Description
KASAN is a kernel sanitizer commonly combined with fuzzing techniques to detect memory corruption bugs, some of which could lead to security compromise. Currently, FreeBSD's KASAN can only detect a subset of temporal safety vulnerabilities due to the lack of a delayed freeing mechanism of freed items. Furthermore, the effectiveness of detecting spatial safety vulnerabilities is also limited because FreeBSD's KASAN does not add redzone padding around UMA allocations.
In this talk, I will present my current work on improving the effectiveness of KASAN by extending it with a quarantining mechanism and injecting redzones around UMA allocations. The development was done on CheriBSD, a fork of FreeBSD with CHERI support, to explore the synergy between CHERI and KASAN. I plan to upstream the relevant improvements to FreeBSD.
One-line summary | This talk discusses improvements to FreeBSD KASAN to address current weaknesses. |
---|