MPK/PKS Linux Kernel Compartmentalization
Offered By: Linux Foundation via YouTube
Course Description
Overview
Explore the design and implementation of a new kernel hardening strategy that compartmentalizes the Linux kernel using Intel Protection Keys for Supervisor (PKS) in this 50-minute conference talk. Delve into the importance of kernel compartmentalization in mitigating memory errors and transient execution attacks. Learn how PKS can limit memory access in critical regions, reducing the attack surface and providing robust protection against vulnerabilities. Examine the challenges of implementation, focusing on PKS eBPF isolation and its mitigations. Gain insights into how this approach aligns with ongoing efforts in Address-space Isolation (ASI). Understand the potential impact of this security feature on hindering exploits from eBPF and third-party kernel modules, while maintaining compatibility and lightweight implementation.
Syllabus
Intro
Why compartmentalize?
Transient execution attacks Spectre & friends
Memory Protection Keys: PKU/PKS
PKS in-depth
Challenges
PKS eBPF isolation
eBPF mitigations
ASI: Address Space Isolation
Conclusion
Taught by
Linux Foundation
Tags
Related Courses
Armv8-M Architecture FundamentalsArm Education via Coursera Memory Management in OS - Contiguous Memory Allocation
CodeHelp - by Babbar via YouTube Shreds - Fine-Grained Execution Units with Private Memory
IEEE via YouTube CHERI - A Hybrid Capability-System Architecture for Scalable Software Compartmentalization
IEEE via YouTube XMP: Selective Memory Protection for Kernel and User Space
IEEE via YouTube