linux kernel security update
play

Linux Kernel Security Update LinuxCon Europe Berlin, 2016 James - PowerPoint PPT Presentation

Sep 07, 2023 •305 likes •798 views

Linux Kernel Security Update LinuxCon Europe Berlin, 2016 James Morris james.l.morris@oracle.com Introduction Who am I? Kernel security subsystem maintainer Started kernel development w/ FreeS/WAN in 1999 which led to Netfilter,

  1. Linux Kernel Security Update LinuxCon Europe Berlin, 2016 James Morris james.l.morris@oracle.com

  2. Introduction Who am I? ● Kernel security subsystem maintainer – Started kernel development w/ FreeS/WAN in 1999 – which led to Netfilter, SELinux, LSM, Crypto… – @xjamesmorris ● Linux since 1993 – APANA public networking – BBS’s prior to that – Amateur radio (vk2txp) ● Mainline Linux kernel development @ Oracle

  3. Outline ● Overview of Linux kernel security ● Developments in 4.x kernel ● Current and future challenges

  4. Linux Kernel Security Overview

  5. Linux kernel core security model is Discretionary Access Control (DAC)

  6. DAC was inherited from Unix, designed in late 1960s

  7. “The first fact to face is that UNIX was not developed with security, in any realistic sense, in mind; this fact alone guarantees a vast number of holes .” Dennis Ritchie, “On the Security of UNIX”, 1979

  8. DAC is insuffjcient for modern security threats:

  9. DAC does not protect against fmawed or malicious code

  10. DAC does not cover all security critical functions

  11. DAC notion of superuser violates user security policy

  12. “It must be recognized that the mere notion of a super-user is a theoretical, and usually practical, blemish on any protection scheme.” (also from Ritchie 1979)

  13. Linux Kernel Security Extensions

  14. Posix ACLs

  15. Capabilities (privileges)

  16. Audit

  17. seccomp

  18. Namespaces

  19. Netfilter ● IPTables

  20. Cryptography API ● Disk encryption ● IPSec ● Key Management (“keys”)

  21. Linux Security Modules (LSM) ● SELinux ● Smack ● AppArmor

  22. SELinux, Smack, AppArmor provide Mandatory Access Control (MAC)

  23. Platform Security ● TPM, NX, SMEP, SGX, TrustZone etc.

  24. Kernel Self Protection (KSP):

  25. Harden kernel against attack

  26. Kill classes of bugs vs. individual bugs

  27. Kernel Self Protection Project:

  28. Current focus is upstreaming grsec/pax features

  29. Website: https://kernsec.org/wiki/index.php/Kernel_Self_Protection_Project

  30. Recent Changes

  31. ● Linux v4.0 (April 2015) to v4.8 (current)

  32. Capabilities ● Ambient capabilities (v4.3) – Allows inheritance of capabilities from non-privileged parent processes. ● … instead of assigning fs capabilities to binary, which will always run with them. ● Do not need to give all capabilities to script interpreters.

  33. LSM API ● Generalized security module stacking (v4.2) – Simple manual stacking previously allowed – Now: any number of smaller LSMs can be stacked on top of a major (“monolithic”) LSM – e.g. SELinux + YAMA + Capabilities, but not SELinux + TOMOYO + AppArmor. ● New LoadPin module, ensures kernel modules & fimware are loaded from trusted device (dm-verity) (v4.7)

  34. Networking ● CALIPSO IPv6 Labeling (v4.8) – RFC 5570 – Security labels in IP option – IPv6 version of CIPSO – Usable by label MAC (SELinux, Smack) – Verified interop with Solaris TX

  35. AppArmor ● Kernel work focused on AA 3.0 cycle ● Upcoming (v4.10-v4.11) – Policy namespaces – Policy stacking – Integration with containers

  36. SELinux ● Android Binder IPC support (v4.0) ● Full Netlink coverage (v4.1) ● Performance improvements (v4.1) ● Fine grained ioctl coverage (v4.3) ● Export validatetrans decisions to userspace (v4.6) ● Restrict kernel module loading (v4.7) ● CALIPSO support (v4.8) ● Upcoming: Overlayfs support (v4.9)

  37. Smack ● Netfilter secmark support (v4.0) ● Allow unconfined label in bringup mode (v4.1) ● Obtain security context of keys (v4.1) ● Multiple label MAC bypass via onlycap (v4.2) ● IPv6 host labeling (v4.3) ● Limited dynamic process labels (v4.4) ● Process-based permission checking for sockets (v4.5)

  38. Integrity Subsystem ● Integration of TPM 2.0 authorization policies with kernel keys, allow hash algorithm selection (v4.5) ● EVM support for x.509 kernel certificates (v4.5) ● Measurement & appraisal of IMA policy (v4.6) ● Support for kernexec image & initramfs (v4.6) ● Support for mknotat syscall (v4.7) ● Per-rule specification of PCRs (v4.8) ● Upcoming: extend measurment to command line, BPF etc., fine grained signatures, directory measurement, namespacing.

  39. Platform Security ● TPM 2.0 chip support (v4.0) ● Intel Memory Protection Keys (v4.6) ● Upcoming: – Sparc: SSM (Silicon Secured Memory) – AMD: SME, SEV (memory encryption) – Intel: CET (Control-flow Enforcement Technology)

  40. Audit ● Add support for auditing by executable fjle, rather than just PID (v4.3) ● Add ioctl device and command info to LSM audit data (v4.3) ● Add tty fjeld to Login event (v4.7)

  41. Seccomp ● ptrace options for suspend/resume (v4.3) ● powerpc and tile support (v4.3) ● Dump seccomp filters via ptrace (v4.4) ● um and parisc support (v4.5) ● Remove 2-phase API (v4.8) ● ptrace before seccomp (v4.8) ● Maybe upcoming: deep argument inspection

  42. Keys ● Support for kernel module signing (v4.3) – Explicit file for x.509 trusted keys – Sign modules with external key ● Support for TPM 2.0 (v4.5) ● Userspace access to DH computation using stored keys (v4.7) ● Encrypt big keys saved to shm (v4.7) ● Key blacklisting and rejection (v4.7) ● Runtime addition of secondary system key (v4.7) ● Upcoming: key revocation

  43. Crypto API Users ● ext4 fjlesystem encryption (v4.1) ● Kernel module signing (v4.3) ● MACsec/IEEE 802.1AE (v4.6) ● Migrate ext4 to vfs crypto API (v4.8) ● Upcoming: btrfs encryption

  44. Kernel Self Protection ● Kernel Address Sanitizer (KASan) (v4.0) – SLAB support (v4.6) ● Always enable RODATA checking (v4.6) ● KASLR for ARM64 (v4.6), MIPS (v4.7) ● Page zero-poisoning (v4.6) ● X86 execute-only memory (v4.6) ● SLAB freelist randomization (v4.7) ● BPF JIT constant blinding (v4.7)

  45. KSP (cont.) ● Freelist randomization for SLUB (v4.8) ● KASLR: – Full physical memory on x86_64 (v4.8) – Kernel memory base on x86_64 (v4.8) ● gcc plugin infrastructure (v4.8) ● Hardened usercopy (v4.8)

  46. KSP (cont.) ● Predictions for v4.9 from Kees Cook – latent_entropy gcc plugin – vmalloc stack on x86 – List hardening – PAN emulation for arm64 ● For more detail: – https://outflux.net/blog/ (Kees’ blog)

  47. Future Challenges ● IoT ● KSP arms race – Need more original research in mainline! ● Evolving threat models ● Security architecture vs. features

  48. Resources ● Linux Security Module mailing list – http://vger.kernel.org/vger-lists.html#linux-security-module ● Linux Security Summit (Aug 2016, Toronto) http://events.linuxfoundation.org/events/linux-security-summit/program/slides – ● Kernel Self Protection Project – http://kernsec.org/wiki/index.php/Kernel_Self_Protection_Project ● LWN Security – http://lwn.net/Security

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

1 Theres a kernel security researcher named Dan Rosenberg whose done a lot of linux kernel

1 Theres a kernel security researcher named Dan Rosenberg whose done a lot of linux kernel

1 Theres a kernel security researcher named Dan Rosenberg whose done a lot of linux kernel vulnerability research Thats unavoidable, but the linux kernel developers dont do very much to make the situation any better. -- Basically, the

625 views • 36 slides
Linux Kernel Security & Hardening Thomas Lamprecht January 17, 2019 Introduction The Linux

Linux Kernel Security & Hardening Thomas Lamprecht January 17, 2019 Introduction The Linux

Linux Kernel Security & Hardening Thomas Lamprecht January 17, 2019 Introduction The Linux Kernel Widespread Deployed on: powerful (high performance compute clusters) sensitive (bank, gov. systems, ..) safety critical

995 views • 29 slides
Debugging the Linux Kernel with GDB Kieran Bingham Debugging the Linux Kernel with GDB Many

Debugging the Linux Kernel with GDB Kieran Bingham Debugging the Linux Kernel with GDB Many

Debugging the Linux Kernel with GDB Kieran Bingham Debugging the Linux Kernel with GDB Many of us need to debug the Linux kernel Proprietary tools like Trace32 and DS-5 are $$$ Open source debuggers like GDB lack kernel

884 views • 40 slides
Linux Kernel Self Protection Project Linux Security Summit, Los Angeles September 14, 2017 Kees

Linux Kernel Self Protection Project Linux Security Summit, Los Angeles September 14, 2017 Kees

Linux Kernel Self Protection Project Linux Security Summit, Los Angeles September 14, 2017 Kees (Case) Cook keescook@chromium.org https://outflux.net/slides/2017/lss/kspp.pdf Agenda Background Security in the context of

652 views • 52 slides
Using Static Checking To Find Security Vulnerabilities In The Linux Kernel Linuxcon Europe 2016

Using Static Checking To Find Security Vulnerabilities In The Linux Kernel Linuxcon Europe 2016

Using Static Checking To Find Security Vulnerabilities In The Linux Kernel Linuxcon Europe 2016 Vaishali Thakkar (vaishali.thakkar@oracle.com) 1 Self Introduction Linux Kernel developer at Oracle Working in kernel security engineering group

659 views • 46 slides
Intro to Linux Kernel Programming Don Porter Lab 4 You will write a Linux kernel module

Intro to Linux Kernel Programming Don Porter Lab 4 You will write a Linux kernel module

Intro to Linux Kernel Programming Don Porter Lab 4 You will write a Linux kernel module Linux is written in C, but does not include all standard libraries And some other idiosyncrasies This lecture will give you a crash

1.35k views • 22 slides
The State of Kernel Self Protection Linux Security Summit NA August 27, 2018 Vancouver, Canada

The State of Kernel Self Protection Linux Security Summit NA August 27, 2018 Vancouver, Canada

The State of Kernel Self Protection Linux Security Summit NA August 27, 2018 Vancouver, Canada Kees (Case) Cook keescook@chromium.org @kees_cook https://outflux.net/slides/2018/lss/kspp.pdf Kernel Self Protection Project

431 views • 15 slides
Security Enhanced Linux Thanks to David Quigley History SELinux Timeline 1985: LOCK (early Type

Security Enhanced Linux Thanks to David Quigley History SELinux Timeline 1985: LOCK (early Type

Security Enhanced Linux Thanks to David Quigley History SELinux Timeline 1985: LOCK (early Type Enforcement) 1990: DTMach / DTOS 1995: Utah Fluke / Flask 1999: 2.2 Linux Kernel (patch) 2000: 2001: 2.4 Linux Kernel (patch) 2002: LSM 2003:

764 views • 43 slides
Tizen, Security and The Internet of Things Casey Schaufler 1 Casey Schaufler Security

Tizen, Security and The Internet of Things Casey Schaufler 1 Casey Schaufler Security

Tizen, Security and The Internet of Things Casey Schaufler 1 Casey Schaufler Security Dinosaur Smack Linux Security Module Manager Tizen and Linux Kernel Security 2 Tizen Linux based operating system Project of the Linux

486 views • 23 slides
Hacking on Xen in the Linux Kernel Lisa Nguyen, Linux Kernel Intern FOSS Outreach Program for

Hacking on Xen in the Linux Kernel Lisa Nguyen, Linux Kernel Intern FOSS Outreach Program for

Hacking on Xen in the Linux Kernel Lisa Nguyen, Linux Kernel Intern FOSS Outreach Program for Women LinuxCon North America 2013 Agenda Introduction What Got Me Interested in OPW Project Overview Xen Block Ring Protocol

922 views • 13 slides
Introduction to Linux Kernel Modules Luca Abeni luca.abeni@santannapisa.it Linux Kernel Modules

Introduction to Linux Kernel Modules Luca Abeni luca.abeni@santannapisa.it Linux Kernel Modules

Introduction to Linux Kernel Modules Luca Abeni luca.abeni@santannapisa.it Linux Kernel Modules Kernel module: code that can be dynamically loaded/unloaded into the kernel at runtime Change the kernel code without needing to reboot

545 views • 13 slides
Status of the Kernel Self Protection Project Linux Security Summit 2016 Aug 25-26, Toronto Kees

Status of the Kernel Self Protection Project Linux Security Summit 2016 Aug 25-26, Toronto Kees

Status of the Kernel Self Protection Project Linux Security Summit 2016 Aug 25-26, Toronto Kees (Case) Cook keescook@chromium.org https://outflux.net/slides/2016/lss/kspp.pdf Agenda Background Security in the context of this

464 views • 42 slides
GNU/Linux Why use it? What is Linux? Linux is a UNIX-like, GPL-licensed open-source kernel. The

GNU/Linux Why use it? What is Linux? Linux is a UNIX-like, GPL-licensed open-source kernel. The

GNU/Linux Why use it? What is Linux? Linux is a UNIX-like, GPL-licensed open-source kernel. The GNU userland consists of libc, the init system (SystemD) X11 GUI toolkits etc. Ask the audience Who has used

442 views • 22 slides
Linux Kernel Self Protection Project Kernel Recipes, Paris September 28, 2017 Kees (Case)

Linux Kernel Self Protection Project Kernel Recipes, Paris September 28, 2017 Kees (Case)

Linux Kernel Self Protection Project Kernel Recipes, Paris September 28, 2017 Kees (Case) Cook keescook@chromium.org https://outflux.net/slides/2017/kr/kspp.pdf Agenda Background Security in the context of this presentation

800 views • 59 slides
. Kernel The Variability Model of the Linux Extra Conclusions Linux Study Introduction .

. Kernel The Variability Model of the Linux Extra Conclusions Linux Study Introduction .

. Krzysztof Czarnecki, Andrzej Wsowski The Variability Model of the Linux Kernel . . January 26, 2010 IT University of Copenhagen University of Leipzig University of Waterloo Steven She, Rafael Lotufo, Thorsten Berger, . Kernel The

928 views • 39 slides
LBM: A Security Framework for Peripherals within the Linux Kernel Dave (Jing) Tian*^, Grant

LBM: A Security Framework for Peripherals within the Linux Kernel Dave (Jing) Tian*^, Grant

LBM: A Security Framework for Peripherals within the Linux Kernel Dave (Jing) Tian*^, Grant Hernandez*, Joseph Choi*, Vanessa Frost*, Peter Johnson**, and Kevin Butler* *University of Florida, Gainesville, FL ^Purdue University, West Lafayette,

560 views • 38 slides
ECE 7970 Machine Learning in Cyber Security Chapter 0: Important information Dr. Mohamed

ECE 7970 Machine Learning in Cyber Security Chapter 0: Important information Dr. Mohamed

ECE 7970 Machine Learning in Cyber Security Chapter 0: Important information Dr. Mohamed Mahmoud Dr. Mostafa Fouda 1 - Course I nform ation I nstructors : Dr. Mohamed M. E. A. Mahmoud Office: Brown Hall - 332 E-mail:

2.98k views • 11 slides
Presentations Evaluating the Effectiveness of Security Mechanisms at Scale David Nicol

Presentations Evaluating the Effectiveness of Security Mechanisms at Scale David Nicol

Trustworthy Cyber Infrastructure for the Power Grid Presentations Evaluating the Effectiveness of Security Mechanisms at Scale David Nicol University of Illinois Dartmouth College Cornell University Washington State

335 views • 7 slides
A Security Evaluation of Industrial Radio Remote Controllers Federico Maggi, Marco Balduzzi

A Security Evaluation of Industrial Radio Remote Controllers Federico Maggi, Marco Balduzzi

A Security Evaluation of Industrial Radio Remote Controllers Federico Maggi, Marco Balduzzi Jonathan Andersson, Philippe Lin, Stephen Hilt, Akira Urano, and Rainer Vosseler TL;DR SECURITY ANALYSIS FINDINGS TL;DR SECURITY ANALYSIS FIN

908 views • 68 slides
Evaluating the Android Security Key Scheme: An Early Usability, Deployability, Security

Evaluating the Android Security Key Scheme: An Early Usability, Deployability, Security

Evaluating the Android Security Key Scheme: An Early Usability, Deployability, Security Evaluation with Comparative Analysis Robbie MacGregor 5 th Who Are You?! Adventures in Authentication (WAY), Santa Clara, CA, USA, 2019. I did a thing so

132 views • 10 slides
A Security Kernel for Protected Module Architectures Alexandru Madalin Ghenea Master of

A Security Kernel for Protected Module Architectures Alexandru Madalin Ghenea Master of

1 A Security Kernel for Protected Module Architectures Alexandru Madalin Ghenea Master of Engineering: Computer Science Promotor: Prof. Frank Piessens Advisors: Jan Tobias Mhlberg Jo Van Bulck 2 Introduction Growing trend towards

513 views • 27 slides
1 Who am I / ? 2 IMA History and Goals 3 IMA Internals and Roadmap 4

1 Who am I / ? 2 IMA History and Goals 3 IMA Internals and Roadmap 4

Petko Manolov Konsulko Group petko.manolov@konsulko.com 1 Who am I / ? 2 IMA History and Goals 3 IMA Internals and Roadmap 4 Conclusion q Software engineer and long time Linux kernel hacker since 1995 q

210 views • 18 slides
Jack Chen Some content taken from a previous year's walkthrough by Prof. Adam Bates CS 423:

Jack Chen Some content taken from a previous year's walkthrough by Prof. Adam Bates CS 423:

CS 423Operating System Design: Introduction to Linux Kernel Programming (MP4 Walkthrough) Jack Chen Some content taken from a previous year's walkthrough by Prof. Adam Bates CS 423: Operating Systems Design Preliminaries Take stable snapshots

492 views • 33 slides
Operating System Security It is also important to understand the operations and the

Operating System Security It is also important to understand the operations and the

Security risks exist for all operating systems and are not new. It is important to know the existing threats. Operating System Security It is also important to understand the operations and the vulnerabilities of your OS. Try to

214 views • 8 slides

More recommend