The introduction of W^X memory policies and the subsequent mitigation of return-to-user attacks, tackled the efficiency of code injection techniques on the exploitation of kernel-level vulnerabilities, rendering return-oriented programming (ROP) into one of the most prominent adversaries for system security. Control-Flow Integrity (CFI) is an effective defense against ROP, but despite its many refinements during the past decade and its recent deployment for the protection of user-space applications, it has received significantly less attention for the kernel setting. The few existing kernel-level CFI proposals either apply an overly permissible coarse-grained policy, which can be easily bypassed by sophisticated ROP attacks, or do not support dynamically loadable kernel modules.
by João Moreira
Full Abstract: https://www.blackhat.com/asia-17/briefings/schedule/index.html#drop-the-rop-fine-grained-control-flow-integrity-for-the-linux-kernel-5424