Overview
Explore a 12-minute conference talk from USENIX Security '24 that introduces SeaK, an innovative approach to kernel heap security. Learn how researchers from multiple institutions collaborated to address the predominant heap-based exploitation attacks against the Linux kernel through a novel "atomic alleviation" strategy. Discover why traditional security designs for kernel allocators fall short and how SeaK's flexible approach provides superior heap protection without compromising performance or memory usage. Examine real-world implementation cases that demonstrate SeaK's effectiveness in strengthening heap security while maintaining excellent scalability and stability in production environments.
Syllabus
USENIX Security '24 - SeaK: Rethinking the Design of a Secure Allocator for OS Kernel
Taught by
USENIX