I’ve had a talk accepted at the upcoming Kernel Conference Australia (KCA), which will be held in Brisbane in July.
The agenda has just been published, and it certainly looks to be an interesting few days, with a keynote from Jeff Bonwick and Bill Moore, as well as talks by Sherry Moore, Henning Brauer, and Stewart Smith.
I’ll be giving an overview of the security features of the Linux kernel, which have evolved somewhat over the years, without much in the way of documentation. KCA requires a paper (or slides with speaker notes), so I hope to be able to use this opportunity to document the current state of Linux kernel security.
Here’s an excerpt from the abstract I submitted:
The Linux kernel has been extended significantly beyond the traditional Unix security model, incorporating new access control models, cryptographic protection, network packet filtering, credentials management, integrity measurement, privileges (“capabilities”) and memory protection.
The diversity and flexibility of these security components has allowed Linux to meet a very wide range of user security requirements, from the simplest embedded devices through to general user desktops, networked servers, scientific research facilities, financial trading systems, and classified military and government systems.
This talk will provide a technical overview of the main security features of the Linux kernel. We’ll discuss how these features have been developed and made available as standard components of general purpose Linux distributions (often enabled by default), aiming for the broadest possible adoption and benefit to users.
We’ll also look at current developments, such as the effort to add MAC security labeling support to NFSv4, utilizing new hardware security features, and security interoperability with other operating systems.
I’ll also be participating in a security discussion panel.
And suffering the harsh Brisbane winter.