-
Welcome
-
Subscribe to
Proposals
Security track
A few of us remember not needing to lock the door as kids, as well as the anonymous/guest logins on the ARPANET and early Internet. Needless to say, those days are gone forever. Security is now critically important, even for the most obscure computer systems.
The Linux Plumbers Conference is fortunate to have James Morris and Paul Moore as runners for the Security microconference. James and Paul are quite prominent in the Linux security community, James in his role as Linux kernel security subsystem maintainer, and Paul in a number of roles, including leader of the NetLabel network-security subsystem. The Security microconference is a double-length microconference this year, as is fitting given the importance of security in today’s world of spammers, botnet controllers, and many other black-hat threats. In the interest of brevity, only four of the seven selections are highlighted below, but please rest assured that the remainder are every bit as interesting and important.
The first two topics recognize the importance of usability, something that has all too often been neglected in the security field. After all, even the best security mechanisms are of no use if users prefer to disable them. To demonstrate how much progress SELinux has made in recent years, Caleb Case will be showing a demo of SELinux on Ubuntu while Dan Walsh showcases a bit of SELinux in Fedora that anyone can use, namely application sandboxes. These demos are important steps towards the goal of effective security measures designed for the typical Linux user. We hope that numerous Linux users will attend these demos so as to promote a vigorous and illuminating discussion.
The next topic takes a look at the Simplified Mandatory Access Control Kernel (Smack) through the eyes of it’s author, Casey Schaufler. Casey presents a case study in Smack configuration by showing how Smack can be used to provide additional security for a well-known commercial database server. This should help both developers and users understand how to apply these new advanced security mechanisms to their own systems and applications, and will hopefully also start a productive collaboration between developers at all levels of the FOSS stack.
The fourth and final topic, at least for the moment, is the Linux Kernel Crypto API, presented by Herbert Xu. Given that Moore’s Law is still providing transistors, but is no longer increasing clock frequencies, we can expect more hardware offload engines, including hardware encryption. The Linux Kernel Crypto API is critically important for timely support of such hardware. In addition, Herbert will describe user-space APIs and how this API might be generalized beyond cryptographic algorithms. Given the need to change cryptographic algorithms as they weaken, either due to newly discovered attacks or due to the inexorable increase in available computing power, we can expect the Linux Kernel Crypto API to have a key role to play in the security arena — and to require continued refinement as security requirements change over time.
Proposals for this track
* A New SELinux Policy Infrastructure
This talk will discuss the requirements and design of a new SELinux policy infrastructure. It is hoped that this talk will lead to the SELinux community validation of the requirements, acceptance of the new architecture, and a plan to replace the old infrastructure.
|
Security | 06/15/2009 |
James Carter | ||
* Introducing the SELinux Sandbox
We have introduced the concept of the general purpose sandbox using SELinux.
|
Security | 06/02/2009 |
Daniel Walsh | ||
* Linux Kernel Crypto API
The Linux kernel Crypto API has come a long way since it was first added as a part of the IPsec stack.
|
Security | 06/17/2009 |
Herbert Xu | ||
* Making SELinux Easier to Use
SELinux is often disabled immediately or at the first sign of trouble. How can we make SELinux something users actually want to leave on?
|
Security | 06/12/2009 |
Bryan Jacobson | ||
* SELinux policy within package managers, why policy is special
SELinux policy is currently installed from a single or multiple package(s) as an application which breaks the linkage between policy and the software they are constraining. We will talk about a way to treat policy specially without adding downfalls such as a large increase in packages.
|
Security | 06/15/2009 |
Joshua Brindle | ||
* Smack and the Application Ecosystem
Our sample application is a commercial database server. It provides database services over the network using TCP connections. The security goal we're using Smack to address is the isolation of the database files from the users on the server.
We'll cover two different ways to provide access to the database, allowing either remote or local users access to the services of the database while protecting the database itself.
|
Security | 06/06/2009 |
Casey Schaufler | ||
* Software Security Testing
The objective of this talk is to define common guidelines for security testing on Linux, sharing our concern about software security and the importance of software security testing as part of the development process.
|
Security | 05/05/2009 |
Ramon de Carvalho Valle | ||
* Status of SELinux in Ubuntu
A talk and demo on the current status of SELinux integration in Ubuntu.
|
Security | 06/19/2009 |
Caleb Case | ||
* Using IMA for Integrity Measurement and Attestation
Linux 2.6.30 includes the Integrity Measurement Architecture (IMA) system, which measures (hashes) files before they are accessed, and which can use a TPM for hardware signed attestation for centralized management of client integrity.
|
Security | 06/10/2009 |
David Safford | ||
* XACE Demonstration and Discussion
XACE can be used to make a nifty secure desktop on Xorg. But is XACE relevant with graphics interfaces moving into the kernel?
|
Security | 06/22/2009 |
Eamon Walsh |