Coursera Flash Sale
40% Off Coursera Plus for 3 Months!
Grab it
Learn about a new technique for detecting and stopping 0-day exploitations in the Linux kernel through this 28-minute Black Hat presentation. Discover how dynamic sandboxing of exploitable functions and modules can be deployed in scenarios where service interruption and system reboots are unacceptable, while maintaining minimal performance overhead and memory footprint. Explore two key innovations: an eBPF-based runtime checking mechanism ensuring code integrity, data integrity, and argument authentication, and kernel-embedded machine learning models that detect malicious exploitation behaviors. See a demonstration using CVE-2022-0995 as a case study with detailed measurement results. Understand how this technique can be applied when loading device drivers from untrusted vendors, detecting in-the-wild exploits, and preventatively sandboxing low-quality kernel code with vulnerability histories. Presented by researchers from the University of Colorado Boulder, Arizona State University, and Nanjing University.
