Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

Linux Foundation

SandBox Mode - New Execution Mode Between Kernel and User Space

Linux Foundation via YouTube

Overview

Explore a groundbreaking approach to mitigating kernel memory corruption vulnerabilities in this 30-minute conference talk. Dive into SandBox Mode (SBM), a novel execution mode that operates between kernel and user space. Learn how SBM executes potentially buggy code in its own address space, preventing unauthorized writes outside designated memory areas and preserving kernel integrity. Discover the advantages of SBM over existing solutions, including its 100% precision, suitability for production environments, and effectiveness without requiring hypervisors or hardware virtualization support. Understand the current limitations of SBM, such as the need to adapt functions for sandboxing and clearly define accessible data. Examine practical use cases, including parsing user-controlled data like security keys and boot logos. Gain insights into this innovative concept and its enforcement mechanisms, while participating in a discussion aimed at gathering feedback from kernel developers.

Syllabus

SandBox Mode (SBM) - New Execution Mode Between Kernel and User Space - Petr Tesarik, Self-employed

Taught by

Linux Foundation

Reviews

Start your review of SandBox Mode - New Execution Mode Between Kernel and User Space

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.