YoVDO

Kernel Self-Protection Project: Eliminating Bug Classes and Blocking Exploitation Techniques

Offered By: Linux Foundation via YouTube

Tags

Linux Kernel Security Courses Software Development Courses Cybersecurity Courses Vulnerability Management Courses Memory Safety Courses Control-Flow Integrity Courses

Course Description

Overview

Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!
Explore the latest developments in the Kernel Self-Protection Project in this 25-minute conference talk by Kees Cook from Google. Gain insights into the project's efforts to eliminate bug classes and block kernel exploitation techniques. Learn about security defenses implemented in kernels 4.19 through 5.3, including stack and heap auto-initialization, heap mapping robustness, per-task stack canaries, VLA removal, and implicit-fallthrough removal. Discover the progress on upstreaming Control Flow Integrity (CFI) and examine the evolution of kernel CVE lifetimes. Get an overview of ongoing defense developments and areas requiring further assistance. The presentation covers topics such as bugfighting, exploitation methods, memory safety languages, and upcoming features, concluding with a discussion of challenges and a Q&A session.

Syllabus

Intro
Why is this important
Bugfighting
Car analogy
Killing bugs
Killing bug classes
Exploitation methods
Memory safety languages
Kernel Subduction Project
Kernel Updates
Vulnerabilities
Conversions
Bugs
More conversions
Expected for 53
Upcoming features
Challenges
Questions


Taught by

Linux Foundation

Tags

Related Courses

Achieving Linux Kernel Code Execution Through a Malicious USB Device
Black Hat via YouTube LBM - A Security Framework for Peripherals within the Linux Kernel
IEEE via YouTube Kernel Runtime Security Instrumentation
Linux Foundation via YouTube Deep Analysis of Exploitable Linux Kernel Vulnerabilities 2017-2019
Linux Foundation via YouTube The Why and How of libseccomp
Linux Foundation via YouTube