
Exploit Mitigation Techniques in OpenBSD (2005) - kercker
https://www.openbsd.org/papers/ven05-deraadt/mgp00001.html
======
nickpsecurity
Of tactical approaches, the OpenBSD team has clearly done the best job. I
still advocate fixing root causes or high-confidence mechanisms wherever
possible. They merit praise for what they pull off on the other side of the
fence with UNIX apps I'd have little confidence in protecting outside of
costly, isolation architectures and obfuscation schemes.

This is my favorite, though, as it's a high-assurance principle in action:

"When you free() an object >= pagesize, it gets unmapped using munmap().
Therefore, _access after free() becomes a detectable crash._ "

That's the fail-safe principle in action per Saltzer and Shroeder. Can't stop
every, potential failure in some area? Just make it crash hard, noticeably,
and hopefully with enough detail to spot & fix the problem. Another line of
research in high-assurance CompSci is to, via hardware or software, taint the
incoming data with optional profiles of system code that stops and details
circumstances of any code injection. Always interesting stuff developing along
these lines.

Far as Saltzer and Shroeder principles, I accidentally found this in Google
that explains them with Star Wars scenarios. Pretty good.

[http://emergentchaos.com/the-security-principles-of-
saltzer-...](http://emergentchaos.com/the-security-principles-of-saltzer-and-
schroeder)

------
DennisP
Have these techniques been incorporated into Linux since then?

~~~
anjbe
Theo gave an update at the 2013 ruBSD conference:
[http://www.openbsd.org/papers/ru13-deraadt/](http://www.openbsd.org/papers/ru13-deraadt/)

~~~
protomyth
The video from ruBSD
[https://events.yandex.com/events/ruBSD/2013/talks/103/](https://events.yandex.com/events/ruBSD/2013/talks/103/)

plus a bonus interview

