Play all

Intro

Kernel Self Protection Project

C as a fancy assembler almost machine code

C as a fancy assembler: undefined behavior

Variable Length Arrays are bad

Variable Length Arrays are slow

Switch case fall-through did I mean it?

Switch case fall-through: new statement

Switch case fall-through new statement

Always-initialized local variables: just do it

Always-initialized local variables switch gotcha

Arithmetic overflow detection Clang :

Bounds checking: explicit checking is slow

Bounds checking memory tagging :

Control Flow Integrity: indirect calls

CFI, forward edges: enforce prototype :

CFI, backward edges: two stacks

CFI, backward edges: shadow call stack . Clang's Shadow Cal Stack

CFI, backward edges: hardware support

Where is the Linux kernel now?

Challenges in Kernel Security Development

Description:

Explore the efforts to enhance C language safety in Linux kernel development through this informative conference talk by Kees Cook from Google. Delve into various strategies for mitigating security vulnerabilities and undefined behaviors inherent in C programming. Learn about removing Variable Length Arrays, enforcing stack variable initialization, implementing implicit bounds checking, handling arithmetic overflows, and protecting function calls with Control Flow Integrity. Gain insights into the Linux kernel's approach to modifying C standards and redefining undefined behaviors to create a more secure codebase. Discover the challenges faced in kernel security development and the ongoing work to make C less hazardous for critical infrastructure.

Making C Less Dangerous

Linux Foundation

Add to list

#Conference Talks #Programming #Programming Languages #C Programming #Information Security (InfoSec) #Cybersecurity #Control-Flow Integrity