CC3: An Identity Attested Linux Security Supervisor Architecture – Greg Wettstein, IDfusion
SELinux in Android Lollipop and Android M – Stephen Smalley, NSA
Linux Incident Response – Mike Scutt and Tim Stiller, Rapid7
Assembling Secure OS Images – Elena Reshetova, Intel
Linux and Mobile Device Encryption – Paul Lawrence and Mike Halcrow, Google
Security Framework for Constraining Application Privileges – Lukasz Wojciechowski, Samsung
IMA/EVM: Real Applications for Embedded Networking Systems – Petko Manolov, Konsulko Group, and Mark Baushke, Juniper Networks
Ioctl Command Whitelisting in SELinux – Jeffrey Vander Stoep, Google
IMA/EVM on Android Device – Dmitry Kasatkin, Huawei Technologies
There will be several discussion sessions:
Core Infrastructure Initiative – Emily Ratliff, Linux Foundation
Linux Security Module Stacking Next Steps – Casey Schaufler, Intel
Discussion: Rethinking Audit – Paul Moore, Red Hat
Also featured are brief updates on kernel security subsystems, including SELinux, Smack, AppArmor, Integrity, Capabilities, and Seccomp.
The keynote speaker will be Konstantin Ryabitsev, sysadmin for kernel.org. Check out his Reddit AMA!
See the schedule for full details, and any updates.
This year’s summit will take place on the 20th and 21st of August, in Seattle, USA, as a LinuxCon co-located event. As such, all Linux Security Summit attendees must be registered for LinuxCon. Attendees are welcome to attend the Weds 19th August reception. ETA: standalone LSS registration is available.
All LSS attendees, including speakers, must be registered attendees of LinuxCon. The first round of early registration ends May 29th.
We’d like to cast our net as wide as possible in terms of presentations, so please share this info with anyone you know who’s been doing interesting Linux security development or implementation work recently.
The event will be held over two days (18th & 19th August), starting with James Bottomley as the keynote speaker. The keynote will be followed by referred talks, group discussions, kernel security subsystem updates, and break-out sessions.
The refereed talks are:
Verified Component Firmware – Kees Cook, Google
Protecting the Android TCB with SELinux – Stephen Smalley, NSA
Tizen, Security and the Internet of Things – Casey Schaufler, Intel
Capsicum on Linux – David Drysdale, Google
Quantifying and Reducing the Kernel Attack Surface – Anil Kurmus, IBM
Extending the Linux Integrity Subsystem for TCB Protection – David Safford & Mimi Zohar, IBM
Application Confinement with User Namespaces – Serge Hallyn & Stéphane Graber, Canonical
Discussion session topics include Trusted Kernel Lock-down Patch Series, led by Kees Cook; and EXT4 Encryption, led by Michael Halcrow & Ted Ts’o. There’ll be kernel security subsystem updates from the SELinux, AppArmor, Smack, and Integrity maintainers. The break-out sessions are open format and a good opportunity to collaborate face-to-face on outstanding or emerging issues.
The CFP for the 2014 Linux Security Summit is announced.
LSS 2014 will be co-located with LinuxCon North America in Chicago, on the 18th and 19th of August. We’ll also be co-located with the Kernel Summit this year.
Note that, as always, we’re looking for participation from the general Linux community — not just kernel people, and not just developers. We’re interested in hearing about feedback from users, and discussing what kinds of security problems we need to be addressing into the future.
This year, we’re looking for discussion topics as well as paper presentations, so if you have anything interesting to talk about, send in a proposal.
The AppArmor Labeling Model (John Johansen, Canonical)
It looks like there’s been quite a lot happening in AppArmor. There’ll also be general project updates for SELinux, Smack, AppArmor and the Integrity subsystem, as well as a discussion on kernel coding anti-patterns led by Kees Cook.
There’ll be break-out sessions on the second day, details of which will be posted on the schedule as they’re known. If you’ll be at LSS (or LinuxCon/Plumbers generally) and would like to schedule a break-out session, contact the program committee per the details at the wiki page.
See everyone on the 19th and 20th of September in New Orleans!
The summit will be held across the 19th and 20th of September in New Orleans, co-located again with LinuxCon and Linux Plumbers. Note that presenters and attendees at LSS must be registered as LinuxCon attendees.
We’ll be following a similar format to last year, with a day of refereed presentations, followed by subsystem updates and break-out sessions on the second day. We’ll probably finish up around lunchtime on the Friday for people needing to head home that day, but check the final schedule for details once it’s published.
The CFP is open until 14th June, with speaker notifications to be posted by 21st June.
If you’ve been doing cool and interesting work in Linux security, be sure to submit a proposal!
As previously mentioned, LSS this year will be a two-day event, co-located with LinuxCon.
On Day 1, we’re privileged to have a keynote by Matthew Garrett. He’s one of the best speakers in the community, and I believe he’ll be discussing secure boot.
Following the keynote, we have eight refereed presentations on new and interesting Linux security development topics.
On Day 2, we’ll have kernel security subsystem updates from maintainers, followed by an afternoon of breakout sessions. The breakout sessions are for deeper dives into specific areas, and may include development discussions and hack sessions. An BoF is planned to discuss an LF Security Workgroup, and attendees may propose more sessions in the leadup to the conference by emailing the program committee.
Thanks to all of the committee members for reviewing the proposals and helping to organize the summit — it’s shaping up as an interesting and productive event!
Just to let folk know — I’ll be giving a talk on the state of Linux kernel security development at LinuxCon Japan in Yokohama on June 8th. From the abstract:
In this talk, we’ll examine the current state of the Linux kernel security subsystem. Starting with a brief overview of existing features, we’ll discuss recent developments, current efforts and future directions. We’ll also discuss the evolving threat landscape, and the increasing need for mobile and cloud security. This will be a high-level technical discussion aimed at IT professionals. A good general knowledge of operating system and computer security concepts will be advantageous.
I’ll also likely be in Tokyo briefly — if any kernel security development folk there want to meet up, let me know.