Sunday, March 28, 2010

There's a party at Ring0, and you're invited

Tavis and I have just come back from CanSecWest. The title of our talk was "There's a party at Ring0, and you're invited".

We went through some of the bugs that we have worked on this past year and mentioned some of our thoughts on kernel security in general:

  • We see an increasing attack surface, both locally and remotely (@font-face, webgl...)
  • The recent focus on sandboxes (Chrome, Office) makes the kernel an even more interesting target
  • Modern operating systems still generally lack facilities for discretionary privilege dropping or to reduce the kernel's attack surface (with the notable exception of SECCOMP on Linux)
  • While most OS have some degree of userland memory corruption exploitation prevention, kernel exploitation prevention is immature. On Linux, PaX/grsecurity leads the effort and Microsoft added safe unlinking in the Windows 7 kernel.
If you're interested, you can download our slides here.

2 comments:

  1. Thank you for posting your slides.

    ReplyDelete
  2. Excellent presentation with amazing bugs. Although it is true that kernel exploitation mitigations are a bit behind when compared to userland, they are being increasingly adopted. I have written about the kernel exploitation mitigations on FreeBSD here: http://argp.gr/blog/2010/04/26/kernel-exploitation-mitigations/

    Btw Julien I really enjoyed your Black Hat EU 2010 presentation as well.

    ReplyDelete