linux kernel security hardening
play

Linux Kernel Security & Hardening Thomas Lamprecht January 17, - PowerPoint PPT Presentation

Jan 01, 2024 •683 likes •995 views

Linux Kernel Security & Hardening Thomas Lamprecht January 17, 2019 Introduction The Linux Kernel Widespread Deployed on: powerful (high performance compute clusters) sensitive (bank, gov. systems, ..) safety critical

  1. Linux Kernel Security & Hardening Thomas Lamprecht January 17, 2019

  2. Introduction

  3. The Linux Kernel ◮ Widespread ◮ Deployed on: ◮ powerful (high performance compute clusters) ◮ sensitive (bank, gov. systems, ..) ◮ safety critical (Rocket Engine Control System[1], Automotive) ... Systems ◮ → thus: attractive target

  4. Security Beyond Bugs ◮ Performance & Reliability � = Security ◮ Hardening seen as overhead in the past ◮ Critical security bug lifetime is huge ( > 10 years possible) ◮ Non-trivial software/hardware → never bug free ◮ Safety net needed (Kernel Self Protection (KSP) [2]) “Security needs to be more than just access control and attack-surface reduction.” — Kees Cook, 2015 Kernel Summit

  5. Security For Others Wrongdoing ◮ Working around hardware vulnerabilities ◮ Side channel attacks (Meltdown[3], Spectre [4] ) ◮ Firmware/ µ Code bugs ◮ User space programs

  6. Kernel Self Protection vs. User Land Protection Attack surface reduction: ◮ SELinux/AppArmor ◮ seccomp ◮ namespacing (mount, PID, net, ...) Problems: ◮ Usability ◮ Complexity ◮ no protection against common Kernel bugs

  7. Out of Tree Security ◮ Earlier Hardening resentment → out-of-tree approaches [5] ◮ PaX/grsecurity ◮ Lots of Linux Security Research happened until they went private ◮ Low effort to upstream ◮ But, work now taken up by the community

  8. Flaws & Mitigation Technologies

  9. Stack Overflow Attack: ◮ Overwrite saved instruction pointer → execution control Mitigations: ◮ Stack canaries [6] [7] ◮ Guard Pages [6] ◮ KASLR [8] [9] ◮ Shadow Stacks ◮ Virtually mapped kernel stacks [10]

  10. Integer/Heap overflow Caused by: ◮ Integer overflow/Wrong Bound checking ◮ Overwrite adjacent kernel function pointer ◮ refcount overflow → Use after free Mitigations: ◮ detect multiplication overflows with compiler instrumentation ◮ PAX REFCOUNT [11] ◮ (no access) guard pages ◮ Hardened usercopy 1 1 https://lwn.net/Articles/695991/

  11. Out of Order and Speculative Execution Caused by: ◮ Hardware bugs design, problematic known since ’95[12] ◮ exploiting race condition between memory access and privilege check ◮ speculative execution should be side-effect free → isn’t Mitigations: ◮ Kernel page-table isolation (derived from KAISER) ◮ Flush states, branch predictor, TLB, ... (slow) ◮ ... and/or use modern CPU features (PCID, IBRS/PB, STIBP)

  12. Uninitialized variables / Stack Caused by: ◮ “Stack memory is frequently and unpredictably reused by other parts of code” [13] ◮ Uninitialized = previous value Mitigations: ◮ clear/poison kernel stack between syscalls (STACKLEAK plugin) ◮ initialize all structs (compiler plugin) [13]

  13. Kernel Pointer Leakage Renders KASLR useless. Caused by: ◮ /proc ◮ kernel modules ◮ /sys Mitigations: ◮ restrict pointers visibility [14] ◮ hashed pointer [14]

  14. Use After Free Caused by: ◮ Missing refcounting ◮ Aforementioned Integer overflow (“wrong refcounting”) [15] Mitigations: ◮ abstract resource access (refcount t) [16] ◮ avoid reference count overflow [11] ◮ clearing memory on free [17]

  15. Race Conditions & Other Logic Flaws Caused by: ◮ Complex Protocol/Bad Design ◮ False Assumption about access Mitigations: ◮ Harder (often no statical analysis possible) ◮ Fuzzing: ◮ Syszcaller [18] ◮ trinity [19] ◮ American Fuzzy Lop (AFL) ◮ code instrumentation

  16. Return Oriented Programming[22] Attack: ◮ arbitrary code injection not directly possible: ◮ execution disable (NX) ◮ signed code ◮ chain existing (library) functions together ◮ achieve goal Mitigation: ◮ Control Flow Integrity [20] through compiler ◮ Return Address Protection (RAP) [21]

  17. Overwrite Kernel Image Attack: ◮ gain arbitrary code execution ◮ replace (parts) of kernel image ◮ . . . ◮ profit? Mitigation: ◮ Kernel image in read only memory ( ro after init) [23] ◮ “rare write” mechanism [24]

  18. Function pointer overwrite Attack: ◮ builds upon use-after-free ◮ replace function pointer (destructor) with own function ◮ own function gets called in kernel context Mitigation: ◮ read only function pointer tables [23] (compiler plugin)

  19. References

  20. A. Svitak, Dragon’s Radiation-Tolerant Design , https://web.archive.org/web/20131203204735/http: //www.aviationweek.com/Blogs.aspx?plckBlogId= Blog%3A04ce340e-4b63-4d23-9695- d49ab661f385&plckPostId=Blog%3A04ce340e-4b63- 4d23-9695-d49ab661f385Post%3Aa8b87703-93f9-4cdf- 885f-9429605e14df , [Online; accessed 10-January-2019], 2013. L. A. Kees Cook, Kernel Self-Protection , https://git.kernel.org/pub/scm/linux/kernel/git/ torvalds/linux.git/tree/Documentation/security/ self-protection.rst?h=v4.20 , [Online; accessed 10-December-2019], 2016-2019.

  21. M. Lipp, M. Schwarz, D. Gruss, T. Prescher, W. Haas, A. Fogh, J. Horn, S. Mangard, P. Kocher, D. Genkin, et al. , “Meltdown: Reading kernel memory from user space,” in 27th { USENIX } Security Symposium ( { USENIX } Security 18) , 2018, pp. 973–990. P. Kocher, J. Horn, A. Fogh, D. Genkin, D. Gruss, W. Haas, M. Hamburg, M. Lipp, S. Mangard, T. Prescher, M. Schwarz, and Y. Yarom, “Spectre attacks: Exploiting speculative execution,” in 40th IEEE Symposium on Security and Privacy (SP’19) , 2019.

  22. J. Ribas, The kernel of the argument , http://www. washingtonpost.com/sf/business/2015/11/05/net- of-insecurity-the-kernel-of-the-argument/ , [Online; accessed 09-June-2017], 2015. C. Cowan, C. Pu, D. Maier, J. Walpole, P. Bakke, S. Beattie, A. Grier, P. Wagle, Q. Zhang, and H. Hinton, “Stackguard: Automatic adaptive detection and prevention of buffer-overflow attacks.,” in Usenix Security , vol. 98, 1998, pp. 63–78.

  23. K. Cook, Introduce strong stackprotector , https://patchwork.kernel.org/patch/3387921/ , [Online; accessed 12-May-2017], 2013. g. PaX, Address Space Layout Randomisation , https://pax.grsecurity.net/docs/aslr.txt , [Online; accessed 10-May-2017], 2003. J. Edge, Kernel Address Space Layout Randomisation , https://lwn.net/Articles/569635/ , [Online; accessed 10-May-2017], 2013.

  24. J. Corbet, Virtually mapped kernel stacks , https://lwn.net/Articles/692208/ , [Online; accessed 29-May-2017], 2016. g. PaX, PAX REFCOUNT , https: //forums.grsecurity.net/viewtopic.php?f=7&t=4173 , [Online; accessed 09-May-2017], 2015. O. Sibert, P. A. Porras, and R. Lindell, “The intel 80/spl times/86 processor architecture: Pitfalls for secure systems,” in Security and Privacy, 1995. Proceedings., 1995 IEEE Symposium on , IEEE, 1995, pp. 211–222.

  25. K. Lu, M.-T. Walter, D. Pfaff, N. Stefan, W. Lee, and M. Backes, “Unleashing use-before-initialization vulnerabilities in the linux kernel using targeted stack spraying,” , NDSS, 2017. D. Rosenberg, kptr restrict for hiding kernel pointers , https://lwn.net/Articles/420403/ , [Online; accessed 09-June-2017], 2010. L. Song and Q. Xiao-Jun, “Parallelly refill slub objects freed in slow paths: An approach to exploit the use-after-free vulnerabilities in linux kernel,” in 2016 17th International Conference on Parallel and Distributed Computing,

  26. Applications and Technologies (PDCAT) , Dec. 2016, pp. 387–390. doi : 10.1109/PDCAT.2016.088 . D. Windsor, Kernel Protections/HARDENED ATOMIC , https://kernsec.org/wiki/index.php/Kernel_ Protections/HARDENED_ATOMIC , [Online; accessed 29-May-2017], 2017. J. Chow, B. Pfaff, T. Garfinkel, and M. Rosenblum, “Shredding your garbage: Reducing data lifetime through secure deallocation,” in In USENIX Security , 2005.

  27. D. Drysdale, Coverage-guided kernel fuzzing with syzkaller , https://lwn.net/Articles/677764/ , [Online; accessed 09-June-2017], 2016. M. Kerrisk, The Trinity fuzz tester , https://lwn.net/Articles/536173/ , [Online; accessed 09-June-2017], 2013. M. Abadi, M. Budiu, U. Erlingsson, and J. Ligatti, “Control-flow integrity,” in Proceedings of the 12th ACM conference on Computer and communications security , ACM, 2005, pp. 340–353.

  28. PaX/grsecurity, RAP: RIP ROP , https://pax.grsecurity.net/docs/PaXTeam-H2HC15- RAP-RIP-ROP.pdf , [Online; accessed 02-June-2017], 2015. R. Hund, T. Holz, and F. C. Freiling, “Return-oriented rootkits: Bypassing kernel code integrity protection mechanisms.,” in USENIX Security Symposium , 2009, pp. 383–398. J. Corbet, Post-init read-only memory , https://lwn.net/Articles/666550/ , [Online; accessed 10-June-2017], 2015.

  29. N. H. Kees Cook, Introduce rare write() infrastructure , https://lwn.net/Articles/724319/ , [Online; accessed 10-June-2017], 2017.

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Agenda Linux security 1. System hardening 2. Technical audits 3. Automation 2 Michael Boelen

Agenda Linux security 1. System hardening 2. Technical audits 3. Automation 2 Michael Boelen

Agenda Linux security 1. System hardening 2. Technical audits 3. Automation 2 Michael Boelen 3 Linux security Areas Core Resources Services Environment System Hardening Boot Process Accounting Database Forensics Containers

821 views • 34 slides
1 Theres a kernel security researcher named Dan Rosenberg whose done a lot of linux kernel

1 Theres a kernel security researcher named Dan Rosenberg whose done a lot of linux kernel

1 Theres a kernel security researcher named Dan Rosenberg whose done a lot of linux kernel vulnerability research Thats unavoidable, but the linux kernel developers dont do very much to make the situation any better. -- Basically, the

625 views • 36 slides
Linux Hardening Locking Down Linux To Increase Security Michael Boelen michael.boelen@cisofy.com

Linux Hardening Locking Down Linux To Increase Security Michael Boelen michael.boelen@cisofy.com

Linux Hardening Locking Down Linux To Increase Security Michael Boelen michael.boelen@cisofy.com s-Hertogenbosch, 1 March 2016 Meetup: Den Bosch Linux User Group Goals 1. Learn what to protect 2. Know some strategies 3. Learn tooling Focus

912 views • 60 slides
Linux system hardening thanks to systemd Timothe Ravier French Network and Information Security

Linux system hardening thanks to systemd Timothe Ravier French Network and Information Security

Linux system hardening thanks to systemd Timothe Ravier French Network and Information Security Agency (ANSSI) RMLL 2017 Goal of this talk Goal of this talk Increase the security of standard Linux distributions Use security features

382 views • 37 slides
Anil Kurmus kur@zurich.ibm.com IBM Research - Zurich Outline 1. Background Hardening Kernel

Anil Kurmus kur@zurich.ibm.com IBM Research - Zurich Outline 1. Background Hardening Kernel

September 2016 BalCCon 2k16 Kernel Exploitation and Hardening Why we could have nice things! (using Split Kernel) Anil Kurmus kur@zurich.ibm.com IBM Research - Zurich Outline 1. Background Hardening Kernel Vulnerabilities Kernel

1.07k views • 39 slides
Linux IoT Botnet Wars and the Lack of Security Hardening Drew Moseley Solutions Architect

Linux IoT Botnet Wars and the Lack of Security Hardening Drew Moseley Solutions Architect

Linux IoT Botnet Wars and the Lack of Security Hardening Drew Moseley Solutions Architect Mender.io Session overview Case-studies of 3 botnets Mirai (August 2016) Hajime (October 2016) BrickerBot (March 2017) Common security

902 views • 28 slides
Debugging the Linux Kernel with GDB Kieran Bingham Debugging the Linux Kernel with GDB Many

Debugging the Linux Kernel with GDB Kieran Bingham Debugging the Linux Kernel with GDB Many

Debugging the Linux Kernel with GDB Kieran Bingham Debugging the Linux Kernel with GDB Many of us need to debug the Linux kernel Proprietary tools like Trace32 and DS-5 are $$$ Open source debuggers like GDB lack kernel

884 views • 40 slides
Linux Kernel Self Protection Project Linux Security Summit, Los Angeles September 14, 2017 Kees

Linux Kernel Self Protection Project Linux Security Summit, Los Angeles September 14, 2017 Kees

Linux Kernel Self Protection Project Linux Security Summit, Los Angeles September 14, 2017 Kees (Case) Cook keescook@chromium.org https://outflux.net/slides/2017/lss/kspp.pdf Agenda Background Security in the context of

652 views • 52 slides
Using Static Checking To Find Security Vulnerabilities In The Linux Kernel Linuxcon Europe 2016

Using Static Checking To Find Security Vulnerabilities In The Linux Kernel Linuxcon Europe 2016

Using Static Checking To Find Security Vulnerabilities In The Linux Kernel Linuxcon Europe 2016 Vaishali Thakkar (vaishali.thakkar@oracle.com) 1 Self Introduction Linux Kernel developer at Oracle Working in kernel security engineering group

659 views • 46 slides
Linux Kernel Security Update LinuxCon Europe Berlin, 2016 James Morris

Linux Kernel Security Update LinuxCon Europe Berlin, 2016 James Morris

Linux Kernel Security Update LinuxCon Europe Berlin, 2016 James Morris james.l.morris@oracle.com Introduction Who am I? Kernel security subsystem maintainer Started kernel development w/ FreeS/WAN in 1999 which led to Netfilter,

798 views • 48 slides
Performant Security Hardening Steve Rutherford (srutherford@google.com) Googles

Performant Security Hardening Steve Rutherford (srutherford@google.com) Googles

Performant Security Hardening Steve Rutherford (srutherford@google.com) Googles Virtualization Security Team 1 Preface This talk is x86 and KVM centric 2 Outline Background Current Hardening Split Irqchip, PIT Prototype Hardening

884 views • 41 slides
Intro to Linux Kernel Programming Don Porter Lab 4 You will write a Linux kernel module

Intro to Linux Kernel Programming Don Porter Lab 4 You will write a Linux kernel module

Intro to Linux Kernel Programming Don Porter Lab 4 You will write a Linux kernel module Linux is written in C, but does not include all standard libraries And some other idiosyncrasies This lecture will give you a crash

1.35k views • 22 slides
Secure Enhanced Linux Julian Richen SELinux? Started as a research project from the National

Secure Enhanced Linux Julian Richen SELinux? Started as a research project from the National

Secure Enhanced Linux Julian Richen SELinux? Started as a research project from the National Security Agency (NSA) A set of patches using the Linux Security Modules (LSM) Hardening GNU/Linux systems with extra security policies and

349 views • 15 slides
The State of Kernel Self Protection Linux Security Summit NA August 27, 2018 Vancouver, Canada

The State of Kernel Self Protection Linux Security Summit NA August 27, 2018 Vancouver, Canada

The State of Kernel Self Protection Linux Security Summit NA August 27, 2018 Vancouver, Canada Kees (Case) Cook keescook@chromium.org @kees_cook https://outflux.net/slides/2018/lss/kspp.pdf Kernel Self Protection Project

431 views • 15 slides
Security Enhanced Linux Thanks to David Quigley History SELinux Timeline 1985: LOCK (early Type

Security Enhanced Linux Thanks to David Quigley History SELinux Timeline 1985: LOCK (early Type

Security Enhanced Linux Thanks to David Quigley History SELinux Timeline 1985: LOCK (early Type Enforcement) 1990: DTMach / DTOS 1995: Utah Fluke / Flask 1999: 2.2 Linux Kernel (patch) 2000: 2001: 2.4 Linux Kernel (patch) 2002: LSM 2003:

764 views • 43 slides
Tizen, Security and The Internet of Things Casey Schaufler 1 Casey Schaufler Security

Tizen, Security and The Internet of Things Casey Schaufler 1 Casey Schaufler Security

Tizen, Security and The Internet of Things Casey Schaufler 1 Casey Schaufler Security Dinosaur Smack Linux Security Module Manager Tizen and Linux Kernel Security 2 Tizen Linux based operating system Project of the Linux

486 views • 23 slides
Beyond NX An attackers guide to Windows anti-exploitation technology Ben Nagy bnagy@eeye.com

Beyond NX An attackers guide to Windows anti-exploitation technology Ben Nagy bnagy@eeye.com

Beyond NX An attackers guide to Windows anti-exploitation technology Ben Nagy bnagy@eeye.com Basics Windows Process Memory Page 2 How functions use the stack Page 3 (CALL pushes EIP)

736 views • 32 slides
Sec Securing Micros oser ervice e Inter eraction ons in in

Sec Securing Micros oser ervice e Inter eraction ons in in

Sec Securing Micros oser ervice e Inter eraction ons in in Openstack and Kubernetes Yoshio Turner & Jayanth Gummaraju Co-Founders @ Banyan

862 views • 34 slides
Designing stack agnostic, modern, secure architectures Eugene Pilyankevich, Chief Technical

Designing stack agnostic, modern, secure architectures Eugene Pilyankevich, Chief Technical

Designing stack agnostic, modern, secure architectures Eugene Pilyankevich, Chief Technical Officer, Cossack Labs #whoami / Speaker intro Infosec since mid-90s. Designed, supervised development of banking data processing, risk

1.43k views • 117 slides
PROPAGANDA Parallel ROP Attack Generator and Non-Direct Assembler Chris Lee and Ben Spinelli A

PROPAGANDA Parallel ROP Attack Generator and Non-Direct Assembler Chris Lee and Ben Spinelli A

PROPAGANDA Parallel ROP Attack Generator and Non-Direct Assembler Chris Lee and Ben Spinelli A return-oriented programming (ROP) attack takes advantage of buffer overflow vulnerabilities in executables to gain control of the program. Stack

395 views • 11 slides
AZURE Marija Strazdas Sr. Solutions Engineer Infrastructure Has Changed Buying Hardware

AZURE Marija Strazdas Sr. Solutions Engineer Infrastructure Has Changed Buying Hardware

SECURITY IN MICROSOFT AZURE Marija Strazdas Sr. Solutions Engineer Infrastructure Has Changed Buying Hardware EARLY 2000s MID 2000s NOW Infrastructure Has Changed Buying Hardware Infrastructure As Code EARLY 2000s MID

677 views • 40 slides
Residential Inspections Chris Wilkening Assessment Division January 2018 1 Disclaimer The

Residential Inspections Chris Wilkening Assessment Division January 2018 1 Disclaimer The

Residential Inspections Chris Wilkening Assessment Division January 2018 1 Disclaimer The DLGF recognizes there are many ways and methods for inspecting residential properties. This presentation is meant to provide a framework for

796 views • 79 slides
www NAPSR org www NAPSR org www.NAPSR.org www.NAPSR.org Washington D.C. Washington D.C.

www NAPSR org www NAPSR org www.NAPSR.org www.NAPSR.org Washington D.C. Washington D.C.

www NAPSR org www NAPSR org www.NAPSR.org www.NAPSR.org Washington D.C. Washington D.C. December 9, 2011 December 9, 2011 EMERGENCY RESPONDER EMERGENCY RESPONDER EMERGENCY RESPONDER EMERGENCY RESPONDER FORUM FORUM State Pipeline Safety

526 views • 25 slides
STAIRS MONOLITHIC CONCRETE STEEL TABLE OF METAL CONTENTS DONAVIN MERRITT MIGUEL OLIVARES

STAIRS MONOLITHIC CONCRETE STEEL TABLE OF METAL CONTENTS DONAVIN MERRITT MIGUEL OLIVARES

STAIRS MONOLITHIC CONCRETE STEEL TABLE OF METAL CONTENTS DONAVIN MERRITT MIGUEL OLIVARES JASON SAI HUNG NG PRESENTED BY MIGUEL OLIVARES TABLE OF CONTENTS STEEL STAIRS Durability Size Durability Stainless Steel: It wont Materials

156 views • 11 slides

More recommend