widely used but out of tree
play

Widely Used But Out-Of-Tree Kees Cook (that's pronounced Case) - PowerPoint PPT Presentation

Mar 02, 2024 •782 likes •919 views

Widely Used But Out-Of-Tree Kees Cook (that's pronounced Case) kees.cook@canonical.com Linux Security Summit Boston, Aug 2010 http://people.canonical.com/~kees/slides/out-of-tree.pdf Internal use only 1 Agenda Past

  1. Widely Used But Out-Of-Tree Kees Cook (that's pronounced “Case”) kees.cook@canonical.com Linux Security Summit Boston, Aug 2010 http://people.canonical.com/~kees/slides/out-of-tree.pdf Internal use only 1

  2. Agenda • Past successes/compromises • Current successes • Living outside of mainline • Why isn't it upstream? • Cultural shift for the Linux kernel community Internal use only 2

  3. Past successes/compromises (userspace) • SELinux • ASLR of stack, mmap, exec, brk (x86 mostly) • SECCOMP (x86 mostly) • TOMOYO • SMACK • AT_RANDOM Internal use only 3

  4. Past successes/compromises (kernel) • mmap_min_addr • /dev/mem restrictions (x86 mostly) • CC_STACKPROTECTOR (x86 mostly) Internal use only 4

  5. Current successes • AppArmor – In for 5 years on SUSE, 4 on Ubuntu • Yama Internal use only 5

  6. Living outside of mainline (part 1) symlink/hardlink restrictions, 15 years old • – OpenWall, grsecurity, Ubuntu partial NX emulation, 10 years old • – grsecurity, RedHat/Fedora, SUSE, Ubuntu ASCII-armored addresses, 6 years old • – RedHat/Fedora, SUSE, Ubuntu (partially) PTRACE restrictions, 4 years old? • – grsecurity, Ubuntu Internal use only 6

  7. Living outside of mainline (part 2) fifo, /proc, NPROC, SHM restrictions, 8 years old? • – OpenWall, grsecurity RSBAC, 5 years old? • – Mandriva • mprotect, and a giant list of other things, many via PaX – grsecurity Internal use only 7

  8. Why isn't it upstream? • No one has tried • (Unreasonable) objections Internal use only 8

  9. Objections (part 1) • “this is a hack” – yet majority/many/some distros use it? • “... but at the cost of speed” – why can't this be a choice? Internal use only 9

  10. Objections (part 2) “the perfect is the enemy of the good” • – defense against attack is, like biological systems, a matter of probability – better to have an imperfect heuristic than a missing perfect system – work around changes in userspace semantics (we are, after all, a Free Software community, right?) – “perfect” is absolutely impossible (kernel vulnerabilities frequently undermine all other defense systems) Internal use only 10

  11. Cultural shift for the Linux kernel community • Acknowledge that vulnerabilities are a way of life • Lose the prejudice against optional defense mechanisms • Take responsibility to create a pro-actively secure system Internal use only 11

  12. Thank you for your time kees.cook@canonical.com Internal use only 12

Recommend

B+ tree a dynamic structure that adjusts to changes in the file gracefully. It is the the

B+ tree a dynamic structure that adjusts to changes in the file gracefully. It is the the

B+ tree a dynamic structure that adjusts to changes in the file gracefully. It is the the most widely used structure because it adjusts well to changes and supports both equality and range queries. It is a balanced tree in which the internal

280 views • 12 slides
Tree-sitter @maxbrunsfeld What is Tree-sitter? Why I wrote Tree-sitter What were

Tree-sitter @maxbrunsfeld What is Tree-sitter? Why I wrote Tree-sitter What were

Tree-sitter @maxbrunsfeld What is Tree-sitter? Why I wrote Tree-sitter What were building with Tree-sitter at GitHub Algorithms behind Tree-sitter What is Tree-si tu er? Uniform parsing of di ff erent languages if (a) c();

772 views • 75 slides
Another tree example Phylogenetic tree Patient 1 Plan Clone Phylogeny B C RFTA16 Om1

Another tree example Phylogenetic tree Patient 1 Plan Clone Phylogeny B C RFTA16 Om1

Another tree example Phylogenetic tree Patient 1 Plan Clone Phylogeny B C RFTA16 Om1 Tree ADT A E ROv1 SBwl D G Tree recursion F H I Tree traversal ROv2 SBwlE4 Search and score n Search runtime O(2 ) Pass message

311 views • 9 slides
PLTree A tree programming language Overview Philosophy: Everything is a tree All data structures

PLTree A tree programming language Overview Philosophy: Everything is a tree All data structures

PLTree A tree programming language Overview Philosophy: Everything is a tree All data structures are built on the tree A primitive type is a tree with a single node at the root and no leaves A string is a tree of characters A function is a

370 views • 13 slides
Education Endowment (TREE) Fund TREE Fund is a 501(c)3 nonprofit organization that supports

Education Endowment (TREE) Fund TREE Fund is a 501(c)3 nonprofit organization that supports

Tree Research and Education Endowment (TREE) Fund TREE Fund is a 501(c)3 nonprofit organization that supports scientific discovery and dissemination of new knowledge in arboriculture and urban forestry. TREE Fund Grant Awards TREE Fund has

441 views • 10 slides
Decision Tree Decision Trees A decision tree is a decision support tool that uses a tree-like

Decision Tree Decision Trees A decision tree is a decision support tool that uses a tree-like

Decision Tree Decision Trees A decision tree is a decision support tool that uses a tree-like graph or model of decisions and their possible MSE 2400 EaLiCaRA consequences, including chance event Dr. Tom Way outcomes, resource costs, and

568 views • 8 slides
The R-Tree Yufei Tao ITEE University of Queensland INFS4205/7205, Uni of Queensland The R-Tree

The R-Tree Yufei Tao ITEE University of Queensland INFS4205/7205, Uni of Queensland The R-Tree

The R-Tree Yufei Tao ITEE University of Queensland INFS4205/7205, Uni of Queensland The R-Tree We will study a new structure called the R-tree, which can be thought of as a multi-dimensional extension of the B-tree. The R-tree supports e ffi

1.11k views • 85 slides
Session 12 Tree-based models: tree and rpart Two libraries The tree library is like the

Session 12 Tree-based models: tree and rpart Two libraries The tree library is like the

Session 12 Tree-based models: tree and rpart Two libraries The tree library is like the S-PLUS native library and implements the traditional S-PLUS tree technology The rpart library is due to Beth Atkinson and Terry Therneau of the Mayo

501 views • 28 slides
Are Hybrid Physical Designs Important? 1 B+ tree 2 C O L B+ tree 3 ? C O L C O L B+ tree

Are Hybrid Physical Designs Important? 1 B+ tree 2 C O L B+ tree 3 ? C O L C O L B+ tree

Columnstore and B+ tree Are Hybrid Physical Designs Important? 1 B+ tree 2 C O L B+ tree 3 ? C O L C O L B+ tree B+ tree B+ tree & Columnstore on same table = Hybrid design 4 ? C O L C O L B+ tree B+ tree Are Hybrid

1.09k views • 79 slides
Definitions Binary Search Tree: n Tree: hierarchical structure made of nodes with father-son

Definitions Binary Search Tree: n Tree: hierarchical structure made of nodes with father-son

Advanced Programming Binary Search Tree Binary Search Tree Introduction Binary Search Tree, o BST implement dictionaries or ordered queues elements stored are ordered according to a key Efficient (log n) operations S EARCH , M INIMUM , M

362 views • 32 slides
In prokaryotic cells (which are widely used as host cells in bio- engineering), enzymes are

In prokaryotic cells (which are widely used as host cells in bio- engineering), enzymes are

In prokaryotic cells (which are widely used as host cells in bio- engineering), enzymes are often widely separated among the cytoplasm. Traditional ways to elevate the concentration of substrates and enzymes in the specific area of the

601 views • 49 slides
Learning to Branch Balcan, Dick, Sandholm, Vitercik Introduction Parameter tuning tedious and

Learning to Branch Balcan, Dick, Sandholm, Vitercik Introduction Parameter tuning tedious and

Learning to Branch Balcan, Dick, Sandholm, Vitercik Introduction Parameter tuning tedious and time-consuming Algorithm configuration using Machine Learning Focus on tree search algorithms Branch-and-Bound Tree Search Widely

396 views • 17 slides
Solving Device Tree Issues Use of device tree is mandatory for all new ARM systems. But the

Solving Device Tree Issues Use of device tree is mandatory for all new ARM systems. But the

Solving Device Tree Issues Use of device tree is mandatory for all new ARM systems. But the implementation of device tree has lagged behind the mandate. The first priority has been correct function. Lower priorities include device tree

2.4k views • 183 slides
Eastern Shores (GHOTES) DNA A Family Tree DNA Project Family Tree DNA Family Tree DNA or

Eastern Shores (GHOTES) DNA A Family Tree DNA Project Family Tree DNA Family Tree DNA or

Eastern Shores (GHOTES) DNA A Family Tree DNA Project Family Tree DNA Family Tree DNA or FTDNA is one of the larger DNA testing companies. An alternative to Ancestry.com or AncestryDNA. Your (autosomal) test from another

284 views • 6 slides
CS 764: Topics in Database Management Systems Lecture 9: B-tree Locking Xiangyao Yu 10/5/2020 1

CS 764: Topics in Database Management Systems Lecture 9: B-tree Locking Xiangyao Yu 10/5/2020 1

CS 764: Topics in Database Management Systems Lecture 9: B-tree Locking Xiangyao Yu 10/5/2020 1 Todays Paper: B-tree Locking ACM Trans. Database Syst. 1981 2 Agenda Index in OLTP database B tree, B+ tree, and B* tree B link -tree 3

528 views • 34 slides
1 Widely distributed in the environment plants, soil, animal, water, dirt, dust may be

1 Widely distributed in the environment plants, soil, animal, water, dirt, dust may be

This presentation is the property of Regulatory Essentials Specialists, Inc and can not be used without expressed written permission from RES, Inc Opening remarks Highlight what we will cover and how it will be covered 1 Widely distributed

685 views • 21 slides
Tree Identification Techniques Massachusetts Qualified Tree Warden Course Learning Objectives

Tree Identification Techniques Massachusetts Qualified Tree Warden Course Learning Objectives

Tree Identification Techniques Massachusetts Qualified Tree Warden Course Learning Objectives Recognize why tree ID is important Recognize principles of ID and classification, including binomial nomenclature Identify common tree parts

1.03k views • 79 slides
The Bw-Tree: A B-tree for New Hardware Platforms Author: J. Levandoski et al. B uzz w ord The

The Bw-Tree: A B-tree for New Hardware Platforms Author: J. Levandoski et al. B uzz w ord The

The Bw-Tree: A B-tree for New Hardware Platforms Author: J. Levandoski et al. B uzz w ord The Bw-Tree: A B-tree for New Hardware Platforms DRAM + Flash storage Author: J. Levandoski et al. Hardware Trends Multi-core + large main

588 views • 29 slides
AVL Trees AVL Tree AVL trees are Height of an AVL Tree 4 balanced. 44 Insertion and

AVL Trees AVL Tree AVL trees are Height of an AVL Tree 4 balanced. 44 Insertion and

AVL Trees AVL Tree AVL trees are Height of an AVL Tree 4 balanced. 44 Insertion and restructuring An AVL Tree is a 2 3 Removal and restructuring 17 78 binary search tree Costs 1 2 1 such that for every 32 50 88 internal

294 views • 7 slides
CMSC 206 Introduction to Trees 1 Tree ADT n Tree definition q A tree is a set of nodes

CMSC 206 Introduction to Trees 1 Tree ADT n Tree definition q A tree is a set of nodes

CMSC 206 Introduction to Trees 1 Tree ADT n Tree definition q A tree is a set of nodes which may be empty q If not empty, then there is a distinguished node r , called root and zero or more non-empty subtrees T 1 , T 2 , T k , each

449 views • 29 slides
Why the Junction Tree Algorithm? The Junction Tree Algorithm The JTA is a general-purpose

Why the Junction Tree Algorithm? The Junction Tree Algorithm The JTA is a general-purpose

Why the Junction Tree Algorithm? The Junction Tree Algorithm The JTA is a general-purpose algorithm for computing (conditional) marginals on graphs. It does this by creating a tree of cliques, and carrying out a Chris Williams 1 message-passing

186 views • 7 slides
Computing a tree http://faculty.washington.edu/jht/GS559_2013/ Genome 559: Introduction to

Computing a tree http://faculty.washington.edu/jht/GS559_2013/ Genome 559: Introduction to

Computing a tree http://faculty.washington.edu/jht/GS559_2013/ Genome 559: Introduction to Statistical and Computational Genomics Prof. James H. Thomas Defining what a tree means unrooted tree (used when rooted tree (all real trees are

384 views • 19 slides
AVL Trees Section 4.4 39 AVL Tree A balanced tree Ensures log running time for

AVL Trees Section 4.4 39 AVL Tree A balanced tree Ensures log running time for

AVL Trees Section 4.4 39 AVL Tree A balanced tree Ensures log running time for search, insert, and delete A simple and relaxed definition for balance log log : Too restrictive 40 Balanced Tree Height(null) =

415 views • 14 slides
CSE 373: AVL trees Question: is this also an AVL tree? 2 5 6 10 9 8 12 11 13 14 5 AVL

CSE 373: AVL trees Question: is this also an AVL tree? 2 5 6 10 9 8 12 11 13 14 5 AVL

CSE 373: AVL trees Question: is this also an AVL tree? 2 5 6 10 9 8 12 11 13 14 5 AVL tree invariants review 6 4 2 1 4 3 5 8 7 12 10 9 11 13 3 7 Michael Lee Question: is this a valid AVL tree? Friday, Jan 19, 2018 1

371 views • 6 slides

More recommend