Towards Linux Kernel Memory Safety

综合技术 2017-11-16

Abstract:
The security of billions of devices worldwide depends on the security and robustness of the mainline Linux kernel. However, the increasing number of kernel-specific vulnerabilities, especially memory safety vulnerabilities, shows that the kernel is a popular and practically exploitable target. Two major causes of memory safety vulnerabilities are reference counter overflows (temporal memory errors) and lack of pointer bounds checking (spatial memory errors).

To succeed in practice, security mechanisms for critical systems like the Linux kernel must also consider performance and deployability as critical design objectives. We present and systematically analyze two such mechanisms for improving memory safety in the Linux kernel: (a) an overflow-resistant reference counter data structure designed to accommodate typical reference counter usage in kernel source code, and (b) runtime pointer bounds checking using Intel MPX in the kernel.

您可能感兴趣的

CVE-2018-3639: Spectre Variant 4 Vulnerability Aff... A Spectre variant 4 vulnerability has been identified in the Linux kernel and represents a very dangerous threat to all affected machine...
日志采集中的关键技术分析 概述 日志从最初面向人类演变到现在的面向机器发生了巨大的变化。最初的日志主要的消费者是软件工程师,他们通过读取日志来排查问题,如今,大量机器日夜处理日志数据以生成可读性的报告以此来帮助人类做出决策。在这个转变的过程中,日志采集Agent在其中扮演着重要的角色。 作为一个日志采集的Ag...
The Linux Kernel Module Programming Guide The Linux Kernel Module Programming Guide Peter Jay Salzman Michael Burian Ori Pomerantz Copyright © 2001 Peter Jay Salzm...
New Fedora 25 ISO Respins Bring Latest Security Up... Ben Williams of the Fedora Respins-SIG project is back after a three-week break to inform users of the Fedora community about the availability of a ne...
Linux Kernel本地缓冲区溢出漏洞(CVE-2017-14497)... Linux Kernel本地缓冲区溢出漏洞(CVE-2017-14497) 发布日期:2017-09-20 更新日期:2017-09-26 受影响系统: Linux kernel < 4.13 描述: BUG...