A Hybrid Alias Analysis Framework for Protecting the Linux Kernel

Explore a groundbreaking hybrid alias analysis framework designed to enhance Linux kernel security in this 36-minute conference talk. Delve into the challenges of implementing access control mechanisms like 'ro_after_init' and software-fault-isolation (SFI) in the Linux kernel. Discover how this innovative approach combines classical data-flow-based and type-based methods to address issues of soundness, scalability, and precision. Learn about the framework's ability to formally tackle various kernel features, including container_of() and undefined pointer arithmetics. Examine the practical impact of this hybrid analysis, which identified over 5000 Linux kernel global variables as 'ro_after_init' protectable, marking a tenfold increase compared to manual developer labels over six years. Understand how this work enhances access control rules, enabling existing mechanisms to prevent all global-variable-related kernel exploits, effectively thwarting 13 out of 37 exploits recorded in recent years.

A Hybrid Alias Analysis Framework and Its Application to Protecting the Linux Kernel - Guoren Li