www.openwall.com/lists/kernel-hardening/

494 views • 21 slides
Linux Kernel Networking Raoul Rivas Kernel vs Application Programming No memory protection

Linux Kernel Networking Raoul Rivas Kernel vs Application Programming No memory protection

Linux Kernel Networking Raoul Rivas Kernel vs Application Programming No memory protection Memory Protection We share memory with Segmentation Fault devices, scheduler Preemption Sometimes no preemption Scheduling

377 views • 25 slides
Linux Kernel Self Protection Project Kernel Recipes, Paris September 28, 2017 Kees (Case)

Linux Kernel Self Protection Project Kernel Recipes, Paris September 28, 2017 Kees (Case)

Linux Kernel Self Protection Project Kernel Recipes, Paris September 28, 2017 Kees (Case) Cook keescook@chromium.org https://outflux.net/slides/2017/kr/kspp.pdf Agenda Background Security in the context of this presentation

800 views • 59 slides
Security While protection has been discussed throughout the class kernel vs. user mode,

Security While protection has been discussed throughout the class kernel vs. user mode,

Security While protection has been discussed throughout the class kernel vs. user mode, protected memory, file permissions these mechanisms have generally been focused on protection from accidental misuse (software bugs, novice

463 views • 13 slides
CSCI 350 Ch. 2 The Kernel Abstraction & Protection Mark Redekopp 2 PROCESSES &

CSCI 350 Ch. 2 The Kernel Abstraction & Protection Mark Redekopp 2 PROCESSES &

1 CSCI 350 Ch. 2 The Kernel Abstraction & Protection Mark Redekopp 2 PROCESSES & PROTECTION 3 Processes Program/Process Process 1,2,3, (def 1.) Address Space + Threads 0xffff ffff 1 or more threads Kernel

794 views • 35 slides
The Kernel (and Process) Abstraction Chapter 2-3 OSPP Part I Announcements Today: kernel

The Kernel (and Process) Abstraction Chapter 2-3 OSPP Part I Announcements Today: kernel

The Kernel (and Process) Abstraction Chapter 2-3 OSPP Part I Announcements Today: kernel Asynchrony Processes Protection Kernel The software component that controls the hardware directly and implements the core privileged OS

934 views • 62 slides
Protection Issues I/O protection Protection and System Calls Prevent users from

Protection Issues I/O protection Protection and System Calls Prevent users from

Protection Issues I/O protection Protection and System Calls Prevent users from performing illegal I/Os Memory protection Otto J. Anshus Prevent users from modifying kernel code and data (including slides from Kai Li,

350 views • 6 slides
Midterm Review OS Structure User mode/ kernel mode Memory protection, privileged

Midterm Review OS Structure User mode/ kernel mode Memory protection, privileged

Midterm Review OS Structure User mode/ kernel mode Memory protection, privileged instructions System call Definition, examples, how it works? Other concepts to know Monolithic kernel vs. Micro kernel 2 API - System Call -

830 views • 28 slides
DDoS protection Using Netfilter/iptables Jesper Dangaard Brouer Senior Kernel Engineer, Red Hat

DDoS protection Using Netfilter/iptables Jesper Dangaard Brouer Senior Kernel Engineer, Red Hat

DDoS protection Using Netfilter/iptables Jesper Dangaard Brouer Senior Kernel Engineer, Red Hat RMLL Montpellier, July 2014 1/36 Email: brouer@redhat.com / netoptimizer@brouer.com / hawk@kernel.org DDoS protection using Netfilter/iptables

822 views • 38 slides
Kernel Methods Lei Tang Arizona State University Jul. 26th, 2007 Lei Tang Kernel Methods

Kernel Methods Lei Tang Arizona State University Jul. 26th, 2007 Lei Tang Kernel Methods

Kernel Methods Lei Tang Arizona State University Jul. 26th, 2007 Lei Tang Kernel Methods Introduction Linear parametric models for regression and classification. Memory-based methods: Parzen probability density estimation, k-nearest

1.01k views • 63 slides
kR^X Comprehensive Kernel Protection against Just-In-Time Code Reuse Marios Pomonis 1 Theofilos

kR^X Comprehensive Kernel Protection against Just-In-Time Code Reuse Marios Pomonis 1 Theofilos

Introduction RX Fine-grained KASLR Evaluation kR^X Comprehensive Kernel Protection against Just-In-Time Code Reuse Marios Pomonis 1 Theofilos Petsios 1 Angelos D. Keromytis 1 Michalis Polychronakis 2 Vasileios P. Kemerlis 3 1 Columbia

1.18k views • 66 slides
Separation Kernel Protection Profile Revisited: Choices and Rationale Layered Assurance Workshop

Separation Kernel Protection Profile Revisited: Choices and Rationale Layered Assurance Workshop

Separation Kernel Protection Profile Revisited: Choices and Rationale Layered Assurance Workshop 2010 Austin, Texas Timothy Levin, Thuy Nguyen, Cynthia Irvine, Michael McEvilley LAW 2010 Overview Purpose Help users of SKPP understand

383 views • 17 slides
x86 Memory Protection User System Calls Kernel and Translation RCU File System Networking

x86 Memory Protection User System Calls Kernel and Translation RCU File System Networking

8/31/12 Logical Diagram Binary Memory Threads Formats Allocators x86 Memory Protection User System Calls Kernel and Translation RCU File System Networking Sync Todays Lecture Don Porter (focus on CSE 506 Memory Device

576 views • 9 slides
Status of the Kernel Self Protection Project Linux Security Summit 2016 Aug 25-26, Toronto Kees

Status of the Kernel Self Protection Project Linux Security Summit 2016 Aug 25-26, Toronto Kees

Status of the Kernel Self Protection Project Linux Security Summit 2016 Aug 25-26, Toronto Kees (Case) Cook keescook@chromium.org https://outflux.net/slides/2016/lss/kspp.pdf Agenda Background Security in the context of this

464 views • 42 slides
Protection Disclaimer: some slides are adopted from book authors slides with permission 1

Protection Disclaimer: some slides are adopted from book authors slides with permission 1

Protection Disclaimer: some slides are adopted from book authors slides with permission 1 Examples of OS Protection Memory protection Between user processes Between user and kernel File protection Prevent unauthorized

783 views • 39 slides
Protection Disclaimer: some slides are adopted from book authors slides with permission 1

Protection Disclaimer: some slides are adopted from book authors slides with permission 1

Protection Disclaimer: some slides are adopted from book authors slides with permission 1 Today Protection Security 2 Examples of OS Protection Memory protection Between user processes Between user and kernel File

953 views • 51 slides
The State of New Jerseys Shore Protection Program State of New Jersey Chris Christie,

The State of New Jerseys Shore Protection Program State of New Jersey Chris Christie,

The State of New Jerseys Shore Protection Program State of New Jersey Chris Christie, Governor Dept. of Environmental Protection Bob Martin, Commissioner Engineering & Construction Dave Rosenblatt, Assistant Commissioner Division of

210 views • 7 slides
Linux Kernel Self Protection Project Linux Security Summit, Los Angeles September 14, 2017 Kees

Linux Kernel Self Protection Project Linux Security Summit, Los Angeles September 14, 2017 Kees

Linux Kernel Self Protection Project Linux Security Summit, Los Angeles September 14, 2017 Kees (Case) Cook keescook@chromium.org https://outflux.net/slides/2017/lss/kspp.pdf Agenda Background Security in the context of

652 views • 52 slides
Cross ring data move 1. Segmentation based protection breaks 2. Kernel level actual data move

Cross ring data move 1. Segmentation based protection breaks 2. Kernel level actual data move

Advanced Operating Systems MS degree in Computer Engineering University of Rome Tor Vergata Lecturer: Francesco Quaglia Cross ring data move 1. Segmentation based protection breaks 2. Kernel level actual data move facilities 3. Enhanced

359 views • 24 slides
Countering Kernel Rootkits with Lightweight Hook Protection Michal Sekletar College of

Countering Kernel Rootkits with Lightweight Hook Protection Michal Sekletar College of

Countering Kernel Rootkits with Lightweight Hook Protection Michal Sekletar College of Engineering and Computer Science Orlando, FL April 2, 2012 Michal Sekletar (University of Central Florida) April 2, 2012 1 / 14 Acknowledgment

177 views • 14 slides

More recommend