Giter VIP home page Giter VIP logo

krx's Introduction

kR^X: Comprehensive Kernel Protection Against Just-In-Time Code Reuse

+--------------------+ [+] kR^X Distribution| +--------------------+

Our kR^X bundle contains the following directories:

[*] `src': This directory contains the code of that implements the
	protection. Within it, it contains the following:

	[*] `configs': This directory contains the config files for the
		Linux kernel v3.19 that we used when 
		implementing/testing kR^X.
	[*] `utils': This directory contains some necessary utilities
		(`as' wrapper and AWK script) used by kR^X.
	[*] `linux-3.19-krx.patch': The Linux kernel (v3.19) patch
		necessary for placing the code on the top of the address
		space and setting up the MPX `bnd0' register (so that
		it can be used when using the MPX protection scheme).

Currently this repo does not contain the GCC plugins that perform the SFI/MPX enforcement and the fine-grained KASLR plugins (randomizations and return address protection schemes). We will add them as soon as possible and update this document with instructions on how to use them.

+-------------+ [+] Using kR^X| +-------------+

To use kR^X you need to follow the instructions below (we assume a Debian/Linux distribution):

[0.1] Download and untar the Linux kernel v3.19
	wget https://www.kernel.org/pub/linux/kernel/v3.x/linux-3.19.tar.gz
	tar xfz linux-3.19.tar.gz

[0.2] Update the location of the repo (for the rest of this document we assume that the repo was deployed in `/home/marios/krx')
	sed -i.bak 's/REPO_DIR/\/home\/marios\/krx/' /home/marios/krx/src/utils/as_wrapper.sh

[1] Patch the Linux kernel
	cd linux-3.19
	patch -p1 < /home/marios/krx/src/linux-3.19-krx.patch

[2] Setup the `as' wrapper
	sudo mv /usr/bin/as /usr/bin/as.old && sudo ln -s /home/marios/krx/src/utils/as_wrapper.sh /usr/bin/as

[3] Configure the kernel (in this example we use `config-3.19-amd64.krx.deb' which is similar to the default Debian config file)
	cp /home/marios/krx/src/configs/config-3.19-amd64.krx.deb ./.config
	make oldconfig

[4] Build the kernel
	make -j12

krx's People

Contributors

mpomonis avatar

Stargazers

avatar Jinyan Xu avatar avatar avatar Tim avatar Suphannee Sivakorn avatar Hyungjoon (Kevin) Koo avatar Nathan Dautenhahn avatar ANKIT CHANDRA avatar Nick Vitsas avatar Theofilos Petsios avatar

Watchers

Vasileios Kemerlis avatar

Forkers

hardsecurity

krx's Issues

Missing gcc plugin

@mpomonis I see it's been a while and you've not yet uploaded the source code for the gcc plugin for finer grained KASLR. I'd really like to see it. Are you still planning on doing this, or have you moved the code to a different location? Thanks!

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.