Category Archives: Linux

Congratulations to Chris Mason

As many of you will know, I started a new role at Oracle earlier in the year, going to work on Chris Mason’s team. He announced this week that he’s moving onto a new position at Fusion-io. His leadership at Oracle will be missed, and I would like to congratulate him on his new role.

Also, just to head off the inevitable internet rumours, I thought I’d post here that I will be taking on many of Chris’s previous responsibilities at Oracle, including leading the mainline kernel development team. We’re actively hiring, by the way, so if you want to hack on the Linux kernel for a great company—remotely, from almost anywhere on the planet—email me :-)

Kernel Security Talk at LinuxCon Japan

Just to let folk know — I’ll be giving a talk on the state of Linux kernel security development at LinuxCon Japan in Yokohama on June 8th. From the abstract:

In this talk, we’ll examine the current state of the Linux kernel security subsystem. Starting with a brief overview of existing features, we’ll discuss recent developments, current efforts and future directions. We’ll also discuss the evolving threat landscape, and the increasing need for mobile and cloud security. This will be a high-level technical discussion aimed at IT professionals. A good general knowledge of operating system and computer security concepts will be advantageous.

I’ll also likely be in Tokyo briefly — if any kernel security development folk there want to meet up, let me know.

2012 Linux Security Summit (San Diego) – Call for Particpation

The 2012 Linux Security Summit (LSS) has been announced. The CFP is open from now until the 23rd of May.

This year, the summit will be a two-day event, co-located with LinuxCon, Linux Plumbers, and the Kernel Summit. We’re planning on holding developer break-out sessions for much of the second day, and extending the length of the main talks to the more traditional 45 minute + 15 minute break format. There will still be shorter 30 minute talks, and roundtable discussions.

Check out the programs from previous years to see what kind of proposals have been previously accepted:

Send your proposals to the program committee per the announcement.

Save the date: 2012 Linux Security Summit, 30-31 August, San Diego

This is a pre-announcement so people can start planning travel for the year.

The Linux Security Summit for 2012 will be held on the 30th and 31st of August in San Diego, CA, USA.  It will be co-located with LinuxCon North America, plumbers and the kernel summit.

More details to follow.

New GPG Key

In support of the new kernel.org security scheme, I’ve created a new 4096 bit RSA key:

pub   4096R/FA118320 2011-10-23
      Key fingerprint = 4ED7 50E6 F7F9 ACED 29DD  B750 EB75 1458 FA11 8320
uid   James Morris <jmorris@namei.org>

I’ve published the key via the MIT key server.

I’ll continue to host the security subsystem tree on selinuxproject.org until things are fully set up on kernel.org.

Linux Security Summit 2011 – Presentation Slides

Just over a week ago, the 2011 Linux Security Summit was held in Santa Rosa CA, co-located with Linux Plumbers. It ran for a day, starting with refereed presentations, and then round-table discussions.

The home page for the summit is on the kernel.org wiki, and is currently unavailable, so I’m posting links to the slides here:

* Smack is Alive and Well
Casey Schaufler, Intel

* An Overview of the Linux Integrity Subsystem: Use Cases and Demonstration
David Safford and Mimi Zohar, IBM

* Digital Signature support for IMA/EVM
Dmitry Kasatkin and Ryan Ware, Intel  (presented by Casey)

* Protecting the Filesystem Integrity of a Fedora 15 Virtual Machine from Offline Attacks using IMA/EVM
Peter Kruus, The Johns Hopkins University Applied Physics Laboratory

* Efficient, TPM-free system integrity checking with device mapper: dm-verity
Will Drewry and Mandeep Baines, Google

* The Case for SE Android
Stephen Smalley, NSA

Roundtable discussions:

* Kernel Hardening [no slides]
Lead by Kees Cook, Canonical and Will Drewry, Google

* LSM Architecture
Lead by Kees Cook, Canonical and Casey Schaufler

The SE Android talk was a last minute replacement for Ryan Ware’s talk on MeeGo (Ryan was unfortunately not able to make it).

See the write-ups by by Paul Moore and LWN.

Feedback so far has been positive.  I think it’s valuable for the security developers to get together like this, after spending the rest of the year working remotely with each other.  Next year, we’ll likely be looking at co-locating with LPC/KS/LinuxCon in San Diego.  It may be worth thinking about expanding to a two-day event, with the first day following the same format, but then splitting into project groups on day two for BoFs/hack sessions.

Contact the program committee if you have any suggestions.

I’d like to thank the LPC folk, and especially Jesse Barnes, for allowing us to co-locate and taking care of all of the logistics — all we had to do was organize the talks and turn up.  Also thanks to the speakers, discussion leaders and attendees.  See you next year!

Linux Security Summit 2011 – Schedule Published

For those that didn’t catch the email announcement, the schedule for the 2011 Linux Security Summit is now published.

The format of the conference is refereed talk sessions, followed by in-depth roundtable discussions.

Here’s a summary of the programme:

Refereed talks:

  • “Smack is Alive and Well”
    Casey Schaufler
  • “MeeGo Security Update”
    Ryan Ware, Intel
  • “An Overview of the Linux Integrity Subsystem: Use Cases and Demonstration”
    David Safford and Mimi Zohar, IBM
  • “Digital Signature support for IMA/EVM”
    Dmitry Kasatkin and Ryan Ware, Intel
  • “Protecting the Filesystem Integrity of a Fedora 15 Virtual Machine from Offline Attacks using IMA/EVM”
    Peter Kruus, The Johns Hopkins University Applied Physics Laboratory
  • “Efficient, TPM-free system integrity checking with device mapper: dm-verity”
    Will Drewry and Mandeep Baines, Google

Roundtable discussions:

  • Kernel Hardening
    Lead by Kees Cook, Canonical and Will Drewry, Google
  • LSM Architecture
    Lead by Kees Cook, Canonical and Casey Schaufler

See the full schedule for more detail.

Attendance is open to all registered attendees of the Linux Plumbers Conference.  Early-bird registration is available for LPC until the end of today (US time).

Linux Security Summit 2011 – CFP reminder: 2 weeks!

Calling all Linux security folk!
 

the CFP closes in two weeks...

 

Just a reminder that the CFP for the 2011 Linux Security Summit closes on the 27th of May — two weeks away. Please get your submissions in soon.

Note again that we are co-located with the Linux Plumbers Conference in Santa Rosa, and that all Security Summit attendees, including speakers, will need to register for Plumbers. Earlybird registration is available until 31st May.

Trivia question: which Alfred Hitchcock film was shot on location in Santa Rosa in 1943?

(Hint: click on the image)