UP | HOME
../../ | NoSlides

Lab on Kernel Hardening

Table of Contents

1 Background

  1. Prerequisite:: Successful completion of SysCalls lab.
  2. Prerequisite:: Apply all known patches for security. http://www.linuxsecurity.com/
  3. Prerequisite:: Build a kernel yourself. Be fully conversant with creating a .config file.
  4. Admitted:: We do not know deep-enough about the OS Kernels in general, and Linux Kernel in particular.
  5. Goal:: Even so, we can successfully build and deploy a secure kernel.
  6. Awareness:: On my Kubuntu system, grep apparmor /proc/kallsyms | wc -l produces 80, and grep selinux /proc/kallsyms | wc -l produces 288. Check your system.

2 Tasks

  1. In each task, you are expected to build, document your build, deploy, and demo the deployed kernel. All of these should be thoroughly described in the report.

2.1 Task: Kernel with No-SELinux [20 points]

  1. Include AppArmor, Exclude SELInux. Show that grep selinux /proc/kallsyms | wc -l comes out as (near) zero.
  2. Provide 5 extra slots for new syscalls in the sys-call-table

2.2 Task: Kernel with No-AppArmor [20 points]

  1. Exclude AppArmor, Include SELInux. Show that grep apparmor /proc/kallsyms | wc -l comes out as (near) zero.
  2. Provide 5 extra slots for new syscalls in the sys-call-table

2.3 Task: Devious Kernel [20 points]

  1. Build a devious kernel that does contain known bugs. We expect to use such kernels in labs.
  2. Focus on PIE (Position Independent Code). See the references.
  3. Write a users' manual.

2.4 Task: Kernel Built by LLVM [20 points]

  1. Build the "No-SELinux Kernel" above with LLVM, an alternate C compiler and build system.
  2. Demonstrate that you are conversant with Unit tests for known LLVM Linux Bugs. Study https://blog.regehr.org/archives/1450 Testing LLVM.

3 Submission

  1. [15 points] Lab Report quality, compliance, and completeness. [5 points] Include a journal. By the hour. You must follow the Lab Report Template. There should be a section on each of the tasks. A couple of lines of an answer to each (implied/ explicit) question/ discussion item. Must number them as in this document.
  2. Use good judgment in (i) what to submit and (ii) what to omit and (iii) how long the report becomes. Do not make the report way longer than, say, 20 pages. It is possible to remain under 20 pp, and receive full score. Lack of judgment earns negative points.
  3. Submit relevant files of source code that you wrote, and of text. Always interpret the results.
  4. Submit a PDF file named exactly Report-L7.pdf, and a tarball L7.tbz [created with tar cfjvv L7.tbz source-files* ]. (Scripts are used to check various things – so file names should obey such "rules".)

4 References

  1. Prabhaker Mateti, Lecture Notes on Linux Kernel Hardening, 2018.
  2. https://www.vulnhub.com/ "To provide materials that allows anyone to gain practical hands-on experience in digital security, computer software & network administration. " Required Visit.
  3. PIE (Position Independent Executables) Exploit https://nvd.nist.gov/vuln/detail/CVE-2017-1000253 Awareness Reference
  4. https://llvm.org/devmtg/2012-04-12/Slides/Mark_Charlebois.pdf 30+ slides. 2012. Compiling Linux with LLVM. Awareness Reference

5 End

Copyright © 2018 www.wright.edu/~pmateti • 2018-11-28