Speakers
Eduardo Vela Nava
(elgooG)
Space Meyer
(1e100)
Description
Some kernel mitigations are very expensive, some others fail to adequately address classes of vulnerabilities. At the same time it is hard for users to make informed cost/benefit decisions about whether to enable a particular mitigation or not.
This presentation critically assesses a handful of past and upcoming security mitigations, proposing a data-driven evaluation of their impact on security, performance, and attack surface. We discuss lessons learned from Google's Kernel CTF and the importance of threat modeling for choosing the right kind of mitigation.
Our goal is to restart the conversation between the Kernel Development and Security Research community, which in recent years haven't always looked eye to eye.
Primary authors
Eduardo Vela Nava
(elgooG)
Space Meyer
(1e100)