Name: Integrity Protection and Access Control - Who Do You Trust? - Glenn Wurster, BlackBerry
Start: 2016-08-26T15:45:00-0400
End: 2016-08-26T16:30:00-0400

Don’t miss the Linux Security Summit, be sure to register now!

Back To Schedule

Integrity Protection and Access Control - Who Do You Trust? - Glenn Wurster, BlackBerry

Without file-system and boot integrity for all storage, on-line access control against a physical attacker is a masquerade. Using an off-line attack, an attacker can change the permissions, contents, and even the SELinux label of a file not integrity protected. What does SELinux do if it can't trust its labels? One solution is to encrypt all file-systems using hardware backed keys. In this talk I will start by talking about a LSM created for the BlackBerry Priv that ties running with elevated privileges (including SEAndroid domains) to integrity protection. The approach is designed to limit the risk of a system service executing a binary on the user data partition with elevated privileges. After talking about the specific LSM developed, I will expand the focus to the general intersection between integrity protection and access control.

Speakers

Glenn Wurster

Principal Security Researcher, BlackBerry

Glenn Wurster is currently a Principal Security Researcher with BlackBerry. He has presented at conferences including Usenix Enigma, ACM CCS, Usenix HotSec, and IEEE S&P. He co-chaired ACM SPSM in 2015 and is on the program committee for Usenix WOOT and ACM SPSM in 2016. He is currently... Read More →

Friday August 26, 2016 15:45 - 16:30 EDT
Harbour C

Conference Session, Intermediate

Linux Security Summit

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Glenn Wurster

Attendees (9)