Summary of Linux kernel security protections and attack
Linux kernel goes through very rapid changes each release. Over each release new protections and mitigations are added to make it more secure against different category of attacks. Unlike other platform, Linux security features are not advertise enough and most of the time limit to a mail thread. Since Linux is getting popular day by day in different sectors of industries, it is important for a researcher or an administrator to be aware about what protection it provide against sophisticated attacks targeting Linux kernel. In this session, I will take you through the different security features that Linux kernel has introduced over years and their limitations or bypasses. We will go though few demos to verify the working and bypasses of these protections. In the end I will discuss what is missing on Linux kernel that can be improved in future. This talk will help security researcher in identify the current Linux security protection and gaps presents in Linux kernel. With this knowledge they can tweak their product, for example an AV vendor working on Linux security need to be aware what protection is already present before working on something new. A developer dealing with Linux kernel development can also utilize this session to identify the security issues there code may hold and things they need to take care and ignore to make their modules or components secure.
Shubham Dubey
Shubham is a Security Researcher 2 at Microsoft where he works for Microsoft’s Defender product. His expertise lies in low level security and internals which includes reverse engineering, exploitation and firmware security. Prior to joining Microsoft, Shubham was Security researcher at Antivirus company working in exploit prevention team where he contributed to protect customers from 0days and vulnerabilities in the wild. Shubham has worked on multiple independent project on kernel level and firmware security. He own a security blog nixhacker.com where you will find lots of content on low level security and internals.