Coursera Flash Sale
40% Off Coursera Plus for 3 Months!
Grab it
Explore a comprehensive conference talk examining a decade of Linux kernel security improvements through the Linux Kernel Self-Protection Project. Learn about the systematic approach to eliminating entire bug classes and blocking exploitation methods that has transformed Linux security since 2015. Discover how critical vulnerabilities like VLAs, setfs(), switch fall-through, and stack variable zeroing have been completely eliminated, while gaining insight into widespread mitigation coverage for refcount overflow, FORTIFY_SOURCE, allocation overflow, and array overflow issues. Understand the exploit blocking mechanisms now protecting the kernel including vmap stack, W^X enforcement, KASLR, slab hardening, %p hashing, IBT/BTI, SCS, and KCFI implementations. Examine attack surface reduction techniques such as seccomp, __ro_after_init, and lockdown features that have strengthened kernel security. Analyze the measurable impact of these security enhancements through bug class frequency and severity trend data, and explore emerging challenges like Use After Free vulnerabilities that represent the next frontier in kernel self-protection research and development.
