Today Linux Kernel is being used on various devices & platforms. So there are a lot of features in Linux kernel to support them, more than 30 architectures, 300 feature groups, 20,000 configuration options. The variety of features widens attack surface of Linux kernel, e.g. CVE-2016-3955: Buffer overflow in USB/IP, CVE-2017-6074: a double-free in DCCP. As a result, Linux kernel is needed to tailor as its intended use. However, the configuration is hard due to the excessive number & choices. Although there are also preceding methods like undertaker-tailor, kernel make option (localmodconfig) that are unpractical & insufficient. In this presentation, we introduce a improved approach that is a fully automatic system to tailor Linux kernel. First, we go through pros & cons of related works, and then we describe a design of our system, demonstrate how our system works and minimize Linux kernel.
Cyber Security Researcher, The Affiliated Institute of ETRI
Junghwan Kang is a senior security researcher at The Affiliated Institute of Electronics and Telecommunications Research Institute of South Korea. He has focussed on systematic methods and techniques to harden the security for a customized Linux distribution for years. Junghwan Kang... Read More →