Kernel Hardening - Protecting the Protection Mechanisms

Explore kernel hardening techniques and protection mechanisms in this 38-minute conference talk by Igor Stoppa from Huawei. Delve into new features for securing dynamically and statically allocated memory, and learn how to integrate them into popular data structures like lists and hlists. Discover practical examples of protecting critical data such as IMA measurements lists and extending existing data structures to reduce attack surfaces. Gain insights into merging upstream, write protection mechanisms using MMU, hypervisor-enforced memory protection, and performance considerations. Benefit from Stoppa's extensive experience in kernel hardening, system integration, and embedded development across companies like Huawei, Intel, and Nokia.

Introduction
Merging upstream: The quest for an example
Read Only vs Write Rare
Write Protection mechanism: the MMU The MMU works at page level
Hypervisor-enforced memory protection
Side effects of the protection
Example of conversion of a function
Missing functionality
Performance limitation Example: lists
Does it work?