Stop! Sandboxing Exploitable Functions and Modules Using In-Kernel Machine Learning
Unknown
Black Hat USA 2024 · Day 1 · Briefing
This talk introduces a novel approach to addressing a critical vulnerability window in kernel security: the period between a vulnerability's discovery and the deployment of an official patch. Focusing on the pervasive challenge of **legacy objects** in memory, the speakers propose an innovative solution that leverages **in-kernel machine learning** to provide on-the-fly protection. The core problem highlighted is the inability of current runtime sandboxing techniques to effectively monitor and protect objects that were allocated before the security solution itself was deployed, leaving a significant attack surface for sophisticated adversaries.