MPK/PKS Linux Kernel Compartmentalization
Offered By: Linux Foundation via YouTube
Course Description
Overview
Explore the design and implementation of a new kernel hardening strategy that compartmentalizes the Linux kernel using Intel Protection Keys for Supervisor (PKS) in this 50-minute conference talk. Delve into the importance of kernel compartmentalization in mitigating memory errors and transient execution attacks. Learn how PKS can limit memory access in critical regions, reducing the attack surface and providing robust protection against vulnerabilities. Examine the challenges of implementation, focusing on PKS eBPF isolation and its mitigations. Gain insights into how this approach aligns with ongoing efforts in Address-space Isolation (ASI). Understand the potential impact of this security feature on hindering exploits from eBPF and third-party kernel modules, while maintaining compatibility and lightweight implementation.
Syllabus
Intro
Why compartmentalize?
Transient execution attacks Spectre & friends
Memory Protection Keys: PKU/PKS
PKS in-depth
Challenges
PKS eBPF isolation
eBPF mitigations
ASI: Address Space Isolation
Conclusion
Taught by
Linux Foundation
Tags
Related Courses
Achieving Linux Kernel Code Execution Through a Malicious USB DeviceBlack Hat via YouTube LBM - A Security Framework for Peripherals within the Linux Kernel
IEEE via YouTube Kernel Runtime Security Instrumentation
Linux Foundation via YouTube Deep Analysis of Exploitable Linux Kernel Vulnerabilities 2017-2019
Linux Foundation via YouTube The Why and How of libseccomp
Linux Foundation via YouTube