logo
Dates

Author


Conferences

Tags

Sort by:  

Authors: Roman Volosatovs, Jarkko Sakkinen
2022-09-16

We go through the current state of the Intel SGX support in the Linux kernel and userland. The topics covered include the kernel interface and its features, and available confidential computing run-times supporting SGX. Since getting into the mainline kernel late 2020, the SGX software ecosystem has started to get mature enough for production, and is the only cloud-scale confidential computing technology fully in the mainline kernel so far.
Authors: Yueqi Chen, Zhenpeng Li
2022-09-15

tldr - powered by Generative AI

The presentation discusses the use of hard BPF for dynamic memory separation to protect against memory corruption vulnerabilities.
  • Dynamic memory separation is necessary to protect against memory corruption vulnerabilities
  • Hard BPF is a tool that can be used for dynamic memory separation
  • The hard BPF design involves an agent in the user space and a BPF program in the kernel
  • The BPF program intercepts the allocation of vulnerable objects and diverts them to a v-metal region
  • One-time allocation is guaranteed to prevent use after free exploitation techniques
Authors: Gustavo A. R. Silva
2022-09-15

tldr - powered by Generative AI

The presentation discusses the importance of removing ambiguity from the kernel and adopting the use of flexible array members to improve security. The speaker shares their experience with transforming one-element arrays to flexible array members and the challenges they faced.
  • Flexible array members should be used instead of one-element arrays to prevent vulnerabilities
  • Transforming one-element arrays to flexible array members is time-consuming and requires careful verification
  • Sanity checking can be added to all trailing arrays through the use of a fortified main copy
  • Monitoring code check-ins can help prevent the introduction of one-element arrays