I have a Master in CS, after which I did three years research in security (Linux kernel and fuzzing), and now I am a software engineer. I enjoy learning about as many different subjects as I can: history, economics, cultures, biology. Recently, I am insterested by interactions between many different units/systems, how to model them and the often intractable problems they create.
Master in Computer Science, 2016
Preparatory School in Physics and Chemestry, 2013
This paper surveys both the academic papers and the open-sourced tools in the field of fuzzing. We present a unified, general-purpose model to better understand the design and trade-offs of fuzzers.
Monolithic kernel is one of the prevalent configurations out of various kernel design models. While monolithic kernel excels in performance and management, they are unequipped forruntime system update; and this brings the need for kernel extension. Although kernel extensions are a convenient measure for system management, it is well established that they make the system prone to rootkit attacks and kernel exploitation as they share the single memory space with the rest of the kernel. To address this problem, various forms of isolation (e.g., making into a process), are so far proposed, yet their performance overhead is often too high or incompatible for a general purpose kernel. In this paper, we propose Domain Isolated Kernel (DIKernel), a new kernel architecture which securely isolates the untrustedkernel extensions with minimal performance overhead. DIKernel leverages hardware-based memory domain feature in ARM architecture; and prevents system manipulation attacks originated from kernel extensions, such as rootkits and exploits caused by buggy kernel extensions. We implemented DIKernel on top of Linux 4.13 kernel with 1500 LOC. Performance evaluation indicates that DIKernel imposes negligible overhead which is observed by cycle level microbenchmark.
Hi everyone. This is my first ‘technical’ blog post. I saw some people saying it helps growing your explanation skills which I sincerely lack. Thus, I decided next I struggle doing something because I feel it's quite undocumented, I'll try to make a post and explain how I did it. If even one person reads this and it's even remotely useful to them, I'll consider the job done. Ask any question, I'll be happy to answer.