Control Flow Integrity in the Linux Kernel

Control Flow Integrity in the Linux Kernel

linux.conf.au via YouTube Direct link

Attack method: write to kernel code!

3 of 23

3 of 23

Attack method: write to kernel code!

Class Central Classrooms beta

YouTube videos curated by Class Central.

Classroom Contents

Control Flow Integrity in the Linux Kernel

Automatically move to the next video in the Classroom when playback concludes

  1. 1 Intro
  2. 2 Control Flow Integrity (CFI) in the Linux kernel
  3. 3 Attack method: write to kernel code!
  4. 4 What is writable and executable?
  5. 5 Attack method: call into kernel code!
  6. 6 direct function calls
  7. 7 indirect calls: "forward-edge"
  8. 8 function returns: "backward-edge"
  9. 9 What contains writable func ptrs?
  10. 10 What can attacker call? Any executable bytel
  11. 11 CFI: forward-edge protection
  12. 12 Forward-edge protection in Clang
  13. 13 Stock: without Clang CFL
  14. 14 Protected: with Clang CFI
  15. 15 Jump tables and type mangling
  16. 16 Better implementation ideas?
  17. 17 CFI: backward-edge protection
  18. 18 Backward-edge protection in Clang
  19. 19 Gotchas
  20. 20 Upstreaming status
  21. 21 Do it yourself!
  22. 22 What do failures look like?
  23. 23 Thoughts?

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.