Abstract
The Linux kernel Berkeley Packet Filter (BPF) and its Just-In-Time (JIT) compiler are actively used in various pieces of networking equipment where filtering speed is especially important. In 2012, the Linux BPF/JIT compiler was shown to be vulnerable to a JIT spray attack; fixes were quickly merged into the Linux kernel in order to stop the attack. In this paper we show two modifications of the original attack which still succeed on a modern 4.4 Linux kernel, and demonstrate that JIT spray is still a major problem for the Linux BPF/JIT compiler. This work helped to make the case for further and proper countermeasures to the attack, which have then been merged into the 4.7 Linux kernel.
| Original language | English |
|---|---|
| Title of host publication | Network and System Security - 11th International Conference, NSS 2017, Proceedings |
| Publisher | Springer |
| Pages | 233-247 |
| Number of pages | 15 |
| Volume | 10394 LNCS |
| ISBN (Print) | 9783319647005 |
| DOIs | |
| Publication status | Published - 2017 |
| MoE publication type | A4 Article in a conference publication |
| Event | International Conference on Network and System Security - Helsinki, Helsinki, Finland Duration: 21 Aug 2017 → 23 Aug 2017 Conference number: 11 |
Publication series
| Name | Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) |
|---|---|
| Volume | 10394 LNCS |
| ISSN (Print) | 0302-9743 |
| ISSN (Electronic) | 1611-3349 |
Conference
| Conference | International Conference on Network and System Security |
|---|---|
| Abbreviated title | NSS |
| Country/Territory | Finland |
| City | Helsinki |
| Period | 21/08/2017 → 23/08/2017 |
Keywords
- Berkeley Packet Filter
- JIT spray
- Network security