Open Source Security Inc. Announces World-First Fully CFI-Hardened OS Kernel
Lancaster, PA (PRWEB) February 06, 2017 -- Open Source Security Inc. is proud to announce the release of the world's first fully Control Flow Integrity (CFI)-hardened OS kernel, providing defense against code reuse attacks like Return-Oriented-Programming (ROP) through its patent-pending, type-based, high-performance, high-security, forward/backward-edge CFI implementation known as RAP. Today's release of the grsecurity® kernel-hardening solution builds on a public demo from April 2016 that implemented half of the protection scheme of RAP presented in October 2015.
RAP (short for Reuse Attack Protector) is a best-of-breed security defense for C and C++ codebases implemented through an extensive compiler plugin. Unlike competing solutions, RAP provides both high security and high performance, while effortlessly scaling to massive and complex codebases like the Chromium browser, the Linux kernel, and the Xen Project Hypervisor. Further, RAP is not dependent upon specific architectures or hardware features and thus provides commercial users with the ability to release versions of their software that protect all users against the most prevalent method of memory-corruption-based privilege escalation.
"We are excited to soon be providing this feature-complete version of RAP to stable patch subscribers as well," said Brad Spengler, president of Open Source Security Inc.
For more information on RAP, a more detailed announcement is available at https://www.grsecurity.net/rap_announce_full.php
grsecurity is a registered trademark of Open Source Security Inc.
Chromium is a registered trademark of Google Inc.
Xen Project is a registered trademark of The Linux Foundation.
Linux is the registered trademark of Linus Torvalds in the U.S and other countries.
About Open Source Security Inc.
Open Source Security Inc, the creator of grsecurity®, is a boutique security development studio and consultancy. At the forefront of Linux kernel security, it specializes in robust and high-performance defensive technologies. Today grsecurity protects millions of servers on the Internet and embedded devices in mission-critical infrastructure. For more information, visit https://www.grsecurity.net/.
Jake Luck, Open Source Security Inc., https://www.grsecurity.net, +1 949-424-7732, [email protected]
Share this article