Don’t miss the Linux Security Summit, be sure to register now! 

Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

Conference Session [clear filter]
Thursday, August 25

10:00 EDT

The State of Kernel Self Protection Project - Kees Cook, Google
Last year the Kernel Self-Protection Project was kicked off to address gaps in Linux's defensive technologies. With Linux reaching into every corner of modern life, it becomes an ever-increasing target for attackers and much more needs to be done to harden the kernel so it can project itself. A quick overview will be shown of what we're trying to protect Linux against, as well as the state of the art in available technologies. Also presented will be a summary of the last year's participation by many people over a wide range of technologies, with a review of KSPP project attempts, accomplishments, active efforts, and an examination of future projects and goals.

avatar for Kees Cook

Kees Cook

Security Engineer, Google
Kees Cook has been working with Free Software since 1994, and has been a Debian Developer since 2007. He is currently employed as a Linux kernel security engineer by Google, working on Android and and Chrome OS. From 2006 through 2011 he worked for Canonical as the Ubuntu Security... Read More →

Thursday August 25, 2016 10:00 - 10:45 EDT
Harbour C

10:45 EDT

Towards Measured Boot Out of the Box - Matthew Garrett, CoreOS
The technology to support measured boot has existed for over a decade, but no mainstream Linux distribution provides it out of the box. Now that we know people are attacking not only the boot chain but the system firmware itself, that's not good enough.

This presentation will cover the reasons for lack of adoption, why we need to do better and what needs to be done to achieve that. It'll also discuss how traditional models of measurement are suboptimal, how we can provide fine-grained measurement in reproducible ways and demonstrate some fun things that we can do with TPMs to improve general quality of life. It'll also describe some additional work distributions can do to make it easier for users to deploy trusted boot in their environments.


Matthew Garrett

Staff Security Developer, Google
Matthew Garrett is a security developer at Google, working on infrastructural security for Linux desktop and mobile platforms.

Thursday August 25, 2016 10:45 - 11:30 EDT
Harbour C

11:45 EDT

Current State of Kernel Audit and Linux Namespaces, Looking Ahead to Containers - Richard Guy Briggs, Red Hat
Namespaces have been around since the mount namespace was introduced over a decade ago and audit was introduced a couple of years later.

Since then, audit's relationship with namespaces has evolved to restrict everything to PID and user initial namespaces for reporting integrity reasons, but then start to loosen things up again, first listening in all network namespaces, then permitting user audit message writes from any PID namespace.

Looking forward, audit will need to run in containers, possibly for distributions, but more likely for docker micro-services to meet new certification requirements. Anchoring the audit daemon in the user namespace with its own rulespace and queue looks to make the most sense. Since the kernel has no concept of containers, identifying namespaces in audit messages will equip tracking tools to follow process events in containers.

avatar for Richard Guy Briggs

Richard Guy Briggs

Senior Software Engineer, Red Hat
Richard was an early adopter of Linux, having used it since 1992. He was also a founding board member of Ottawa Canada Linux Users Group and a speaker at the inaugural Ottawa Linux Symposium. Richard has written UNIX and Linux device drivers for telecom, video and network applications... Read More →

Thursday August 25, 2016 11:45 - 12:30 EDT
Harbour C

14:00 EDT

AMD x86 Memory Encryption Technologies - David Kaplan, AMD
This presentation will introduce the audience to two new x86 security technologies developed by AMD which utilize new memory encryption hardware to provide new security enhancements. The first feature, Secure Memory Encryption (SME), is designed to protect systems from physical access attacks by encrypting some or all system memory. The second feature, Secure Encrypted Virtualization (SEV) enables the ability to run encrypted virtual machines isolated from the hypervisor. This presentation will include a technical overview of these features, including ISA changes, security benefits, the key management framework, and Linux enablement.

avatar for David Kaplan

David Kaplan

Security Architect, Advanced Micro Devices
David Kaplan is a Fellow at AMD who focuses on developing new security technologies across the AMD product line as part of the Product Security Organization. He is the lead architect for the AMD encrypted virtualization features and has worked on both CPU and SOC level security features... Read More →

Thursday August 25, 2016 14:00 - 14:45 EDT
Harbour C

14:45 EDT

Securing Filesystem Images for Unprivileged Containers - James Bottomley, IBM
User Namespaces are an essential tool of container security because they allow apparently privileged (root) execution within a container, while the executing entity is really unprivileged as the host (linux kernel) sees it. Unfortunately, the current cost of using user namespaces is that filesystem writes have to be at the identity seen by the kernel (the unprivileged uid/gid) rather than by the identity the container thinks it has. This is all fine and dandy until we want to share images and archives (even simple tar archives) amongst containers. Having the filesystem identity be the same as the container identity is essential for this sharing and is currently broken. There are at least three mechanisms currently proposed for fixing this: shiftfs (by the author), userns portable roots and filesystem mappings. We'll discuss the pros and cons of each of these approaches.

avatar for James Bottomley

James Bottomley

Distinguished Engineer, IBM
James Bottomley is a Distinguished Engineer at IBM Research where he works on Cloud and Container technology. He is also Linux Kernel maintainer of the SCSI subsystem. He has been a Director on the Board of the Linux Foundation and Chair of its Technical Advisory Board. He went to... Read More →

Thursday August 25, 2016 14:45 - 15:30 EDT
Harbour C

15:45 EDT

Minijail: Running Untrusted Programs Safely - Jorge Lucangeli Obes, Google
The Linux kernel provides several sandboxing, containment and privilege-dropping features. Many of these features provide the same functionality, while others compose nicely to create de-privileged running environments for executing untrusted code.

In this talk we’ll describe Minijail, a sandboxing and containment tool initially developed for Chrome OS and now used across Google, including client platforms (like Android) and server environments (like Chrome’s fuzzing infrastructure ClusterFuzz). Minijail is also used outside of Google to create sandboxed environments in coding competitions, build farms and everything in between.

Finally, we’ll describe how Minijail is used in Chrome OS to implement a containerized version of Android that allows Chrome OS devices to run Android applications natively.

avatar for Jorge Lucangeli Obes

Jorge Lucangeli Obes

Software Engineer, Google Inc.
Jorge is the platform security lead for Brillo, Google's Android-based operating system for Internet-connected devices. Before working on Brillo and Android, Jorge worked on Chrome OS security. He has presented on Chrome OS security at Ekoparty, IATP Secure By Default (organized by... Read More →

Thursday August 25, 2016 15:45 - 16:30 EDT
Harbour C

16:30 EDT

On the Way to Safe Containers - Stephane Graber, Canonical
LXC and now LXD are both container managers with a focus on providing a VM-like, system container experience to their users. Our users therefore expect to be able to do the same things they would in a VM and to have an environment that's by and large as safe as a VM.

Our containers security story is mostly based on the user namespace, on top of which we layer apparmor, seccomp, capabilities, filesystem quotas, qdisc limits and cgroups restrictions. The result is a container which cannot accidentally harm the host, is root safe and if properly configured, cannot trivially DoS the host.

This talk will cover all of the above technologies and how they're used to provide our containers, what their limitations are, how the system can still be abused and some of the proposed fixes for those limitations.

avatar for Stéphane Graber

Stéphane Graber

Software Engineer, Canonical Ltd.
Stéphane Graber works as the technical lead for LXD at Canonical Ltd. He is the upstream project leader for LXC and LXD and a frequent speaker and track leader at the various containers and other Linux related events.Stéphane is also a long time contributor to the Ubuntu Linuxdistribution... Read More →

Thursday August 25, 2016 16:30 - 17:15 EDT
Harbour C
Friday, August 26

11:15 EDT

Design and Implementation of a Security Architecture for Critical Infrastructure Industrial Control Systems in the Era of Nation State Cyber Warfare - David Safford, GE
GE electrical generation and distribution systems provide over 50% of all electrical power used in the world. GE is also a major supplier of critical components in aviation, transportation, and medical systems. Unfortunately, we are now in the era of nation-state cyber warfare. The Stuxnet and Ukraine incidents demonstrated attacks on industrial control systems that breached air gaps, and permanently bricked components.

At GE Research, we are prototyping a new security architecture across our x86, PPC, and ARM based industrial control systems. It includes hardware roots of trust for secure and trusted boot, along with firmware, hypervisors, operating systems, applications, and network and cloud services with integrity measurement, appraisal, and attestation. We will give an overview of the architecture, status of the reference implementations and products, and remaining gaps.

avatar for David Safford

David Safford

David Safford is a Senior Principal Engineer at General Electric's Global Research Center (GRC), where he works on solutions for control system security for all business units. His primary area of research is in hardware root's of trust for security in a Linux environment. He formerly... Read More →

Friday August 26, 2016 11:15 - 12:00 EDT
Harbour C

12:00 EDT

Android: Protecting the Kernel - Jeffrey Vander Stoep, Google
Root isn’t what it used to be. SELinux and DAC capabilities have disarmed the typical root process on Android. This has forced rooting exploits to target the source of sandbox enforcement - the Linux kernel. The goal is simple, disable SELinux and restore root to its former glory!

This talk will describe where and how the kernel is being attacked, kernel protections added to AOSP/Android-N, and ideas and prototypes for new protections.


Jeffrey Vander Stoep

Jeff Vander Stoep is a software engineer on the Android security team at Google where he is working on improving the security of the Android platform.

Friday August 26, 2016 12:00 - 12:45 EDT
Harbour C

14:00 EDT

Opportunistic Encryption Using IPsec - Paul Wouters, Libreswan IPsec VPN Project
Opportunistic IPsec (Paul Wouters, Red Hat) - Leveraging the XFRM code inside the kernel, the libreswan IKE daemon can create XFRM kernel so it will be notified of each new netflow. It uses this information to encrypt as much of the host's traffic as possible towards other hosts with the same IPsec capability. In addition to packet-triggered events, it can also hook itself into the system via DNS calls, attempting to setup IPsec encryption before the application has even been given the IP address to contact.

By supporting different authentication mechanisms, such as X.509 certificates, GSSAPI, or DNSSEC secured IPSECKEY records, this method can be deployed on any enterprise or cloud platform or even for internet hosts at large.

Wouters will show how to configure Opportunistic IPsec for an X.509 based cloud deployment and for internet-wide deployment using LetsEncrypt.

avatar for Paul Wouters

Paul Wouters

Project lead VPN Technologies, Red Hat
Paul Wouters is one of the core developers for the Libreswan IPsec VPN project. He is an active IETF member in security and DNS related working groups and author of several RFC's related to IPsec and DNS. He was a member of the ICANN DNSSEC Root zone Key Signing Key Design Team. He... Read More →

Friday August 26, 2016 14:00 - 14:45 EDT
Harbour C

14:45 EDT

(Ab)using Linux as a Trusted Bootloader - Eric Richter, IBM
Petitboot is a kexec-based bootloader that (ab)uses Linux to boot Linux, and is used as part of OpenPOWER firmware. By leveraging the linux-integrity subsystem, minimal kernel modifications are needed to transform Petitboot into a trusted boot loader. This talk will provide an overview of Petitboot, describe trusted boot on OpenPOWER and the changes to the kernel required to make it a trusted bootloader. This work also lays a foundation for using Petitboot as a secure bootloader.


Eric Richter

Software Engineer, IBM
Eric Richter is a software developer for the Linux Technology Center in IBM. He obtained his Bachelor of Science degree in Computer Science and Mathematics at Clarkson University. At Clarkson, he participated as a member and director of the Clarkson Open Source Institute: a student-run... Read More →

Friday August 26, 2016 14:45 - 15:30 EDT
Harbour C

15:45 EDT

Integrity Protection and Access Control - Who Do You Trust? - Glenn Wurster, BlackBerry
Without file-system and boot integrity for all storage, on-line access control against a physical attacker is a masquerade. Using an off-line attack, an attacker can change the permissions, contents, and even the SELinux label of a file not integrity protected. What does SELinux do if it can't trust its labels? One solution is to encrypt all file-systems using hardware backed keys. In this talk I will start by talking about a LSM created for the BlackBerry Priv that ties running with elevated privileges (including SEAndroid domains) to integrity protection. The approach is designed to limit the risk of a system service executing a binary on the user data partition with elevated privileges. After talking about the specific LSM developed, I will expand the focus to the general intersection between integrity protection and access control.

avatar for Glenn Wurster

Glenn Wurster

Principal Security Researcher, BlackBerry
Glenn Wurster is currently a Principal Security Researcher with BlackBerry. He has presented at conferences including Usenix Enigma, ACM CCS, Usenix HotSec, and IEEE S&P. He co-chaired ACM SPSM in 2015 and is on the program committee for Usenix WOOT and ACM SPSM in 2016. He is currently... Read More →

Friday August 26, 2016 15:45 - 16:30 EDT
Harbour C

16:30 EDT

Birds of a Feather Session
Friday August 26, 2016 16:30 - 17:30 EDT
Harbour C