SandBox Mode - New Execution Mode Between Kernel and User Space

Explore a groundbreaking approach to mitigating kernel memory corruption vulnerabilities in this 30-minute conference talk. Dive into SandBox Mode (SBM), a novel execution mode that operates between kernel and user space. Learn how SBM executes potentially buggy code in its own address space, preventing unauthorized writes outside designated memory areas and preserving kernel integrity. Discover the advantages of SBM over existing solutions, including its 100% precision, suitability for production environments, and effectiveness without requiring hypervisors or hardware virtualization support. Understand the current limitations of SBM, such as the need to adapt functions for sandboxing and clearly define accessible data. Examine practical use cases, including parsing user-controlled data like security keys and boot logos. Gain insights into this innovative concept and its enforcement mechanisms, while participating in a discussion aimed at gathering feedback from kernel developers.