Sunday, March 28, 2010

There's a party at Ring0, and you're invited

Tavis and I have just come back from CanSecWest. The title of our talk was "There's a party at Ring0, and you're invited".

We went through some of the bugs that we have worked on this past year and mentioned some of our thoughts on kernel security in general:

  • We see an increasing attack surface, both locally and remotely (@font-face, webgl...)
  • The recent focus on sandboxes (Chrome, Office) makes the kernel an even more interesting target
  • Modern operating systems still generally lack facilities for discretionary privilege dropping or to reduce the kernel's attack surface (with the notable exception of SECCOMP on Linux)
  • While most OS have some degree of userland memory corruption exploitation prevention, kernel exploitation prevention is immature. On Linux, PaX/grsecurity leads the effort and Microsoft added safe unlinking in the Windows 7 kernel.
If you're interested, you can download our slides here.