Session Leader: emaste
Notes: https://hackmd.io/oZVxl9w7RkSMZmXow_3Gig (content has been migrated to this page)
CPU Security
Architectural Security Features
- SGX
- Ruslan update
- theraven: having paging support in FreeBSD is useful
- GELI
- QEMU, hardware in test cluster perhaps
- MKTME - per-page-table encryption
- and AMD equivalent
- TPM support
- libtrousers
- IBT (Indirect Branch Tracking)
- toolchain support: available for amd64 today
- amd64 requires kernel support for alternate permission bits (not in PTEs)
- Shadow Stack
- breaks retpoline
- Google thing: xor RA with stack pointer
- Pointer Authentication (Arm)
http://events17.linuxfoundation.org/sites/events/files/slides/slides_23.pdf
- ARMv8.3-A paciasp autiasp
- PAC in previously reserved bits (e.g. 7 or 15 bits)
- auth failure results in invalid pointer (non-canonical)
- Clang support state unknown
- subset are in nop space on previous
- Linux using for PLTGOT
- Return address protection
- can use return address as stack canary
- PXN, UXN, PAN, SMAP, SMEP
- arm64, amd64 - believe done?
- RISC-V not yet
- POWER ???
- IOMMU use
- who will do it?
- Tagged pointers
- research area
- software implementations - high overhead
- may appear in llvm
- CHERI
- how do we promote the knowledge that pointers are not integers?
- type-aware copyin/copyout ; clang-generated marshal/unmarshal code
Speculative Execution
- RH talk - static analysis
- smatch - some support for finding v1 gadgets
Clang SLH http://llvm.org/docs/SpeculativeLoadHardening.html
Policy Questions
- How do we ensure this actually gets used?
- e.g. GELI TPM
- ssh-agent
- shipping kernel modules as LLVM IR?
- Windows virtualization based security
- hyper-v enclaves
- virtual TPM
Vulnerability Mitigations
- Kernel memory permissions
- kernel segments done for amd64, needs to be done for everything else
- kernel modules
- fairly straightforward
- mips, amd64 use .o, everything else .so
- opportunity to find RW memory that could be demoted to RO
- W^X
- ASLR