Linux Security Summit: Full Schedule

Julia Lawall is a Senior Research Scientist at Inria. Her research is at the intersection of programming languages and operating systems. She develops the tool Coccinelle and has over 2000 patches in the Linux kernel based on this work. She is also active in the Outreachy internship... Read More →

Thursday August 25, 2016 09:05 - 09:55
Harbour C

Keynote

09:55

Break

Thursday August 25, 2016 09:55 - 10:00
Harbour C

Break

10:00

The State of Kernel Self Protection Project - Kees Cook, Google

Last year the Kernel Self-Protection Project was kicked off to address gaps in Linux's defensive technologies. With Linux reaching into every corner of modern life, it becomes an ever-increasing target for attackers and much more needs to be done to harden the kernel so it can project itself. A quick overview will be shown of what we're trying to protect Linux against, as well as the state of the art in available technologies. Also presented will be a summary of the last year's participation by many people over a wide range of technologies, with a review of KSPP project attempts, accomplishments, active efforts, and an examination of future projects and goals.

Speakers

Kees Cook

Security Engineer, Google

Kees Cook has been working with Free Software since 1994, and has been a Debian Developer since 2007. He is currently employed as a Linux kernel security engineer by Google, working on Android and and Chrome OS. From 2006 through 2011 he worked for Canonical as the Ubuntu Security... Read More →

KernelSelfProtectionProject 2016 pdf

Thursday August 25, 2016 10:00 - 10:45
Harbour C

Conference Session, Intermediate

10:45

Towards Measured Boot Out of the Box - Matthew Garrett, CoreOS

The technology to support measured boot has existed for over a decade, but no mainstream Linux distribution provides it out of the box. Now that we know people are attacking not only the boot chain but the system firmware itself, that's not good enough.

This presentation will cover the reasons for lack of adoption, why we need to do better and what needs to be done to achieve that. It'll also discuss how traditional models of measurement are suboptimal, how we can provide fine-grained measurement in reproducible ways and demonstrate some fun things that we can do with TPMs to improve general quality of life. It'll also describe some additional work distributions can do to make it easier for users to deploy trusted boot in their environments.

Speakers

Matthew Garrett

Staff Security Developer, Google

Matthew Garrett is a security developer at Google, working on infrastructural security for Linux desktop and mobile platforms.

Thursday August 25, 2016 10:45 - 11:30
Harbour C

Conference Session, Intermediate

11:30

AM Break

Thursday August 25, 2016 11:30 - 11:45
TBA

Break

11:45

Current State of Kernel Audit and Linux Namespaces, Looking Ahead to Containers - Richard Guy Briggs, Red Hat

Namespaces have been around since the mount namespace was introduced over a decade ago and audit was introduced a couple of years later.

Since then, audit's relationship with namespaces has evolved to restrict everything to PID and user initial namespaces for reporting integrity reasons, but then start to loosen things up again, first listening in all network namespaces, then permitting user audit message writes from any PID namespace.

Looking forward, audit will need to run in containers, possibly for distributions, but more likely for docker micro-services to meet new certification requirements. Anchoring the audit daemon in the user namespace with its own rulespace and queue looks to make the most sense. Since the kernel has no concept of containers, identifying namespaces in audit messages will equip tracking tools to follow process events in containers.

Speakers

Richard Guy Briggs

Senior Software Engineer, Red Hat

Richard was an early adopter of Linux, having used it since 1992. He was also a founding board member of Ottawa Canada Linux Users Group and a speaker at the inaugural Ottawa Linux Symposium. Richard has written UNIX and Linux device drivers for telecom, video and network applications... Read More →

Thursday August 25, 2016 11:45 - 12:30
Harbour C

Conference Session, Advanced

12:30

Lunch (Attendees on Own)

Thursday August 25, 2016 12:30 - 14:00
TBA

Break

14:00

AMD x86 Memory Encryption Technologies - David Kaplan, AMD

This presentation will introduce the audience to two new x86 security technologies developed by AMD which utilize new memory encryption hardware to provide new security enhancements. The first feature, Secure Memory Encryption (SME), is designed to protect systems from physical access attacks by encrypting some or all system memory. The second feature, Secure Encrypted Virtualization (SEV) enables the ability to run encrypted virtual machines isolated from the hypervisor. This presentation will include a technical overview of these features, including ISA changes, security benefits, the key management framework, and Linux enablement.

Speakers

David Kaplan

Security Architect, AMD

David is a Fellow at AMD who focuses on developing new security technologies across the AMD product line as part of the Security Architecture Research and Development center. He is the lead architect for the AMD memory encryption features and has worked on both CPU and SOC level security... Read More →

Thursday August 25, 2016 14:00 - 14:45
Harbour C

Conference Session, Intermediate

14:45

Securing Filesystem Images for Unprivileged Containers - James Bottomley, IBM

User Namespaces are an essential tool of container security because they allow apparently privileged (root) execution within a container, while the executing entity is really unprivileged as the host (linux kernel) sees it. Unfortunately, the current cost of using user namespaces is that filesystem writes have to be at the identity seen by the kernel (the unprivileged uid/gid) rather than by the identity the container thinks it has. This is all fine and dandy until we want to share images and archives (even simple tar archives) amongst containers. Having the filesystem identity be the same as the container identity is essential for this sharing and is currently broken. There are at least three mechanisms currently proposed for fixing this: shiftfs (by the author), userns portable roots and filesystem mappings. We'll discuss the pros and cons of each of these approaches.

Speakers

James Bottomley

Distinguished Engineer, IBM

James Bottomley is a Distinguished Engineer at IBM Research where he works on Cloud and Container technology. He is also Linux Kernel maintainer of the SCSI subsystem. He has been a Director on the Board | of the Linux Foundation and Chair of its Technical Advisory Board. He went... Read More →

Thursday August 25, 2016 14:45 - 15:30
Harbour C

Conference Session, Intermediate

15:30

PM Break

Thursday August 25, 2016 15:30 - 15:45
TBA

Break

15:45

Minijail: Running Untrusted Programs Safely - Jorge Lucangeli Obes, Google

The Linux kernel provides several sandboxing, containment and privilege-dropping features. Many of these features provide the same functionality, while others compose nicely to create de-privileged running environments for executing untrusted code.

In this talk we’ll describe Minijail, a sandboxing and containment tool initially developed for Chrome OS and now used across Google, including client platforms (like Android) and server environments (like Chrome’s fuzzing infrastructure ClusterFuzz). Minijail is also used outside of Google to create sandboxed environments in coding competitions, build farms and everything in between.

Finally, we’ll describe how Minijail is used in Chrome OS to implement a containerized version of Android that allows Chrome OS devices to run Android applications natively.

Speakers

Jorge Lucangeli Obes

Software Engineer, Google Inc.

Jorge is the platform security lead for Brillo, Google's Android-based operating system for Internet-connected devices. Before working on Brillo and Android, Jorge worked on Chrome OS security. He has presented on Chrome OS security at Ekoparty, IATP Secure By Default (organized by... Read More →

Thursday August 25, 2016 15:45 - 16:30
Harbour C

Conference Session, Intermediate

16:30

On the Way to Safe Containers - Stephane Graber, Canonical

LXC and now LXD are both container managers with a focus on providing a VM-like, system container experience to their users. Our users therefore expect to be able to do the same things they would in a VM and to have an environment that's by and large as safe as a VM.

Our containers security story is mostly based on the user namespace, on top of which we layer apparmor, seccomp, capabilities, filesystem quotas, qdisc limits and cgroups restrictions. The result is a container which cannot accidentally harm the host, is root safe and if properly configured, cannot trivially DoS the host.

This talk will cover all of the above technologies and how they're used to provide our containers, what their limitations are, how the system can still be abused and some of the proposed fixes for those limitations.

Speakers

Stéphane Graber

Software Engineer, Canonical Ltd.

Stéphane Graber works as the technical lead for LXD at Canonical Ltd. He is the upstream project leader for LXC and LXD and a frequent speaker and track leader at the various containers and other Linux related events.Stéphane is also a long time contributor to the Ubuntu Linuxdistribution... Read More →

Thursday August 25, 2016 16:30 - 17:15
Harbour C

Conference Session, Advanced

08:00

Registration & Breakfast

Friday August 26, 2016 08:00 - 09:00
Harbour Ballroom Foyer

Break

09:00

Smack in 2016 - Casey Schaufler, The Smack Project

Smack in 2016 - The annual Smack update. An overview of the changes to Smack in the past year.

Speakers

Casey Schaufler

Engineer, Intel

Casey Schaufler worked on Unix kernels in the 1970s-90s. He has implemented access control lists, mandatory access control, extended filesystem attributes, X11 access controls, network protocols and more audit systems than is really healthy. His involvement in Linux began with the... Read More →

Friday August 26, 2016 09:00 - 09:20
Harbour C

Subsystem Update, Any

09:20

Integrity - Mimi Zohar

Speakers

Mimi Zohar

Mrs., IBM

Mimi Zohar is a researcher at the IBM T.J. Research Center. Her current interests are in the areas of system security and integrity She is the linux-integrity subsystem maintainer.

LSS2016 LinuxIntegritySubsystemStatus pdf

Friday August 26, 2016 09:20 - 09:40
Harbour C

Subsystem Update

09:40

TPM - Jarkko Sakkinen, Intel

Speakers

Jarkko Sakkinen

Software Engineer, Intel Corp.

TPM, SGX, hardware security

Friday August 26, 2016 09:40 - 10:00
Harbour C

Subsystem Update

10:00

SELinux - Paul Moore, Red Hat

Speakers

Paul Moore

Software Engineer, Cisco

Paul Moore has been involved in various Linux security efforts since 2004, at Hewlett-Packard, Red Hat, and Cisco. He currently maintains the SELinux, audit, and labeled networking subsystems in the Linux Kernel as well as the libseccomp userspace library.

lss state of selinux pmoore 20160823 r3 pdf

Friday August 26, 2016 10:00 - 10:20
Harbour C

Subsystem Update

10:20

AppArmor - John Johansen

Speakers

John Johansen

Security Engineer, Canonical

John Johansen works for Canonical doing kernel related work for the Ubuntu security team. | | John Johansen began working with open source software in the late 80s and began playing with Linux in 93. He completed a masters in mathematics at the University of Waterloo and the began... Read More →

Friday August 26, 2016 10:20 - 10:40
Harbour C

Subsystem Update

10:40

Seecomp - Kees Cook, Google

Speakers

Kees Cook

Security Engineer, Google

seccomp 2016 pdf

Friday August 26, 2016 10:40 - 11:00
Harbour C

Subsystem Update

11:00

AM Break

Friday August 26, 2016 11:00 - 11:15
Harbour C

Break

11:15

Design and Implementation of a Security Architecture for Critical Infrastructure Industrial Control Systems in the Era of Nation State Cyber Warfare - David Safford, GE

GE electrical generation and distribution systems provide over 50% of all electrical power used in the world. GE is also a major supplier of critical components in aviation, transportation, and medical systems. Unfortunately, we are now in the era of nation-state cyber warfare. The Stuxnet and Ukraine incidents demonstrated attacks on industrial control systems that breached air gaps, and permanently bricked components.

At GE Research, we are prototyping a new security architecture across our x86, PPC, and ARM based industrial control systems. It includes hardware roots of trust for secure and trusted boot, along with firmware, hypervisors, operating systems, applications, and network and cloud services with integrity measurement, appraisal, and attestation. We will give an overview of the architecture, status of the reference implementations and products, and remaining gaps.

Speakers

David Safford

Senior Principal Engineer, GE

David Safford is a Senior Principal Engineer at General Electric's Global Research Center (GRC), where he works on solutions for control system security for all business units. His primary area of research is in hardware root's of trust for security in a Linux environment. He formerly... Read More →

Friday August 26, 2016 11:15 - 12:00
Harbour C

Conference Session, Advanced

12:00

Android: Protecting the Kernel - Jeffrey Vander Stoep, Google

Root isn’t what it used to be. SELinux and DAC capabilities have disarmed the typical root process on Android. This has forced rooting exploits to target the source of sandbox enforcement - the Linux kernel. The goal is simple, disable SELinux and restore root to its former glory!

This talk will describe where and how the kernel is being attacked, kernel protections added to AOSP/Android-N, and ideas and prototypes for new protections.

Speakers

Jeffrey Vander Stoep

Jeff Vander Stoep is a software engineer on the Android security team at Google where he is working on improving the security of the Android platform.

Friday August 26, 2016 12:00 - 12:45
Harbour C

Conference Session, Any

12:45

Lunch (Attendees on Own)

Friday August 26, 2016 12:45 - 14:00
TBA

Break

14:00

Opportunistic Encryption Using IPsec - Paul Wouters, Libreswan IPsec VPN Project

Opportunistic IPsec (Paul Wouters, Red Hat) - Leveraging the XFRM code inside the kernel, the libreswan IKE daemon can create XFRM kernel so it will be notified of each new netflow. It uses this information to encrypt as much of the host's traffic as possible towards other hosts with the same IPsec capability. In addition to packet-triggered events, it can also hook itself into the system via DNS calls, attempting to setup IPsec encryption before the application has even been given the IP address to contact.

By supporting different authentication mechanisms, such as X.509 certificates, GSSAPI, or DNSSEC secured IPSECKEY records, this method can be deployed on any enterprise or cloud platform or even for internet hosts at large.

Wouters will show how to configure Opportunistic IPsec for an X.509 based cloud deployment and for internet-wide deployment using LetsEncrypt.

Speakers

Paul Wouters

Security, IPsec, DNSSEC, Red Hat

Paul Wouters is one of the core developers for the Libreswan IPsec VPN project. He is an active IETF member in security and DNS related working groups and author of several RFC's related to IPsec and DNS. He is one of the IETF liaisons for ICANN's Technical Experts Group and a member... Read More →

Friday August 26, 2016 14:00 - 14:45
Harbour C

Conference Session, Beginner

14:45

(Ab)using Linux as a Trusted Bootloader - Eric Richter, IBM

Petitboot is a kexec-based bootloader that (ab)uses Linux to boot Linux, and is used as part of OpenPOWER firmware. By leveraging the linux-integrity subsystem, minimal kernel modifications are needed to transform Petitboot into a trusted boot loader. This talk will provide an overview of Petitboot, describe trusted boot on OpenPOWER and the changes to the kernel required to make it a trusted bootloader. This work also lays a foundation for using Petitboot as a secure bootloader.

Speakers

Eric Richter

Eric Richter is a software developer for the Linux Technology Center in IBM. He obtained | his Bachelor of Science degree in Computer Science and Mathematics at Clarkson University. At | Clarkson, he participated as a member and director of the Clarkson Open Source Institute: a... Read More →

Friday August 26, 2016 14:45 - 15:30
Harbour C

Conference Session, Intermediate

15:30

PM Break

Friday August 26, 2016 15:30 - 15:45
TBA

Break

15:45

Integrity Protection and Access Control - Who Do You Trust? - Glenn Wurster, BlackBerry

Without file-system and boot integrity for all storage, on-line access control against a physical attacker is a masquerade. Using an off-line attack, an attacker can change the permissions, contents, and even the SELinux label of a file not integrity protected. What does SELinux do if it can't trust its labels? One solution is to encrypt all file-systems using hardware backed keys. In this talk I will start by talking about a LSM created for the BlackBerry Priv that ties running with elevated privileges (including SEAndroid domains) to integrity protection. The approach is designed to limit the risk of a system service executing a binary on the user data partition with elevated privileges. After talking about the specific LSM developed, I will expand the focus to the general intersection between integrity protection and access control.

Speakers

Glenn Wurster

Principal Security Researcher, BlackBerry

Glenn Wurster is currently a Principal Security Researcher with BlackBerry. He has presented at conferences including Usenix Enigma, ACM CCS, Usenix HotSec, and IEEE S&P. He co-chaired ACM SPSM in 2015 and is on the program committee for Usenix WOOT and ACM SPSM in 2016. He is currently... Read More →

Friday August 26, 2016 15:45 - 16:30
Harbour C

Conference Session, Intermediate

16:30

Birds of a Feather Session

Friday August 26, 2016 16:30 - 17:30
Harbour C

Conference Session