LinuxSecuritySummit2010/Abstracts/Spengler Linux

From Linux Security Wiki (obsolete)
(Difference between revisions)
Jump to: navigation, search
(Created page with '== Title == Linux Security in 10 Years == Author == Brad Spengler, grsecurity == Abstract == In the presentation I'll touch on a number of topics ranging from exploitation t…')
 
 
Line 3: Line 3:
 
Linux Security in 10 Years
 
Linux Security in 10 Years
  
== Author ==
+
== Presenter ==
  
 
Brad Spengler, grsecurity
 
Brad Spengler, grsecurity

Latest revision as of 09:55, 15 June 2010

[edit] Title

Linux Security in 10 Years

[edit] Presenter

Brad Spengler, grsecurity

[edit] Abstract

In the presentation I'll touch on a number of topics ranging from exploitation to security model theorizing to prevention. I'll provide a brief discussion of lessons learned from last year's exploit releases, a discussion of the real-life implications of the kernel being in the TCB, a description of what grsecurity is doing right now in terms of kernel self-protection, and an outline of our ultimate goal for kernel self-protection. Current self-protection involves removing classes of bugs from the set of bugs exploitable for privilege escalation, removing information leaks from the kernel that are greatly useful to an attacker, 'constify'-ing function pointers and other targets of interest, removing arbitrary code execution, and hardening allocators and user<->kernel copying routines against integer overflows and heap overflows/infoleaks through efficient methods. Finally, I'll discuss the weaknesses that need to be overcome for concrete self-protection in the kernel against exploitation of memory corruption vulnerabilities.

Personal tools