github/linuxkit
1
0
Fork 0
mirror of https://github.com/linuxkit/linuxkit.git synced 2025-10-31 08:50:30 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #2153 from riyazdf/sig-memorizer-notes

Browse Source 
sig-security: add meeting notes from 2017-07-05
This commit is contained in:
Riyaz Faizullabhoy
2017-07-05 13:58:42 -07:00
committed by GitHub
parent bfb82fb8aa aaa39763b4
commit 3f89a60736
1 changed files with 42 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

42
reports/sig-security/2017-07-05.md
View File

@@ -20,3 +20,45 @@ Previous meeting notes: [2017-06-21](2017-06-21.md)
- Next meeting: 2017-07-19 - Next meeting: 2017-07-19
- deep dive TBD - deep dive TBD
- we can propose additional deep dives and discussion topics! - we can propose additional deep dives and discussion topics!
## Meeting Notes
Scribe: @mgoelzer
- Next meeting: July 19th
- Automatic Privilege Separation
- OPS = opportunistic privilege separation (meta project)
- Our infra operates on a large, untrusted code base. Easily exploitable. “Titanic”
- Lots of layers of vulnerable code.
- Lots of code. E.g., Every version of Linux kernel is >1000 developers contributing
- Monolithic
- Strategies to address these problems:
- Replace (microkernel), or
- Harden + Separate
- Harden = making external shell more resistant to attack
- Separate = each internal component having minimal privileges so even a compromised component can do only limited damage (eg SELinux, Landlock)
- What about flipping the script? - by default everything is protected and then whitelist
- In contrast to current model where by default you have access to everything and then you bolt on protections after the fact
- Limitations of existing approaches
- No ephemeral state
- manual policy
- dont address kernel principles
- lack of visibility into app
- (others mentioned)
- Tools / Projects:
- OPS (Opportunistic Priv. Sep.): end to end approach for fine grained security policy retrofitting
- Core hypoth: we can automatically derive policies from system behavior. Use ML to set up initial separation policy.
- Similar to an optimizing compiler.
- LINX: linux nested kernel
- kr^x: kernel randomization
- Memorizer: dynamic tracer
- Creates “maps” (like CAPs)
- CAPMAPs
- Takes kernel source -> pass it through instrumentation (piggybacking on kernel address sanitizer to hook all allocations with KASAN) -> now all allocs are hooked
- Stack is hooked through KASAN
- SLICE