logo

2022-09-15 ~ 2022-09-16

Presentations (with video): 14 (11)

Linux Security Summit (LSS) is a technical forum for collaboration between Linux developers, researchers, and end users with the primary aim of fostering community efforts to analyze and solve Linux security challenges. LSS is where key Linux security community members and maintainers gather to present their work and discuss research with peers, joined by those who wish to keep up with the latest in Linux security development and who would like to provide input to the development process.

Sort by:  

Authors: John Johansen, Georgia Garcia
2022-09-16

tldr - powered by Generative AI

The presentation discusses various methods for improving application confinement and security, with a focus on achieving a level of confinement similar to that of Android applications.
  • Shell type programs can be used to extract information and limit access to certain subsets of data
  • Forced launchers can be used to override kernel settings and set up custom loaders for applications
  • Code injection can be used to modify application behavior, but is not feasible for widespread use
  • Address matching and control flow integrity can be used to modify application behavior without directly modifying the code
  • The goal is to achieve tighter confinement for applications without burdening the user
  • Dynamic data can be used to tighten security measures
Authors: Elena Reshetova
2022-09-16

Tags:
Authors: Stephane Graber, Christian Brauner
2022-09-16

The user namespace has grown a lot since its introduction some 9 years ago. However, it is still very far from ubiquitous, even in the modern container space. In this talk, we'll be exploring the current state of things and delve into some of the exciting developments that have recently landed or will be landing very soon. This will cover the very exciting work done on the new VFS API and VFS idmap shifting, now making it very easy to setup containers without having to first mangle their root filesystem. More importantly, also allowing containers relying on shared filesystem layers to be easily run unprivileged. On the security front, we'll be covering the work to better mediate the use of the user namespace, allowing LSMs to decide who can or cannot create a user namespace. As well as the recent addition of IMA namespacing now makes it possible to have an entire system measured and checked, containers included. We'll wrap things up looking ahead for any other major blocker to the adoption of user namespace and the deprecation of much less safe container options.
Authors: Roman Volosatovs, Jarkko Sakkinen
2022-09-16

We go through the current state of the Intel SGX support in the Linux kernel and userland. The topics covered include the kernel interface and its features, and available confidential computing run-times supporting SGX. Since getting into the mainline kernel late 2020, the SGX software ecosystem has started to get mature enough for production, and is the only cloud-scale confidential computing technology fully in the mainline kernel so far.
Authors: Andrey Konovalov
2022-09-16

tldr - powered by Generative AI

The presentation discusses the importance of bug detectors in cybersecurity and DevOps, and how to extend existing sanitizers or build custom detectors.
  • Bug detectors are crucial in cybersecurity and DevOps
  • Existing sanitizers can be extended or custom detectors can be built
  • Inter-object overflow is a difficult problem to solve
  • Compiler instrumentation approach is a useful tool for building custom detectors
Authors: Casey Schaufler
2022-09-16

The Simplified Mandatory Access Control Kernel (Smack) Linux security module was introduced in 2008 and is currently used in millions of devices. Unlike SELinux and AppArmor, Smack has never been supported by a major Linux distribution. The greatest barriers to distribution support have been that only one "major" security module can be used at a time and that there has been no example of a Smack rule set to use as a basis for a distribution's policy. In this talk Casey Schaufler, the author of Smack, will describe a new effort to create a reference set of Smack rules and apply it to a major Linux distribution. The talk starts with a description of how Smack rules work and how they differ from SELinux and AppArmor policy. It moves on to cover the threats being addressed and how a "three domain" approach provides the required protection. How a distribution to target was chosen is revealed and what steps are taken to keep the scheme flexible enough to be useful elsewhere. The current state of the effort and the identified challenges are presented. Finally, there will be an invitation for additional participation in the project.
Authors: Jun Nakajima
2022-09-16

tldr - powered by Generative AI

The presentation discusses the inclusion of IO devices into Trusted Execution Environments (TEE) and the software changes required to support it.
  • Current IO virtualization technologies for TEEs have limitations and incur significant performance overhead
  • Direct access to hardware IO devices in VMs requires hardware support such as MMIO and DMA remapping capability
  • Devices and VMs need to be trusted for protection and isolation
  • Intel TDX architecture supports direct assignment and establishment of trust between TDI and TDS
  • Software changes are required for Intel TDX in support of TEIO
  • High-level software flows and new functionality enable Intel TDX support in TEEs
Authors: Paul Moore
2022-09-15

tldr - powered by Generative AI

The presentation discusses the importance of identifying complex code patterns and using tools like cachanel and machine learning for code analysis to prevent security issues like the IOU ring problem in the Linux kernel. The speaker also emphasizes the need for a more formal security review process in the Linux kernel development.
  • Identifying complex code patterns is crucial for preventing security issues in the Linux kernel
  • Tools like cachanel and machine learning can be used for code analysis
  • A more formal security review process should be added to the Linux kernel development
  • CVs are important for security issues but the process of getting them is difficult
  • The speaker recommends using the mailing list for kernel development communication
Authors: Jiewen Yao, Jun Nakajima
2022-09-15

tldr - powered by Generative AI

Device attestation is necessary for maintaining confidentiality of workload in a hardware-based Trusted Execution Environment (TEE) virtual machine (VM) when transferring workload to a device for acceleration.
  • Physical devices in TEE environment
  • Device attestation model
  • Verification of device identity and evidence information
  • Device initialization flow
Authors: Jeremy Powell
2022-09-15

tldr - powered by Generative AI

The presentation discusses attestation in a confidential computing environment and the threats around misconfiguring the platform and guest on its launch. It covers platform measurements, guest measurements, authenticity of attestation reports, and connecting the dots between different components.
  • Attestation is necessary to delegate security decisions to a remote relying party
  • The trusted computing base for a guest running an SP starts at the hardware root of trust
  • The TCB version is reported in the attestation report for the identity of the mutable firmware
  • Guest measurements include image, metadata, and runtime environment
  • Authenticity of attestation reports can be determined by comparing the report ID of the migration agent
  • Connecting the dots between different components involves chaining trust from a small kernel bootloader to the rest of the system