Mitigating Linux kernel memory corruptions with Arm Memory Tagging | Linux Security Summit 2021
Memory tagging is coming to kill all of your favorite Linux kernel exploits!
Memory Tagging Extension (MTE) is an ARM v8.5 feature that enables hardware-assisted validation of the correctness of memory accesses. In a nutshell, MTE allows assigning tags to memory allocations, as well as to pointers that refer to those allocations. When a pointer is accessed, the CPU performs a validity check that ensures that the memory tag matches the pointer tag.
In this talk, I explain how MTE is used to assert the validity of kernel memory accesses. I describe the newly added Hardware Tag-Based KASAN mode, its weaknesses, and planned improvements.
Slides:
Twitter:
Website:
00:00 Intro
03:16 Memory tagging
04:49 Arm Memory Tagging Extension
10:28 In-kernel MTE or Hardware Tag-Based KASAN
13:19 Preventing memory corruptions
1 view
1145
404
10 months ago 02:00:03 1
Metasploit For Beginners to Expert ||The Basics Modules, Exploits And Payloads
11 months ago 00:27:35 1
Mitigating Linux kernel memory corruptions with Arm Memory Tagging | Linux Security Summit 2021
1 year ago 00:09:44 1
The Biggest Linux Security Mistakes
1 year ago 00:09:21 4
Cyberpunk 2077 2.0 Update: Phantom Liberty | Linux VS Windows Performance Tested
1 year ago 00:14:26 1
New Linux tablet, GNOME 45 beta, COSMIC theming, SUSE goes private: Linux & Open Source News
1 year ago 05:16:30 2
Hacking Active Directory for Beginners (over 5 hours of content!)
1 year ago 00:10:14 1
India Dumps Microsoft Windows | Switches to locally developed ‘MAYA OS’ for better security | UPSC
2 years ago 00:15:25 3
Nobara 38 With Davinci Resolve, Payday 2, GStreamer codecs & improves support for XBox controllers
2 years ago 00:13:13 1
How the Nintendo Switch Security was defeated | MVG
2 years ago 00:24:04 1
They said this doesn’t work 🤣 Hacking networks with VLAN hopping and Python
2 years ago 00:11:47 1
How to secure mongodb database when in Docker container
2 years ago 00:24:25 4
Here’s How They Built The Most Secure Phone On The Planet
3 years ago 00:12:09 5
Destroy a network using a simple Python script // Hack routers with this Scapy DoS Attack
5 years ago 00:39:15 1
[ENG] Evgeniy Paltsev: Self modifying code in Linux kernel - what where and how / #LinuxPiter
5 years ago 00:40:48 1
[ENG] Marian Marinov: Comparison of eBPF, XDP and DPDK for packet inspection / #LinuxPiter
8 years ago 00:55:35 4
Alexander Krizhanovsky: “Tempesta FW: yet another Linux kernel Web-accelerator“ [ENG]