Loading…
Don’t miss the Linux Security Summit, be sure to register now! 
View analytic
Friday, August 26 • 15:45 - 16:30
Integrity Protection and Access Control - Who Do You Trust? - Glenn Wurster, BlackBerry

Sign up or log in to save this to your schedule and see who's attending!

Without file-system and boot integrity for all storage, on-line access control against a physical attacker is a masquerade. Using an off-line attack, an attacker can change the permissions, contents, and even the SELinux label of a file not integrity protected. What does SELinux do if it can't trust its labels? One solution is to encrypt all file-systems using hardware backed keys. In this talk I will start by talking about a LSM created for the BlackBerry Priv that ties running with elevated privileges (including SEAndroid domains) to integrity protection. The approach is designed to limit the risk of a system service executing a binary on the user data partition with elevated privileges. After talking about the specific LSM developed, I will expand the focus to the general intersection between integrity protection and access control.

Speakers
avatar for Glenn Wurster

Glenn Wurster

Principal Security Researcher, BlackBerry
Glenn Wurster is currently a Principal Security Researcher with BlackBerry. He has presented at conferences including Usenix Enigma, ACM CCS, Usenix HotSec, and IEEE S&P. He co-chaired ACM SPSM in 2015 and is on the program committee for Usenix WOOT and ACM SPSM in 2016. He is currently... Read More →


Friday August 26, 2016 15:45 - 16:30
Harbour C

Attendees (10)