August 27 - 28 - Vancouver, BC, Canada
Click for Information & Registration
Advanced [clear filter]
Monday, August 27

8:35am PDT

Security in Zephyr and Fuchsia - Stephen Smalley & James Carter, National Security Agency
Zephyr and Fuchsia are two emerging open source operating systems with very different architectures and approaches to security compared to each other and to Linux. Zephyr is a real-time operating system (RTOS) targeting Internet of Things (IoT) devices that are too resource-constrained to run Linux. Fuchsia is a capability-based microkernel operating system targeting more capable devices and computers. In this talk, we present the architecture and security mechanisms of these two operating systems, discuss ongoing work by ourselves and others to further advance their security, and compare their security features to those of Linux and Linux-based systems such as Android.


James Carter

Researcher, NSA
James Carter is a computer security researcher in the Information Assurance Research group of the National Security Agency (NSA). He presently is working to improve Security-Enhanced Linux (SELinux) policy development through tools and policy language improvements and serves as one... Read More →

Stephen Smalley

Computer Systems Researcher, National Security Agency
Stephen Smalley is a computer systems researcher in the Laboratory for Advanced Cybersecurity Research organization of the National Security Agency. He presently leads the NSA's Security Enhancements (SE) for the Internet of Things (IoT) project, which is investigating and advancing... Read More →

Monday August 27, 2018 8:35am - 9:15am PDT
Room 301

9:15am PDT

Making C Less Dangerous - Kees Cook, Google
With the kernel written in C, it comes with some worrisome baggage, "undefined" behaviors, and other weaknesses that lead to security flaws and vulnerable infrastructure. Some of these weaknesses related to the design of chipsets and how close C is to machine code, but others are less specific.

This presentation will explore the areas where the kernel is changing the C standard, defining undefined behaviors, or otherwise reorganizing things to make C itself less of a hazard.

Specifically this will cover removing (and enforcing the lack of) Variable Length Arrays in kernel code, forcing all stack variables to be initialized with a GCC plugin, performing implicit bounds checking with overloaded builtins, handling arithmetic overflows safely, and protecting forward (call) and reverse (return) indirect function calls with CFI under Clang.

avatar for Kees Cook

Kees Cook

Kernel Security Software Engineer, Google
Kees Cook has been working with Free Software since 1994, has been a Debian Developer since 2007, and has been a member of the Linux Kernel Technical Advisory Board since 2019. He is currently employed as a Linux kernel security engineer by Google, focusing on upstream kernel security... Read More →

Monday August 27, 2018 9:15am - 9:55am PDT
Room 301

10:45am PDT

fs-verity: Native File-based Authenticity - Michael Halcrow & Eric Biggers, Google
The Android platform uses dm-verity to protect its system image, but there are critical components in that image that require incremental updates. Michael Halcrow and Eric Biggers introduce fs-verity as a mechanism for file systems to validate the authenticity of individual files. They furthermore propose fs-verity as a capability that can integrate with the Integrity Measurement Architecture (IMA) to efficiently validate only the parts of a file that are accessed. They will also discuss potential applications of file-based authenticity in validating container image content.


Eric Biggers

Software Engineer, Google
avatar for Michael Halcrow

Michael Halcrow

Software Engineer, Google
Michael Halcrow is a software engineer at Google in Seattle. He was the original author of both eCryptfs and native file-based encryption in the upstream Linux kernel. He has previously spoken at the Ottawa Linux Symposium and at several Linux Security Summits.

Monday August 27, 2018 10:45am - 11:25am PDT
Room 301

2:10pm PDT

Linux Audit: Moving Beyond Kernel Namespaces to Audit Container IDs - Richard Guy Briggs, Red Hat
Audit will need to run in containers, possibly for distributions, but more likely for docker micro-services to meet new certification requirements. Since the kernel has no concept of containers,
identifying the container involved in audit messages will equip tracking tools to follow process events in containers.

Namespaces were the primary focus of my container audit presentation two years ago in Toronto. Feedback and further work made it clear that no one namespace or subset could be depended on to be part of a container, so another approach was needed to track container activity.

Several design proposals and several patchsets have been posted aimed at providing a method of tracking container activity by audit. Allowing multiple audit daemons, each with its own rule space and queue along with a system-wide audit message routing configuration is the current plan.

avatar for Richard Guy Briggs

Richard Guy Briggs

Senior Software Engineer, Red Hat
Richard was an early adopter of Linux, having used it since 1992. He was also a founding board member of Ottawa Canada Linux Users Group and a speaker at the inaugural Ottawa Linux Symposium. Richard has written UNIX and Linux device drivers for telecom, video and network applications... Read More →

Monday August 27, 2018 2:10pm - 2:50pm PDT
Room 301
Tuesday, August 28

2:30pm PDT

Security Module Stacks that Don't Fall Over - Casey Schaufler, Intel
Security module stacking will provide a new level of flexibility in configuring system security. But there's a real risk that combining security models will result in a system that may be secure, but isn't useful. This may also be true when the same security module is used with multiple policy definitions. Casey Schaufler, the module stacking developer, will discuss the pitfalls of security module stacking and how they can be avoided. He will be talking about the configuration of existing modules and where they have known conflicts. There will also be discussion about how new modules should use the infrastructure in a way that reduces the potential for conflicts. A special emphasis will be placed on networking, where dragons of various colors lurk behind every acronym.

avatar for Casey Schaufler

Casey Schaufler

Engineer, Intel
Casey Schaufler worked on Unix kernels in the 1970s-90s. He has implemented access control lists, mandatory access control, extended filesystem attributes, X11 access controls, network protocols and audit systems. His involvement in Linux began with the Linux Security Module work... Read More →

Tuesday August 28, 2018 2:30pm - 3:10pm PDT
Room 301

4:00pm PDT

A Canonical Event Log Structure for IMA - David Safford & Monty Wiseman, GE
IMA (Integrity Measurement Architecture) provides Linux systems with attestation of runtime components. This presentation will review work in progress to convey attestation information to a verifier in the form of a Canonical Event Log structure. This format will provide cryptographic algorithm agility and sequence numbers. Sequence numbering will enable Event Log list truncation and de-duplication which will optimize storage and transmission. This will allow IMA to bound the size of its internal data structures, including the measurement list and the hash table. This new format will support existing IMA templates while enabling extensible features such as attestation of file metadata. It will also support existing firmware Event Log such as those from UEFI systems. This presentation will demonstrate the current prototype, and discuss integration with an open source verifier.

avatar for David Safford

David Safford

Senior Principal Engineer, GE
David Safford is a Senior Principal Engineer at GE's Global Research Center, where he leads research on industrial control system security, across power generation, power distribution, aviation, and health care devices. His current focus is in delivering hardware rooted measurement... Read More →
avatar for Monty Wiseman

Monty Wiseman

Principal Engineer, GE Research
Monty Wiseman's professional focus is in Platform Identity and Integrity. During the last 18+ years Monty was a leading contributor to various TCG specifications for platform key management, hardware and software identity. Monty is currently a Principle Engineer at General Electric... Read More →

Tuesday August 28, 2018 4:00pm - 4:40pm PDT
Room 301
Filter sessions
Apply filters to sessions.