Explore the current state of the Kernel Self Protection Project in this 46-minute conference talk by Kees Cook from Google. Learn about Linux's defensive technologies, the project's efforts to harden the kernel against attackers, and the importance of protecting Linux as it becomes increasingly prevalent in modern life. Gain insights into the types of threats Linux faces, available protection technologies, and the project's accomplishments over the past year. Discover ongoing efforts, future goals, and various bug classes and exploitation techniques addressed by the project. Understand the challenges faced by the Kernel Self Protection Project, including technical and resource-related issues, and get a glimpse into predictions for Linux kernel version 4.9.
The State of Kernel Self Protection Project
Overview
Syllabus
Status of the Kernel Self Protection Project
Kernel Security
Devices using Linux
Upstream Bug Lifetime
Fighting Bugs
Killing bugs is nice
Killing bug classes is better
Killing exploitation is best
Developers under KSPP umbrella
Bug class: Stack Overflow
Bug class: Integer overlunderflow
Bug class: Heap Overflow
Bug class: format string injection
Bug class: kernel pointer leak
Bug class: uninitialized variables
Exploitation finding the kernel
Exploitation Direct kernel overwrite
Exploitation: function pointer overwrite
Exploitation: userspace execution
Exploitation: userspace data
Exploitation Reused code chunks
Crystal Ball predictions for 4.9
Challenge Culture
Challenge: Technical
Challenge: Resources
Taught by
Linux Foundation
