August 27 - 28 - Vancouver, BC, Canada
Click for Information & Registration
Monday, August 27 • 5:30pm - 5:40pm
Sub-system Update: Kernel Self-Protection Project - Kees Cook, Google

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
This presentation will cover the year-in-review of the Kernel Self-Protection Project since the last Linux Security Summit NA, including an overview of all the security defenses landed in kernels 4.14 through 4.18. Some highlights are vmapped stacks, structure randomization, SLUB freelist obfuscation, set_fs() checking, fast refcount_t protection, Page Table Isolation, usercopy whitelisting, VLA removals, and the stackleak plugin.

We'll also take a quick look at the evolution of kernel CVE lifetimes, find out what defenses are still under development, and note some areas where help is still needed.

avatar for Kees Cook

Kees Cook

Kernel Security Software Engineer, Google
Kees Cook has been working with Free Software since 1994, has been a Debian Developer since 2007, and has been a member of the Linux Kernel Technical Advisory Board since 2019. He is currently employed as a Linux kernel security engineer by Google, focusing on upstream kernel security... Read More →

Monday August 27, 2018 5:30pm - 5:40pm PDT
Room 301