August 27 - 28 - Vancouver, BC, Canada
Click for Information & Registration
Refereed Presentations [clear filter]
Monday, August 27

8:35am PDT

Security in Zephyr and Fuchsia - Stephen Smalley & James Carter, National Security Agency
Zephyr and Fuchsia are two emerging open source operating systems with very different architectures and approaches to security compared to each other and to Linux. Zephyr is a real-time operating system (RTOS) targeting Internet of Things (IoT) devices that are too resource-constrained to run Linux. Fuchsia is a capability-based microkernel operating system targeting more capable devices and computers. In this talk, we present the architecture and security mechanisms of these two operating systems, discuss ongoing work by ourselves and others to further advance their security, and compare their security features to those of Linux and Linux-based systems such as Android.


James Carter

Researcher, NSA
James Carter is a computer security researcher in the Information Assurance Research group of the National Security Agency (NSA). He presently is working to improve Security-Enhanced Linux (SELinux) policy development through tools and policy language improvements and serves as one... Read More →

Stephen Smalley

Computer Systems Researcher, National Security Agency
Stephen Smalley is a computer systems researcher in the Laboratory for Advanced Cybersecurity Research organization of the National Security Agency. He presently leads the NSA's Security Enhancements (SE) for the Internet of Things (IoT) project, which is investigating and advancing... Read More →

Monday August 27, 2018 8:35am - 9:15am PDT
Room 301

9:15am PDT

Making C Less Dangerous - Kees Cook, Google
With the kernel written in C, it comes with some worrisome baggage, "undefined" behaviors, and other weaknesses that lead to security flaws and vulnerable infrastructure. Some of these weaknesses related to the design of chipsets and how close C is to machine code, but others are less specific.

This presentation will explore the areas where the kernel is changing the C standard, defining undefined behaviors, or otherwise reorganizing things to make C itself less of a hazard.

Specifically this will cover removing (and enforcing the lack of) Variable Length Arrays in kernel code, forcing all stack variables to be initialized with a GCC plugin, performing implicit bounds checking with overloaded builtins, handling arithmetic overflows safely, and protecting forward (call) and reverse (return) indirect function calls with CFI under Clang.

avatar for Kees Cook

Kees Cook

Kernel Security Software Engineer, Google
Kees Cook has been working with Free Software since 1994, has been a Debian Developer since 2007, and has been a member of the Linux Kernel Technical Advisory Board since 2019. He is currently employed as a Linux kernel security engineer by Google, focusing on upstream kernel security... Read More →

Monday August 27, 2018 9:15am - 9:55am PDT
Room 301

9:55am PDT

Azure Sphere: Fitting Linux Security in 4 MiB of RAM - Ryan Fairfax, Microsoft
Azure Sphere is a new solution for building highly secured, connected microcontroller-powered devices. It includes a customized version of the Linux kernel and work to fit the OS within a highly constrained memory footprint. In this talk we will cover the security components of the system, including a custom Linux Security Module, modifications and extensions to existing kernel components, and user space components that form the security backbone of the OS. Along the way we’ll discuss false starts, failed attempts, and the challenges of taking modern security techniques and fitting them in resource constrained devices.

avatar for Ryan Fairfax

Ryan Fairfax

Principal Software Engineering Lead, Microsoft
Ryan leads OS development for Azure Sphere at Microsoft. Azure Sphere is a new solution for creating highly-secured, Internet-connected microcontroller devices.

Monday August 27, 2018 9:55am - 10:35am PDT
Room 301
  Refereed Presentations
  • Experience Level Any

10:45am PDT

fs-verity: Native File-based Authenticity - Michael Halcrow & Eric Biggers, Google
The Android platform uses dm-verity to protect its system image, but there are critical components in that image that require incremental updates. Michael Halcrow and Eric Biggers introduce fs-verity as a mechanism for file systems to validate the authenticity of individual files. They furthermore propose fs-verity as a capability that can integrate with the Integrity Measurement Architecture (IMA) to efficiently validate only the parts of a file that are accessed. They will also discuss potential applications of file-based authenticity in validating container image content.


Eric Biggers

Software Engineer, Google
avatar for Michael Halcrow

Michael Halcrow

Software Engineer, Google
Michael Halcrow is a software engineer at Google in Seattle. He was the original author of both eCryptfs and native file-based encryption in the upstream Linux kernel. He has previously spoken at the Ottawa Linux Symposium and at several Linux Security Summits.

Monday August 27, 2018 10:45am - 11:25am PDT
Room 301

1:30pm PDT

Year in Review: Android Kernel Security - Jeff Vander Stoep & Sami Tolvanen, Google
The Linux kernel provides Android’s trusted computing base and is the primary enforcer of Android’s security model. Increasingly, it’s also the primary target for privilege escalation attacks. Let’s dive into the details and discuss:
- Data data data! Where/how the kernel is being attacked. An analysis of the kernel security bugs reported to Google.
- Discussion on the effectiveness of recently introduced mitigations.
- New kernel mitigations introduced in the Android Open Source Project.
- Kernel security wishlist.


Jeff Vander Stoep

Software Engineer - Android Security, Google
Jeff Vander Stoep is a software engineer on the Android security team at Google where he is working on security improvements to the Android platform.

Sami Tolvanen

Software Engineer - Android Security, Google
Sami Tolvanen is a software engineer on the Android Platform Security team, currently focusing on kernel hardening.

Monday August 27, 2018 1:30pm - 2:10pm PDT
Room 301

2:10pm PDT

Linux Audit: Moving Beyond Kernel Namespaces to Audit Container IDs - Richard Guy Briggs, Red Hat
Audit will need to run in containers, possibly for distributions, but more likely for docker micro-services to meet new certification requirements. Since the kernel has no concept of containers,
identifying the container involved in audit messages will equip tracking tools to follow process events in containers.

Namespaces were the primary focus of my container audit presentation two years ago in Toronto. Feedback and further work made it clear that no one namespace or subset could be depended on to be part of a container, so another approach was needed to track container activity.

Several design proposals and several patchsets have been posted aimed at providing a method of tracking container activity by audit. Allowing multiple audit daemons, each with its own rule space and queue along with a system-wide audit message routing configuration is the current plan.

avatar for Richard Guy Briggs

Richard Guy Briggs

Senior Software Engineer, Red Hat
Richard was an early adopter of Linux, having used it since 1992. He was also a founding board member of Ottawa Canada Linux Users Group and a speaker at the inaugural Ottawa Linux Symposium. Richard has written UNIX and Linux device drivers for telecom, video and network applications... Read More →

Monday August 27, 2018 2:10pm - 2:50pm PDT
Room 301

2:50pm PDT

Syzbot and the Tale of Thousand Kernel Bugs - Dmitry Vyukov, Google
The root cause of most software exploits is bugs. Hardening, mitigations and containers are important, but they can't protect a system with thousands of bugs. In this presentation, Dmitry Vyukov will review the current [sad] situation with Linux kernel bugs and security implications based on their experience testing kernel for the past 3 years; overview a set of bug finding tools they are developing (syzbot, syzkaller, KASAN, KMSAN, KTSAN); and discuss problems and areas that require community help to improve the situation.

avatar for Dmitry Vyukov

Dmitry Vyukov

Senior Staff Bug Slaughterer, Google
Dmitry Vyukov, Google, Senior Kernel Bug SlaughtererDmitry works on dynamic testing tools at Google. His projects includea variety of bug detection tools for user-space and kernel, C/C++ andGo/Java; fuzzing tools (LibFuzzer, go-fuzz, syzkaller) and automationsystems like syzbot. Dmitry... Read More →

Monday August 27, 2018 2:50pm - 3:30pm PDT
Room 301

3:40pm PDT

STACKLEAK: A Long Way to the Linux Kernel Mainline - Alexander Popov, Positive Technologies
STACKLEAK is a Linux kernel security feature initially created by Grsecurity/PaX developers. In May of 2017 Alexander Popov took on the task of introducing STACKLEAK into the Linux kernel mainline. The way to the mainline turned out to be long and complicated.

In this talk Alexander will describe the inner workings of this security feature and why the vanilla kernel needs it. In fact, STACKLEAK mitigates several types of attacks against the Linux kernel due to:
- reducing the information that can be revealed through kernel stack leak bugs;
- blocking some uninitialized stack variable attacks;
- blocking kernel stack depth overflow caused by alloca (aka Stack Clash attack).

Alexander will also show the timeline of his work and share some lessons he learned from it.

avatar for Alexander Popov

Alexander Popov

Linux kernel developer, Positive Technologies
Alexander Popov is a security researcher at Positive Technologies where he is having a lot of fun with the Linux kernel vulnerabilities, exploitation techniques and defensive technologies. Alexander is a Linux kernel developer since 2012.

Monday August 27, 2018 3:40pm - 4:20pm PDT
Room 301
Tuesday, August 28

9:10am PDT

Using the TPM NVRAM to Protect Secure Boot Keys in POWER9 OpenPOWER Systems - Claudio Siqueira de Carvalho, IBM
In OpenPOWER systems, most firmware code used to boot the platform OS is stored in the processor flash memory (PNOR). Although PNOR is non-volatile memory, it is unprotected. In order to secure boot the platform OS, it is well known that only platform OSs signed with authorized keys should booted. However, saving the authorized keys in a secure non-volatile memory is as important as using them to verify the platform OS. In this presentation, Claudio Carvalho will show how the shielded non-volatile memory (NVRAM) of the Trusted Platform Module (TPM) has become essential in OpenPOWER systems to protect the secure boot keys stored in PNOR. This discussion includes design and implementation aspects that are both currently in progress for the OpenPOWER firmware and the Linux Kernel layers.

avatar for Claudio Siqueira de Carvalho

Claudio Siqueira de Carvalho

Secure and Trusted Boot Developer, LTC, IBM
Claudio Carvalho is a brazilian Linux enthusiastic with over 15 years of experience in the Linux field. He started his career as a package builder during his Master's degree at the University of Campinas, building packages for Linux distributions based on Arch and Debian. In 2011... Read More →

Tuesday August 28, 2018 9:10am - 9:50am PDT
Room 301
  Refereed Presentations
  • Experience Level Any

9:50am PDT

Updating Linux with TUX: Trust Update for Linux Kernel - Suhho Lee & Hyunik Kim, Dankook University
As lethal security attacks, such as Spectre and Meltdown, arise, Linux has conducted a vast number of software updates to mitigate security threats. However, less attention was given to the dynamically changing integrity of the system after updates. To maintain the trust of the platform, system updates should accompany integrity information updates as well.
We propose TUX, Trust Update for Linux kernel, to guarantee the up-to-date integrity of the pre-boot environment. TUX consolidates kernel repository into Intel's Open CIT to manage up-to-date integrity. Also, TUX deploys kernel which holds up-to-date integrity value as a signature. Finally, TUX secure bootloader mandates integrity verification at the booting using the TUX kernel, leveraging the UEFI secure boot and TPM. Thus, with TUX, Linux system can maintain trust even with the frequent updates.

avatar for Hyunik Kim

Hyunik Kim

Research Assistant, Dankook University
Hyunik Kim is an enthusiastic undergraduate student in Department of Mobile Systems Engineering, Dankook University, Korea. He is currently interested in Many-core architecture, Operating systems, and System security.
avatar for Suhho lee

Suhho lee

Research Assistant, Dankook University
Suhho Lee is a master's student in Department of Computer Science at Dankook University, Korea. His research interests include Operating systems, Computer architecture, System Security, and Human-Computer Interaction. His current focus is TUX, Trust update for Linux kernel, which... Read More →

Tuesday August 28, 2018 9:50am - 10:30am PDT
Room 301

10:40am PDT

The Future of Security is in Open Silicon - Joel Wittenauer, Rambus Security, Cryptography Research
In this talk we describe how we used an open operating system (Zephyr) to create a root of trust running on RISC-V based security CPU to secure a high-level operating system (Linux). Security features of the RISC-V processor and the assisting hardware security cores are utilized to implement three internal privilege levels within the root of trust in order to create a freely-programmable application sandbox providing services for Linux.

The talk quickly describes the way Zephyr OS is used as the base, internal architecture of the root of trust, the functionality of its three internal privilege levels and the hardware security cores, the programming interfaces and the current integration state with the Linux host. We would also like to establish a dialogue with the Linux security community in order to understand how to better serve Linux security.

avatar for Joel Wittenauer

Joel Wittenauer

Embedded Software Product Architect, Rambus Cryptography Research

Tuesday August 28, 2018 10:40am - 11:20am PDT
Room 301

11:20am PDT

Project Cerberus - Bryan Kelly, Microsoft
Project Cerberus is a hardware root of trust. The cryptographic microcontroller interposes between processors and their firmware load store to provide hardware enforced secure boot with digital signature enforcement, and measured boot.

avatar for Bryan Kelly

Bryan Kelly

Principal Firmware Engineering Manager, Microsoft
Bryan Kelly is a Principle Firmware Engineering Manager for Microsoft’s Azure Cloud Server Infrastructure team. Bryan supports Microsoft’s cloud services by designing and developing firmware that enables hardware solutions in Microsoft’s next generation cloud platforms. During... Read More →

Tuesday August 28, 2018 11:20am - 12:00pm PDT
Room 301
  Refereed Presentations
  • Experience Level Any

1:50pm PDT

Protected Execution Facility - Guerney D. H. Hunt, IBM Research
(Guerney Hunt, IBM Research): Security remains a key concern for both traditional and cloud computing workloads. One objective is keeping applications (or containers) secure in the presence of attacks or compromised components. This talk addresses these challenges on the Power Architecture by presenting the Protected Execution Facility ― an architecture modification for IBM Linux and OpenPower Linux servers ― along with the associated firmware, the Protected Execution Ultravisor which provides additional security to virtual machines ― called secure virtual machines (SVMs). Protected Execution Facility concurrently supports both normal VMs and SVMs. The protections provided to SVMs and some restrictions for SVMs are covered. The differences and similarities between vendor approaches to providing security in the presence of a potentially compromised hypervisor or OS will be reviewed.

avatar for Guerney Hunt

Guerney Hunt

Research Staff Member, IBM
Dr. Guerney D. H. Hunt has been a Research Staff Member at IBM’s T. J. Watson Research Center since 1995. He is currently working on transferring security technology into IBM products, and developing additional security technology. He participated in a team funded by the Department... Read More →

Tuesday August 28, 2018 1:50pm - 2:30pm PDT
Room 301
  Refereed Presentations
  • Experience Level Any

2:30pm PDT

Security Module Stacks that Don't Fall Over - Casey Schaufler, Intel
Security module stacking will provide a new level of flexibility in configuring system security. But there's a real risk that combining security models will result in a system that may be secure, but isn't useful. This may also be true when the same security module is used with multiple policy definitions. Casey Schaufler, the module stacking developer, will discuss the pitfalls of security module stacking and how they can be avoided. He will be talking about the configuration of existing modules and where they have known conflicts. There will also be discussion about how new modules should use the infrastructure in a way that reduces the potential for conflicts. A special emphasis will be placed on networking, where dragons of various colors lurk behind every acronym.

avatar for Casey Schaufler

Casey Schaufler

Engineer, Intel
Casey Schaufler worked on Unix kernels in the 1970s-90s. He has implemented access control lists, mandatory access control, extended filesystem attributes, X11 access controls, network protocols and audit systems. His involvement in Linux began with the Linux Security Module work... Read More →

Tuesday August 28, 2018 2:30pm - 3:10pm PDT
Room 301

3:20pm PDT

Getting Started with the TPM2 Software Stack (TSS2) - Philip Tricca, Intel
For the last ~2 years Intel and our collaborators in Trusted Computing Group (TCG) and OSS community have been working to standardize and implement APIs and infrastructure to drive interactions with TPM2 devices. This work has produced TCG standards describing the APIs, an OSS implementation of the APIs and a small community that has organized around the implementation on the web / Github at https://github.com/tpm2-software. In this talk Phil will give an overview of the project before breaking down the various components and APIs in detail. He'll discuss major accomplishments in the year since our last update at the Linux Pliumbers Conference as well as future project direction and use cases.


Philip Tricca

Software Engineer, Intel
Philip is a software engineer in Intel’s platform security division working to enable use of the Trusted Platform Module (TPM2) and a number of other security technologies. Phil has worked for the last 3 years to standardize the TCGs TPM2 software stack (TSS2), to develop an open... Read More →

Tuesday August 28, 2018 3:20pm - 4:00pm PDT
Room 301

4:00pm PDT

A Canonical Event Log Structure for IMA - David Safford & Monty Wiseman, GE
IMA (Integrity Measurement Architecture) provides Linux systems with attestation of runtime components. This presentation will review work in progress to convey attestation information to a verifier in the form of a Canonical Event Log structure. This format will provide cryptographic algorithm agility and sequence numbers. Sequence numbering will enable Event Log list truncation and de-duplication which will optimize storage and transmission. This will allow IMA to bound the size of its internal data structures, including the measurement list and the hash table. This new format will support existing IMA templates while enabling extensible features such as attestation of file metadata. It will also support existing firmware Event Log such as those from UEFI systems. This presentation will demonstrate the current prototype, and discuss integration with an open source verifier.

avatar for David Safford

David Safford

Senior Principal Engineer, GE
David Safford is a Senior Principal Engineer at GE's Global Research Center, where he leads research on industrial control system security, across power generation, power distribution, aviation, and health care devices. His current focus is in delivering hardware rooted measurement... Read More →
avatar for Monty Wiseman

Monty Wiseman

Principal Engineer, GE Research
Monty Wiseman's professional focus is in Platform Identity and Integrity. During the last 18+ years Monty was a leading contributor to various TCG specifications for platform key management, hardware and software identity. Monty is currently a Principle Engineer at General Electric... Read More →

Tuesday August 28, 2018 4:00pm - 4:40pm PDT
Room 301
Filter sessions
Apply filters to sessions.