Several folks noticed that all of the known LSM mailing list archives stopped archiving earlier this year. We don’t know why and generally have not had any luck contacting the owners of several archives, including marc and gmane. This is a concern, because the list is generally where Linux kernel security takes place and it’s important to have a public record of it.
The good news is that Paul Moore was finally able to re-register the list with mail-archive.com, and there is once again an active archive here: http://email@example.com/
Please update any links you may have!
Thanks to all of those who participated, and to all the events folk at Linux Foundation, who handle the logistics for us each year, so we can focus on the event itself.
As with the previous year, we followed a two-day format, with most of the refereed presentations on the first day, with more of a developer focus on the second day. We had good attendance, and also this year had participants from a wider field than the more typical kernel security developer group. We hope to continue expanding the scope of participation next year, as it’s a good opportunity for people from different areas of security, and FOSS, to get together and learn from each other. This was the first year, for example, that we had a presentation on Incident Response, thanks to Sean Gillespie who presented on GRR, a live remote forensics tool initially developed at Google.
Overall, it seems the adoption of Linux kernel security features is increasing rapidly, especially via mobile devices and IoT, where we now have billions of Linux deployments out there, connected to everything else. It’s interesting to see SELinux increasingly play a role here, on the Android platform, in protecting user privacy, as highlighted in Jeffrey Vander Stoep’s presentation on whitelisting ioctls. Apparently, some major corporate app vendors, who were not named, have been secretly tracking users via hardware MAC addresses, obtained via ioctl.
We’re also seeing a lot of deployment activity around platform Integrity, including TPMs, secure boot and other integrity management schemes. It’s gratifying to see the work our community has been doing in the kernel security/ tree being used in so many different ways to help solve large scale security and privacy problems. Many of us have been working for 10 years or more on our various projects — it seems to take about that long for a major security feature to mature.
One area, though, that I feel we need significantly more work, is in kernel self-protection, to harden the kernel against coding flaws from being exploited. I’m hoping that we can find ways to work with the security research community on incorporating more hardening into the mainline kernel. I’ve proposed this as a topic for the upcoming Kernel Summit, as we need buy-in from core kernel developers. I hope we’ll have topics to cover on this, then, at next year’s LSS.
The committee would appreciate feedback on the event, so we can make it even better for next year. We may be contacted via email per the contact info at the bottom of the event page.
In previous years, attending the Linux Security Summit (LSS) has required full registration as a LinuxCon attendee. This year, LSS has been upgraded to a hosted event. I didn’t realize that this meant that LSS registration was available entirely standalone. To quote an email thread:
If you are only planning on attending the The Linux Security Summit, there is no need to register for LinuxCon North America. That being said you will not have access to any of the booths, keynotes, breakout sessions, or breaks that come with the LinuxCon North America registration. You will only have access to The Linux Security Summit.
Thus, if you wish to attend only LSS, then you may register for that alone, at no cost.
There may be a number of people who registered for LinuxCon but who only wanted to attend LSS. In that case, please contact the program committee at lss-pc_AT_lists.linuxfoundation.org.
Apologies for any confusion.
The refereed talks are:
- CC3: An Identity Attested Linux Security Supervisor Architecture – Greg Wettstein, IDfusion
- SELinux in Android Lollipop and Android M – Stephen Smalley, NSA
- Linux Incident Response – Mike Scutt and Tim Stiller, Rapid7
- Assembling Secure OS Images – Elena Reshetova, Intel
- Linux and Mobile Device Encryption – Paul Lawrence and Mike Halcrow, Google
- Security Framework for Constraining Application Privileges – Lukasz Wojciechowski, Samsung
- IMA/EVM: Real Applications for Embedded Networking Systems – Petko Manolov, Konsulko Group, and Mark Baushke, Juniper Networks
- Ioctl Command Whitelisting in SELinux – Jeffrey Vander Stoep, Google
- IMA/EVM on Android Device – Dmitry Kasatkin, Huawei Technologies
There will be several discussion sessions:
- Core Infrastructure Initiative – Emily Ratliff, Linux Foundation
- Linux Security Module Stacking Next Steps – Casey Schaufler, Intel
- Discussion: Rethinking Audit – Paul Moore, Red Hat
Also featured are brief updates on kernel security subsystems, including SELinux, Smack, AppArmor, Integrity, Capabilities, and Seccomp.
The keynote speaker will be Konstantin Ryabitsev, sysadmin for kernel.org. Check out his Reddit AMA!
See the schedule for full details, and any updates.
This year’s summit will take place on the 20th and 21st of August, in Seattle, USA, as a LinuxCon co-located event. As such, all Linux Security Summit attendees must be registered for LinuxCon. Attendees are welcome to attend the Weds 19th August reception. ETA: standalone LSS registration is available.
Hope to see you there!
The regular LWN kernel development stats have been posted here for version 4.1 (if you really don’t have a subscription, email me for a free link). In this, Jon Corbet notes:
over 60% of the changes going into this kernel passed through the hands of developers working for just five companies. This concentration reflects a simple fact: while many companies are willing to support developers working on specific tasks, the number of companies supporting subsystem maintainers is far smaller. Subsystem maintainership is also, increasingly, not a job for volunteer developers..
As most folks reading this would know, I lead the mainline Linux Kernel team at Oracle. We do have several people on the team who work in leadership roles in the kernel community (myself included), and what I’d like to make clear is that we are actively looking to support more such folk.
If you’re a subsystem maintainer (or acting in a comparable leadership role), please always feel free to contact me directly via email to discuss employment possibilities. You can also contact Oracle kernel folk who may be presenting or attending Linux conferences.
Proposals are due by June 5th, and accepted speaker notifications will go out by June 12th.
LSS 2015 will be held over 20-21 August, in Seattle, WA, USA.
Last year’s event went really well, and we’ll follow a similar format over two days again this year. We’re co-located again with LinuxCon, and a host of other events including Linux Plumbers, CloudOpen, KVM Forum, and ContainerCon. We’ve been upgraded to an LF managed event this year, which means we’ll get food.
All LSS attendees, including speakers, must be registered attendees of LinuxCon. The first round of early registration ends May 29th.
We’d like to cast our net as wide as possible in terms of presentations, so please share this info with anyone you know who’s been doing interesting Linux security development or implementation work recently.
This is up to T4 & M5 and also now includes legacy systems back to Ultra-SPARC I. Thanks to all who worked on getting these published.
The Linux Security Summit for 2015 will be held across 20-21 August, in Seattle, WA, USA. As with previous events, we’ll be co-located with LinuxCon.
Preliminary event details are available at the event site:
A CFP will be issued soon — stay tuned!
We had an engaging and productive two days, with strong attendance throughout. We’ll likely follow a similar format next year at LinuxCon. I hope we can continue to expand the contributor base beyond mostly kernel developers. We’re doing ok, but can certainly do better. We’ll also look at finding a sponsor for food next year.
See you next year!