Overview
Explore the latest developments in the Kernel Self-Protection Project through this informative conference talk by Kees Cook from Google. Gain insights into security defenses implemented in Linux kernels 4.14 through 4.18, including vmapped stacks, structure randomization, SLUB freelist obfuscation, and more. Learn about the evolution of kernel CVE lifetimes, ongoing defense developments, and areas requiring further attention. Discover the speaker's extensive background in Free Software, his contributions to various projects, and his current focus on Linux kernel security features. Delve into topics such as bug lifetimes, failure modes, bug-fighting strategies, and upcoming features in kernel self-protection.
Syllabus
Intro
Context
What are we protecting
Bug life time
git history
long tail
dirtycow
Bugfighting
Failure modes
Bugs
Killing Bug Classes
Killing Exploitation
Kernel SelfProtection
Kernel Releases
Specter in Meltdown
Refcount Conversions
Internal Systems
Multiplication Overflows
SSB
Coming Features
Challenges
hypervisor
hypervisor magic bullet
questions
GCC plugin support
Taught by
Linux Foundation