Linux Security Summit Europe 2022

Oftentimes there can be a large window between a kernel vulnerability disclosure and its remediation, leaving the system open for exploitation. In this talk, we will present the design of a mechanism that can protect the Linux kernel from memory exploitation during this time window. In addition to this, this protection has the following extra advantages: 1) enabled on-the-fly without recompiling/rebooting the system. 2) independent of hardware features and hypervisor - can be widely deployed in various scenarios (e.g., embedded systems and cloud servers). 3) lightweight - overall 2% - 3% performance overhead. In this talk, we will describe the design and evaluation of this protection. We will start from its static analysis part which identifies vulnerable structures (i.e., where corruption happens) that need separation. Then, we will describe how we extend the eBPF mechanism and virtual memory allocator to isolate vulnerable structures on-the-fly and thus avoid overwriting/overreading sensitive kernel data. Finally, we will systematically evaluate the protection's performance at different levels of granularity and measure its security improvement using a set of real-world attacks.

Confidential computing protects data in use by performing computation in a hardware-based Trusted Execution Environment (TEE). One use case is that a TEE virtual machine (VM) may want to transfer the workload to a device for acceleration. In order to maintain the confidentiality of the workload, the VM should perform the device attestation to ensure that the VM is communicating with an authentic device with expected status, such as secure version number and mutable firmware measurement version. This presentation will discuss the device attestation model and how to apply the model to support the device attestation in the TEE VM, including how the VM collects the device identity and evidence information and how the VM verifies the information before accepting the device for offloading the workload.

Heterogeneous SoC architectures enable a wide range of functionalities, notably for modern IoT/edge platforms. Modern SoCs contain heterogeneous CPUs (e.g., a combination of ARM and RISC-V architectures) and peripherals. As a result, the systems stack on such devices includes multiple OSs (e.g., Linux and FreeRTOS), hypervisors, or TEEs (trusted execution environments). Hence secure partitioning and sharing hardware resources within such complex system layers is challenging. Static hardware partitioning at boot time can not satisfy most use cases' security, performance, or compatibility requirements. This talk describes a hardware-assisted dynamic partitioning framework for Linux- and TEE-based heterogeneous architectures. We first summerise state-of-the-art hardware features for fine-grained privilege separation. Then we discuss how our solution modifies the Linux kernel, trusted firmware, and TEE kernel to achieve this goal while resolving various security and functionality challenges.

The Simplified Mandatory Access Control Kernel (Smack) Linux security module was introduced in 2008 and is currently used in millions of devices. Unlike SELinux and AppArmor, Smack has never been supported by a major Linux distribution. The greatest barriers to distribution support have been that only one "major" security module can be used at a time and that there has been no example of a Smack rule set to use as a basis for a distribution's policy. In this talk Casey Schaufler, the author of Smack, will describe a new effort to create a reference set of Smack rules and apply it to a major Linux distribution. The talk starts with a description of how Smack rules work and how they differ from SELinux and AppArmor policy. It moves on to cover the threats being addressed and how a "three domain" approach provides the required protection. How a distribution to target was chosen is revealed and what steps are taken to keep the scheme flexible enough to be useful elsewhere. The current state of the effort and the identified challenges are presented. Finally, there will be an invitation for additional participation in the project.

Confidential computing protects data in use by performing computation in a hardware-based Trusted Execution Environment (TEE) such as Intel SGX or Intel’s upcoming Trust Domain Extensions (Intel TDX). Today, PCIe-attached devices are outside the TEE’s trust boundary and not allowed to read/write confidential memory. This limitation requires TEE VMs to stage the data sent or received from devices in a shared memory buffer accessible to the TEE, IO device and VMM. Further, to protect the confidentiality and integrity of data in the buffer, the data must be encrypted by the sender (either the IO device or TEE VM), transferred to the shared buffer, then decrypted by the receiving entity using software-based encryption/decryption. This process results in additional latency and overhead that negatively impacts application performance. This presentation will focus on security and software changes required to support IO in trusted execution environments. The software requirements for TEE VMs to securely use a device in the Trusted Computing Base with DMA operations against confidential memory using encryption/decryption will be discussed.