OPERATING SYSTEMSOS Linux

Thwarting Unknown Bugs: Hardening Features in the Mainline Linux Kernel

Thwarting Unknown Bugs: Hardening Features in the Mainline Linux Kernel – Mark Rutland, ARM

Over the last few years, it has become increasingly apparent that bugs in the Linux kernel are being exploited on deployed systems. Even when these are fixed promptly upstream, the realities of deployment mean that systems and their users can remain vulnerable for long periods afterwards.

In response to this, effort has been placed into kernel hardening: modifying the kernel to reduce the attack surface, making entire classes of attack more difficult if not impossible. A number of hardening features have made it into the mainline Linux kernel, and while not a perfect defence, the use of these features can help to mitigate the impact of bugs not yet fixed or even known about.

This presentation will cover hardening features available in the mainline Linux kernel, what they protect against, and their limitations. Attendees can learn the benefits and trade-offs of these features.

About Mark Rutland

Mark Rutland is a kernel developer at ARM Ltd, based in Cambridge, UK. Mark contributes to the arm and arm64 ports, working on boot infrastructure and firmware interfaces (e.g. ACPI, DT, PSCI, UEFI), working on both the kernel support code and the specifications themselves. Along with others he co-maintains Device Tree bindings and PSCI support.

source

linux foundation

Leave a Reply

Your email address will not be published. Required fields are marked *