Coursera Flash Sale
40% Off Coursera Plus for 3 Months!
Grab it
Explore the Linux Kernel Runtime Guard (LKRG) 1.0 in this 48-minute conference talk that provides comprehensive coverage of a critical kernel security module. Learn about LKRG's runtime integrity checking capabilities for the Linux kernel, including detection of security vulnerability exploits, prevention and response mechanisms for successful attacks, and encrypted remote logging functionality. Discover the project's evolution from its 2018 public release under the Openwall umbrella to its current mature 1.0 status, supported by organizations like Binarly and CIQ. Understand LKRG's security and threat models, examine its technical implementation methods, and see how it fits within the broader landscape of kernel hardening solutions, from kernel patches to eBPF technologies. Gain insights into the challenges of maintaining an out-of-tree kernel module that hooks into numerous unexported kernel functions while supporting an extensive range of kernel versions from CentOS 7's "3.10" to the latest 6.x mainline releases. Explore the project's continuous integration practices, the various trade-offs involved in development, and its proven effectiveness against rootkits and exploits in production environments. Learn about known bypasses and the development team's approach to addressing them, review the most challenging bugs and risk assessments encountered, and understand current adoption patterns in distributions and commercial products. Discover future development plans focusing on enhanced maturity, improved self-protection mechanisms, and expanded detection and prevention capabilities for userspace attacks.
