Open Source Security Inc. Announces World-First Fully CFI-Hardened OS Kernel

Share Article

The test patch for grsecurity® released today demonstrates a fully-featured version of RAP, a high-performance and high-security implementation of Control Flow Integrity (CFI). RAP is available commercially with a number of added benefits, including the ability to protect userland applications.

RAP provides commercial users with the ability to release versions of their software that protect all users against the most prevalent method of memory-corruption-based privilege escalation.

Open Source Security Inc. is proud to announce the release of the world's first fully Control Flow Integrity (CFI)-hardened OS kernel, providing defense against code reuse attacks like Return-Oriented-Programming (ROP) through its patent-pending, type-based, high-performance, high-security, forward/backward-edge CFI implementation known as RAP. Today's release of the grsecurity® kernel-hardening solution builds on a public demo from April 2016 that implemented half of the protection scheme of RAP presented in October 2015.

RAP (short for Reuse Attack Protector) is a best-of-breed security defense for C and C++ codebases implemented through an extensive compiler plugin. Unlike competing solutions, RAP provides both high security and high performance, while effortlessly scaling to massive and complex codebases like the Chromium browser, the Linux kernel, and the Xen Project Hypervisor. Further, RAP is not dependent upon specific architectures or hardware features and thus provides commercial users with the ability to release versions of their software that protect all users against the most prevalent method of memory-corruption-based privilege escalation.

"We are excited to soon be providing this feature-complete version of RAP to stable patch subscribers as well," said Brad Spengler, president of Open Source Security Inc.

For more information on RAP, a more detailed announcement is available at https://www.grsecurity.net/rap_announce_full.php

grsecurity is a registered trademark of Open Source Security Inc.
Chromium is a registered trademark of Google Inc.
Xen Project is a registered trademark of The Linux Foundation.
Linux is the registered trademark of Linus Torvalds in the U.S and other countries.

About Open Source Security Inc.

Open Source Security Inc, the creator of grsecurity®, is a boutique security development studio and consultancy. At the forefront of Linux kernel security, it specializes in robust and high-performance defensive technologies. Today grsecurity protects millions of servers on the Internet and embedded devices in mission-critical infrastructure. For more information, visit https://www.grsecurity.net/.

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Jake Luck
Visit website