Category Archives: Linux

Linux Security Summit 2012 – Slides published

Slides from the Linux Security Summit 2012 talks are now available via the schedule page.

It seems to have been a very successful event, with the move to a two-day format allowing for a day of refereed presentations, and then a day of more collaborative discussion. We’re aiming for a a similar format next year.

Thanks to everyone who made the event happen: presenters, attendees, the program committee, and of course, the great team at Linux Foundation, who made everything work flawlessly!

ETA: The slides from Matthew Garrett’s keynote on UEFI Secure Boot are now up.

Linux Security Summit 2012 – Schedule update

Just to let folks know who are attending, we’ve added a lightning talks slot to the LSS 2012 schedule, on Friday 31st August at 2pm.

If you have any emerging topics to discuss, come along on the day and contact me to schedule a slot. We have one confirmed talk already: Dave Jones will be discussing his Trinity system call fuzzing work.

Note that this change pushes the LF Linux Security Workgroup BoF back thirty minutes.

Congratulations to Chris Mason

As many of you will know, I started a new role at Oracle earlier in the year, going to work on Chris Mason’s team. He announced this week that he’s moving onto a new position at Fusion-io. His leadership at Oracle will be missed, and I would like to congratulate him on his new role.

Also, just to head off the inevitable internet rumours, I thought I’d post here that I will be taking on many of Chris’s previous responsibilities at Oracle, including leading the mainline kernel development team. We’re actively hiring, by the way, so if you want to hack on the Linux kernel for a great company—remotely, from almost anywhere on the planet—email me :-)

Kernel Security Talk at LinuxCon Japan

Just to let folk know — I’ll be giving a talk on the state of Linux kernel security development at LinuxCon Japan in Yokohama on June 8th. From the abstract:

In this talk, we’ll examine the current state of the Linux kernel security subsystem. Starting with a brief overview of existing features, we’ll discuss recent developments, current efforts and future directions. We’ll also discuss the evolving threat landscape, and the increasing need for mobile and cloud security. This will be a high-level technical discussion aimed at IT professionals. A good general knowledge of operating system and computer security concepts will be advantageous.

I’ll also likely be in Tokyo briefly — if any kernel security development folk there want to meet up, let me know.

2012 Linux Security Summit (San Diego) – Call for Particpation

The 2012 Linux Security Summit (LSS) has been announced. The CFP is open from now until the 23rd of May.

This year, the summit will be a two-day event, co-located with LinuxCon, Linux Plumbers, and the Kernel Summit. We’re planning on holding developer break-out sessions for much of the second day, and extending the length of the main talks to the more traditional 45 minute + 15 minute break format. There will still be shorter 30 minute talks, and roundtable discussions.

Check out the programs from previous years to see what kind of proposals have been previously accepted:

Send your proposals to the program committee per the announcement.

Save the date: 2012 Linux Security Summit, 30-31 August, San Diego

This is a pre-announcement so people can start planning travel for the year.

The Linux Security Summit for 2012 will be held on the 30th and 31st of August in San Diego, CA, USA.  It will be co-located with LinuxCon North America, plumbers and the kernel summit.

More details to follow.

New GPG Key

In support of the new security scheme, I’ve created a new 4096 bit RSA key:

pub   4096R/FA118320 2011-10-23
      Key fingerprint = 4ED7 50E6 F7F9 ACED 29DD  B750 EB75 1458 FA11 8320
uid   James Morris <>

I’ve published the key via the MIT key server.

I’ll continue to host the security subsystem tree on until things are fully set up on

Linux Security Summit 2011 – Presentation Slides

Just over a week ago, the 2011 Linux Security Summit was held in Santa Rosa CA, co-located with Linux Plumbers. It ran for a day, starting with refereed presentations, and then round-table discussions.

The home page for the summit is on the wiki, and is currently unavailable, so I’m posting links to the slides here:

* Smack is Alive and Well
Casey Schaufler, Intel

* An Overview of the Linux Integrity Subsystem: Use Cases and Demonstration
David Safford and Mimi Zohar, IBM

* Digital Signature support for IMA/EVM
Dmitry Kasatkin and Ryan Ware, Intel  (presented by Casey)

* Protecting the Filesystem Integrity of a Fedora 15 Virtual Machine from Offline Attacks using IMA/EVM
Peter Kruus, The Johns Hopkins University Applied Physics Laboratory

* Efficient, TPM-free system integrity checking with device mapper: dm-verity
Will Drewry and Mandeep Baines, Google

* The Case for SE Android
Stephen Smalley, NSA

Roundtable discussions:

* Kernel Hardening [no slides]
Lead by Kees Cook, Canonical and Will Drewry, Google

* LSM Architecture
Lead by Kees Cook, Canonical and Casey Schaufler

The SE Android talk was a last minute replacement for Ryan Ware’s talk on MeeGo (Ryan was unfortunately not able to make it).

See the write-ups by by Paul Moore and LWN.

Feedback so far has been positive.  I think it’s valuable for the security developers to get together like this, after spending the rest of the year working remotely with each other.  Next year, we’ll likely be looking at co-locating with LPC/KS/LinuxCon in San Diego.  It may be worth thinking about expanding to a two-day event, with the first day following the same format, but then splitting into project groups on day two for BoFs/hack sessions.

Contact the program committee if you have any suggestions.

I’d like to thank the LPC folk, and especially Jesse Barnes, for allowing us to co-locate and taking care of all of the logistics — all we had to do was organize the talks and turn up.  Also thanks to the speakers, discussion leaders and attendees.  See you next year!