Export or edit this event...

Portland Linux/Unix Group: Hardware-Assisted Fine-Grained Control-Flow Integrity: Adding Lasers to Intel's CET/IBT

placeholder for on-line events

We are using jit.si, now self-hosted, until it proves to be a problem



Portland Linux/Unix Group General Meeting Announcement

Who: João Corrêa
What: Hardware-Assisted Fine-Grained Control-Flow Integrity: Adding Lasers to Intel's CET/IBT
Where: https://li584-253.members.linode.com/PLUG
When: Thursday, September 2nd, 2021 at 7pm Pacific
Why: The pursuit of technology freedom

his talk presents FineIBT, a compiler-based enhancement that enables fine-grained forward-edge Control-Flow Integrity (CFI) policies on top of Intel's Control-flow Enforcement Technology (CET). By combining the new hardware features with compiler instrumentation, FineIBT anchors indirect control transfers to sanity checks, enabling policies more restrictive than those supported solely by CET and increasing its effectiveness against control-flow hijacking attacks. An evaluation through custom benchmarks shown that FineIBT provides similar security guarantees with less performance costs when compared to Clang CFI, retaining its penalty between 1% and 7% while the latter added overheads between 5% and 53%. Beyond that, FineIBT also has other perks, such as benefiting from the CET's hardening against transient execution attacks and not depending on Link-Time Optimizations. This talk will explore the FineIBT implementation recently sent to the kernel-hardening mailing list, then discuss specific scenarios, such as how it could be used in the Linux kernel, possible improvements and expected challenges. Technical reference: https://www.openwall.com/lists/kernel-hardening/2021/02/11/1

Joao is an Offensive Security Researcher at Intel. His research interests are mostly focused in compiler-enabled features and analyses, but he will normally be down to chat about anything that involves binaries. Joao holds a PhD from the University of Campinas, where he worked on kCFI, a Control-Flow Integrity implementation for the Linux kernel (featured at Black Hat Asia 2017) and he also spent some time working for SUSE, where he bootstrapped the development of libpulp, an user-space live patching framework (featured at Linux Developers Conference Brazil 2019 and SUSE Labs Conference 2018).

PLUG is open to everyone and does not tolerate abusive behavior on its mailing lists or at its meetings.