Security

GWP-ASan: Sampling heap memory error detection in-the-wild

Posted on

Posted by Vlad Tsyrklevich, Dynamic Tools TeamMemory safety errors, like use-after-frees and out-of-bounds reads/writes, are a leading source of vulnerabilities in C/C++ applications. Despite investments in preventing and detecting these errors in Chrome, over 60% of high severity vulnerabilities in Chrome are memory safety errors. Some memory safety errors don’t lead to security vulnerabilities but […]

Security

OpenTitan – open sourcing transparent, trustworthy, and secure silicon

Posted on

Posted by Royal Hansen, Vice President, Google and Dominic Rizzo, OpenTitan Lead, Google Cloud Security begins with secure infrastructure. To have higher confidence in the security and integrity of the infrastructure, we need to anchor our trust at the foundation – in a special-purpose chip.Today, along with our partners, we are excited to announce OpenTitan – […]

Security

How Google adopted BeyondCorp: Part 4 (services)

Posted on

Posted by Guilherme Gonçalves, Site Reliability Engineer and Kyle O’Malley, Security Engineer IntroThis is the final post in a series of four, in which we set out to revisit various BeyondCorp topics and share lessons that were learnt along the internal implementation path at Google.The first post in this series focused on providing necessary context for […]

Security

Protecting against code reuse in the Linux kernel with Shadow Call Stack

Posted on

Posted by Sami Tolvanen, Staff Software Engineer, Android Security & Privacy Team The Linux kernel is responsible for enforcing much of Android’s security model, which is why we have put a lot of effort into hardening the Android Linux kernel against exploitation. In Android 9, we introduced support for Clang’s forward-edge Control-Flow Integrity (CFI) enforcement […]

Security

Identifying and Arresting Ransomware Criminals

Posted on

The Wall Street Journal has a story about how two people were identified as the perpetrators of a ransomware scheme. They were found because — as generally happens — they made mistakes covering their tracks. They were investigated because they had the bad luck of locking up Washington, DC’s video surveillance cameras a week before […]