Completed
function returns: "backward-edge"
Class Central Classrooms beta
YouTube videos curated by Class Central.
Classroom Contents
Control Flow Integrity in the Linux Kernel
Automatically move to the next video in the Classroom when playback concludes
- 1 Intro
- 2 Control Flow Integrity (CFI) in the Linux kernel
- 3 Attack method: write to kernel code!
- 4 What is writable and executable?
- 5 Attack method: call into kernel code!
- 6 direct function calls
- 7 indirect calls: "forward-edge"
- 8 function returns: "backward-edge"
- 9 What contains writable func ptrs?
- 10 What can attacker call? Any executable bytel
- 11 CFI: forward-edge protection
- 12 Forward-edge protection in Clang
- 13 Stock: without Clang CFL
- 14 Protected: with Clang CFI
- 15 Jump tables and type mangling
- 16 Better implementation ideas?
- 17 CFI: backward-edge protection
- 18 Backward-edge protection in Clang
- 19 Gotchas
- 20 Upstreaming status
- 21 Do it yourself!
- 22 What do failures look like?
- 23 Thoughts?