Linux Security Submit USA 2018

Some new features of kernel security

Posted by jiayy on August 28, 2018

Yesterday (20180827) on the Linux Security Submit USA 2018, Jeff Vander Stoep and Sami Tolvanen from Google brought their talk Year in Review: Android Kernel Security

In this talk, they released some valuable information about android kernel security:

  • 1/3 of android vulnerabilities belong to kernel
  • the attack surface reduction mitigation (such as selinux) works very well
  • other userspace-> kernel mitigations: hardened usercopy and PAN
  • other access vectors such as : wifi/usb/dsp/bluetooth/modem lack mitigations
  • first android devices with LTO+CFI kernels will ship this year CFI of LLVM

The most important thing is the introduction of CFI