A Systematic Evaluation of OpenBSD's Mitigations
Offered By: media.ccc.de via YouTube
Course Description
Overview
Explore a systematic evaluation of OpenBSD's security mitigations in this 53-minute conference talk from the 36th Chaos Communication Congress (36C3). Delve into a comprehensive analysis of OpenBSD's advertised security features, examining their effectiveness, performance impacts, and potential vulnerabilities. Learn about various mitigations such as privilege separation, Unveil, ASLR, RETGUARD, and TCP SYN cookies. Gain insights into the rationale behind these security measures, their origins, and how they compare to implementations in other operating systems. Discover the importance of threat modeling and evidence-based security claims in operating system design. Evaluate OpenBSD's reputation as a secure operating system through a rational and systematic approach, considering factors like complexity, inspectability, and ease of bypass.
Syllabus
Intro
OpenBSD?
Expectations
How do we measure exploit mitigations anyway?
Privilege separation and privilege drop
Example: rootless Xorg
Unveil
Hyperwhat?
Spectre v1, v2 and v3
AS(L)R
Position Independent Code/Executable
Libc/libcrypto symbols randomisation
Library order randomisation
Userland heap management
Rop gadgets removal, but why?
RETGUARD 2018
TCP SYN cookies
Development practices
Conclusion
Taught by
media.ccc.de
Related Courses
Building Geospatial Apps on Postgres, PostGIS, & Citus at Large ScaleMicrosoft via YouTube Unlocking the Power of ML for Your JavaScript Applications with TensorFlow.js
TensorFlow via YouTube Managing the Reactive World with RxJava - Jake Wharton
ChariotSolutions via YouTube What's New in Grails 2.0
ChariotSolutions via YouTube Performance Analysis of Apache Spark and Presto in Cloud Environments
Databricks via YouTube