Kernel Security Is Cool Again

C1 | Tue 22 Jan | 11:35 a.m.–12:20 p.m.


Presented by

  • Casey Schaufler

    Casey Schaufler has been developing operating systems since the 1970's, starting with the first commercial UNIX port to a 32 bit machine. He has worked on device drivers, filesystems, databases, tool chains and debuggers. He started working on system security in the 1980's and was the lead architect and developer for trusted systems at Silicon Graphics. In security he has implemented mandatory access controls, audit systems, access control lists, multi-level window systems and networking. He created a UNIX system with an unprivileged root user. He was heavily involved in the development of rational release process. Casey is the author and maintainer for the Smack Linux security module and is currently working to make security modules fully stackable. He is currently employed in Intel's Open Source Technology center. He lives 30 kilometers south of San Francisco and 100 meters from the Pacific ocean.

Abstract

Why is Linux kernel security getting so much attention all of a sudden, and where is it going? What is the Linux Hardening Project about? What are the Landlock, SARA and WhiteEgret security modules for? This can't be all about side channel attacks, can it? Is security a good place to contribute? Casey Schaufler, who has been working in kernels and security for a very long time, will talk about the current state of Linux kernel security development. The efforts to make the kernel less susceptible to attack will be outlined. New developments in access controls will be described. Infrastructure changes, including expanded security module stacking, will be covered. You'll hear about integrity, TPMs, trusted boot and more. The talk will wrap up with predictions and some areas that aren't getting the attention they may deserve.