No announcement yet.

(Rodrigo Rubira Branco) Kernel Intrusion Detection System

This topic is closed.
  • Filter
  • Time
  • Show
Clear All
new posts

  • (Rodrigo Rubira Branco) Kernel Intrusion Detection System

    I've been informed this presentation will not be happening (closed)

    Rodrigo Rubira Branco, Software Engineering/IBM

    This presentation intend to cover specifically the most necessary and more undocumented area of the computer security: attacks to the core of the systems (Kernel-level attacks—which can defeat the existing security models).

    As all we know, security systems generally runs with the kernel privilegies (like pax, lids, selinux and more others) and can be bypassed if the kernel itself has been compromised.

    Attempts to protect the kernel mode (like canary protection into the kernel mode, introduced by windows2003 and pax-randkstack/noexec protections) exist, but are restrict in protecting the exploitation, not preventing the exploitation consequences.

    St. Michael is an open-source project, that covers Solaris and Linux (in the future, I plan to port it to NetBSD systems too) and try to offer a security integrity checks into that systems (it will check filesystem, kernel structures and MBR of the system against any attempt to change or any changes, and have the capability to recover the system or take it down).

    During the presentation, many test-attacks will be used to explain how the StMichael actually works to defeat/detect attacks. Also, a sample will be showed, using StMichael and many others kernel security related tools (special focus into PAX).

    Rodrigo Rubira Branco (BSDaemon) is a Software Engineer at IBM, member of the Advanced Linux Response Team (ALRT), part of the IBM Linux Technology Center (IBM/LTC) Brazil.

    He is the maintainer of the St. Michael/St. Jude projects and the developer of the SCMorphism and has talks at the most important security-related events in the Brazil (H2HC, SSI, CNASI). Also, he is member of the Rise Research.