Don’t miss out! Join us at the next Open Source Summit in Hyderabad, India (August 5); Amsterdam, Netherland (August 25-29); Seoul, South Korea (November 4-5). Join us at the premier vendor-neutral open source conference, where developers and technologists come together to collaborate, share knowledge, and explore the latest innovations and advancements in open source technology. Learn more at https://events.linuxfoundation.org/
Getting on the Same (Virtual Memory) Page: A Roundtable on Data-only Attack Mitigations – Maxwell Bland, Motorola (Lenovo)
This session is a short, open discussion on strategies and mechanisms for mitigating malicious modifications to structures in the data and bss segments as well as the heap of the kernel. We will overview case studies for how these attacks work across various types of CVEs, as well as existing protections, from those requiring new hardware (ARM MTE, TMDFI), to those working with existing hardware (ARM POE + kpkeys, HVCI/Heki-style enforcement systems), to software approaches (compiler-enforced data-flow, allocator restrictions, data layout randomization). We will then turn to an open discussion session of the benefits and drawbacks of offered protections, to (1) identify just how difficult we can make it for attackers using current mechanisms, (2) pinpoint precise gaps to focus in on for future work, and (3) come up with solutions to the harder problems involved, such as determining what is a "valid" write.
Refs.
https://lore.kernel.org/all/uqgb234tm4svoz2yvbamzal2srxnjnwrj2coiimvuz5bzblbia@pfabobbxo2jf/
https://lore.kernel.org/all/a32cjyekuecoowzbitc2xykilvpu6l3jjtityp7x5hw7xbiysp@5l2lptwmqiug/
https://www.usenix.org/system/files/usenixsecurity24-johannesmeyer.pdf
