Linux kernel security is a very complex topic. To learn it, I created a Linux Kernel Defence Map showing the relationships between:
- Vulnerability classes
- Exploitation techniques
- Bug detection mechanisms
- Defence technologies
These kernel defence technologies have the corresponding Kconfig options.
A lot of them are not enabled by the major Linux distributions.
So I created a kconfig-hardened-check tool that can help to examine security-related options in your Linux kernel config.
In this short talk we will follow the Linux Kernel Defence Map and explore the kconfig-hardened-check tool.
|I agree to abide by the anti-harassment policy||I agree|