Explore a 12-minute conference talk from USENIX Security '24 that introduces SeaK, an innovative approach to kernel heap security. Learn how researchers from multiple institutions collaborated to address the predominant heap-based exploitation attacks against the Linux kernel through a novel "atomic alleviation" strategy. Discover why traditional security designs for kernel allocators fall short and how SeaK's flexible approach provides superior heap protection without compromising performance or memory usage. Examine real-world implementation cases that demonstrate SeaK's effectiveness in strengthening heap security while maintaining excellent scalability and stability in production environments.
SeaK - Rethinking the Design of a Secure Allocator for OS Kernel
Overview
Syllabus
USENIX Security '24 - SeaK: Rethinking the Design of a Secure Allocator for OS Kernel
Taught by
USENIX
Related Courses
-
Understanding Page Spray in Linux Kernel Exploitation
-
iOS Kernel Heap Armageddon Revisited
-
Exploiting Android's Hardened Memory Allocator - Security Analysis and Exploitation Techniques
-
Kernel Self-Protection Project: Eliminating Bug Classes and Blocking Exploitation Techniques
-
A New Proposal for Protecting Kernel Data Memory
-
Fast Trapless Kernel Probes Everywhere - USENIX ATC '24
