Drop the ROP - Fine-Grained Control-Flow Integrity for the Linux Kernel

Explore a comprehensive Black Hat conference talk on fine-grained Control-Flow Integrity (CFI) for the Linux kernel. Delve into the evolution of kernel-level security measures, from W^X memory policies to the challenges posed by return-oriented programming (ROP). Examine the limitations of existing kernel-level CFI proposals and their struggle to balance security with support for dynamically loadable kernel modules. Follow João Moreira's in-depth analysis of memory safety bugs, control-flow hijacking, and various mitigation techniques. Investigate the intricacies of gadgets, wrap attacks, indirect branches, and control-flow graphs. Learn about fine-grained control-flow issues, the Abadi approach, and the challenges of enforcing CFG and protecting returns. Gain insights into kernel configuration, core graph detaching, and support for assembly code. Conclude with a demonstration and discussion on the proposed guidelines for implementing robust CFI in the Linux kernel.

Introduction
Who am I
Agenda
Memory Safety Bugs
ControlFlow Hijacking
Mitigation
Gadgets
Wrap Attack
Rocks
Indirect Branches
ControlFlow Graph
What could go wrong
FineGrained ControlFlow Issues
CaseEfi
Two major problems
Abadi approach
Function pointer
enforcing the CFG
protecting returns
is it safe
the problem
Source code
Kernel configuration
Core graph detaching
Support for assembly code
Parsers
Benchmarks
Proposed Guides
Demo
Conclusions
Discussion