Explore a comprehensive conference talk on xMP, a novel approach to selective memory protection for both kernel and user space. Delve into the intricacies of memory corruption vulnerabilities and their exploitation by attackers to establish read and write primitives. Learn how xMP leverages virtualization technology to create an effective defense against data-oriented attacks. Discover the implementation of xMP using the Xen altp2m subsystem and its integration with the Linux memory management system. Examine the use of HMACs to protect pointers and ensure integrity validation. Gain insights into practical applications of xMP in protecting page tables, process credentials, and sensitive data in user-space applications. Analyze the evaluation results demonstrating xMP's minimal overhead and effectiveness in real-world scenarios.
XMP: Selective Memory Protection for Kernel and User Space
Overview
Syllabus
Intro
Introduction Motivation: Who watches the data?
Selective Memory Protection (XMP) MP in a Nutshell
The Xen alternate p2m (altp2m) Subsystem Virtualization Technology Recap
XMP Primitives
Integrating XMP into Linux
Implemented Use Cases Protecting Sensitive Data Structures in Kernel Space
Evaluation
Conclusion
Taught by
IEEE Symposium on Security and Privacy
