Here’s a summary of the 2016 Linux Security Summit, which was held last month in Toronto.
Presentation slides are available at http://events.linuxfoundation.org/events/archive/2016/linux-security-summit/program/slides.
This year, videos were made of the sessions, and they may be viewed at https://www.linux.com/news/linux-security-summit-videos — many thanks to Intel for sponsoring the recordings!
LWN has published some excellent coverage:
- Inside the mind of a Coccinelle programmer (Julia Lawall keynote)
- State of the Kernel Self Protection Project (Kees Cook)
- Toward measured boot out of the box (Matthew Garrett)
- Filesystem images and unprivileged containers (james Bottomley)
- On the way to safe containers (Stéphane Graber and Tycho Andersen)
- Minijail (Jorge Lucangeli Obes)
- AMD memory encryption technologies (David Kaplan)
- Audit, namespaces, and containers (Richard Guy Briggs)
This is a pretty good representation of the main themes which emerged in the conference: container security, kernel self-protection, and integrity / secure boot.
Many of the core or low level security technologies (such as access control, integrity measurement, crypto, and key management) are now fairly mature. There’s more focus now on how to integrate these components into higher-level systems and architectures.
One talk I found particularly interesting was Design and Implementation of a Security Architecture for Critical Infrastructure Industrial Control Systems in the Era of Nation State Cyber Warfare. (The title, it turns out, was a hack to bypass limited space for the abstract in the cfp system). David Safford presented an architecture being developed by GE to protect a significant portion of the world’s electrical grid from attack. This is being done with Linux, and is a great example of how the kernel’s security mechanisms are being utilized for such purposes. See the slides or the video. David outlined gaps in the kernel in relation to their requirements, and a TPM BoF was held later in the day to work on these. The BoF was reportedly very successful, as several key developers in the area of TPM and Integrity were present.
— LinuxSecuritySummit (@LinuxSecSummit) August 25, 2016
Attendance at LSS was the highest yet with well over a hundred security developers, researchers and end users.
Special thanks to all of the LF folk who manage the logistics for the event. There’s no way we could stage something on this scale without their help.
Stay tuned for the announcement of next year’s event!