September 27-30, 2021
Seattle, Washington, USA + Virtual
View More Details & Registration

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for Open Source Summit + Embedded Linux Conference + OSPOCon 2021 to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

This schedule is automatically displayed in Pacific Daylight Time (UTC -7). To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date." The schedule is subject to change.

IMPORTANT NOTE: Timing of sessions and room locations are subject to change.

Back To Schedule
Tuesday, September 28 • 5:00pm - 5:50pm
(VIRTUAL) Lessons Learned Applying Compile-time Hardening Options for Security-Critical Program Binary in Linux - ChulWoo Lee, The Affiliated Institute of ETRI

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
Compile-time hardening options are usually used to protect program binary against memory corruption attacks. Programs included in current Linux distributions are built with default hardening options like Stack Canary, ASLR, NX bit, and RELRO. However, these default settings aren’t enough to mitigate memory corruption attacks as there are various exploit skills to bypass the mitigation techniques without difficulty. To fill the bypass hole, many groups like KSPP (Kernel Self Protection Project), Android try to enable a more sophisticated hardening option like Clang CFI(Control Flow Integrity), Safestack to their packages. This presentation shows the results of enabling Clang CFI and Safestack and rebuilding packages that are considered important for security on Linux distributions such as systemd, sudo, passwd. When the hardening options are enabled, a number of build and testing errors occurs in many packages. But the errors can be fixed through several ways. These lessons are expected to be useful for Linux developers who are interested in hardening program binaries and system administrators who want to improve the security of a Linux system in operation.


ChulWoo Lee

Cyber Security Researcher, The Affiliated Institute of ETRI
ChulWoo Lee is a senior security researcher at The Affiliated Institute of Electronics and Telecommunications Research Institute of South Korea. He has interested in testing and hardening of Linux application for years. Currently, he research for implementing security mitigation techniques... Read More →

Tuesday September 28, 2021 5:00pm - 5:50pm PDT
MeetingPlay Platform + Virtual Learning Lab
  Linux Systems, Security