Lessons Learned Applying Compile-time Hardening Options for Security-Critical Programs in Linux
Offered By: Linux Foundation via YouTube
Course Description
Overview
Explore compile-time hardening techniques for enhancing security in Linux systems through this 37-minute conference talk presented by ChulWoo Lee from The Affiliated Institute of ETRI. Delve into the importance of compile-time hardening, control flow hijacking, and various mitigation techniques. Gain insights into LLVM SafeStack and Control Flow Integrity (CFI) concepts. Learn how to rebuild security-critical program binaries, including Systemd packages, target packages, services, and setuid/setgid programs, with SafeStack and CFI implementations. Discover valuable lessons learned and practical conclusions for improving the security posture of Linux systems through compile-time hardening options.
Syllabus
Intro
Why Compile-time Hardening is important?
Control Flow Hijacking
Mitigation Techniques
The Concept of LLVM SafeStack
LLVM CFI
Security-Critical Program Binary
Rebuilding with Safestack and CFI
Rebuilding for Systemd Package
Checking security status of Systemd
Rebuilding for Target Packages
Rebuilding for Service
Rebuilding for setuid/setgid
Lessons Leamed
Conclusion
Taught by
Linux Foundation
Tags
Related Courses
Enforcing Unique Code Target Property for Control-Flow IntegrityAssociation for Computing Machinery (ACM) via YouTube Current Status of RISC-V Security Mechanisms - Nick Kossifidis, FORTH
TheIACR via YouTube Two-Faces of WASM Security
Security BSides San Francisco via YouTube Taking Kernel Hardening to the Next Level
Black Hat via YouTube The Power of Data-Oriented Attacks - Bypassing Memory Mitigation Using Data-Only Exploitation Techniques
Black Hat via YouTube