Loading…
October 31 - November 1 | Lyon, France
View More Details  & Register Here

Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

Thursday, October 31
 

08:00 CET

09:00 CET

Welcome & Opening Remarks - Elena Reshetova, Intel
Speakers
avatar for Elena Reshetova

Elena Reshetova

Security architect, Intel
Elena Reshetova is a security architect and researcher at Intel working on various Linux security projects. Her current research interests evolve around Linux kernel hardening for the confidential cloud computing.


Thursday October 31, 2019 09:00 - 09:05 CET
Forum 1

09:05 CET

Deep Analysis of Exploitable Linux Kernel Vulnerabilities 2017-2019 - Tong Lin & Luhai Chen, Intel
To improve security, a series of hardening features (such as SMEP/PXN, SMAP/PAN, KASLR, CFI, etc.) were added to Linux kernel. Indeed, these mitigations have reduced the impact of vulnerabilities and made some exploits invalid. However, at the same time, some exploitation techniques which could bypass these existing mitigations are constantly being disclosed.

This talk will first detail the basic Linux kernel privilege escalation techniques, highlighting how these techniques work and how adversaries are using them. Then, some typical exploitable Linux kernel vulnerabilities from 2017 to 2019 will be selected for in-depth analysis. Specifically, the complete exploit chain which includes getting kernel arbitrary R/W and bypassing mitigations will be shown for each case.

Speakers
TL

Tong Lin

Security Researcher, Intel
Tong Lin is a security researcher in Intel Open Source Technology Center. He has rich experiences in the fields of penetration testing, vulnerability discovery and exploitation development. In addition, he also presented his research at several security conferences, such as HITCON... Read More →


Thursday October 31, 2019 09:05 - 09:50 CET
Forum 1
  Refereed Presentations
  • Experience Level Any

09:50 CET

Exploiting Race Conditions Using the Scheduler - Jann Horn, Google
This talk shows how two bugs involving somewhat narrow-looking race windows (https://crbug.com/project-zero/1695 in the Linux kernel, https://crbug.com/project-zero/1741 in Android userspace code) can be stretched wide enough to win the race conditions on a Google Pixel 2 phone, running a Linux 4.4 kernel, by making use of the unprivileged sched_*() syscalls.

Speakers
JH

Jann Horn

Project Zero Researcher, Google
Jann Horn has worked as a security researcher for Google's Project Zero for three years. His focus area are vulnerabilities in kernel code.



Thursday October 31, 2019 09:50 - 10:35 CET
Forum 1
  Refereed Presentations

10:35 CET

Coffee Break
Thursday October 31, 2019 10:35 - 10:55 CET
Forum 1/2/3 Foyer

10:55 CET

Dealing with Uninitialized Memory in the Kernel - Alexander Potapenko, Google
During the last two years, KMSAN (a detector of uses of uninitialized memory based on compiler instrumentation) has found more than a hundred bugs in the upstream kernel using fuzzing.
Telling by the kernel code coverage, many more bugs still remain uncovered though (e.g. we have only scratched the surface of USB device drivers).

Some of such bugs pose actual security risk, letting attackers to leak kernel data or subvert the control flow, finally executing code with elevated privileges.

Given that new bugs are still being introduced every month, kernel vendors (especially those maintaining older kernels) may want to kill the whole class of uninitialized memory bugs by initializing every heap and stack allocation in the running kernel.

We'll discuss the Linux 5.3 features that perform stack and heap initialization, their applicability for production use, and potential improvements.

Speakers
avatar for Alexander Potapenko

Alexander Potapenko

Senior Software Engineer, Google
Alexander Potapenko has been involved with dynamic testing tools at Google since 2009, having taken part in the development of userspace Sanitizer tools for Linux and Mac OS as well as KASAN for Linux. Right now Alexander is the primary developer of KMSAN, a dynamic tool for discovering... Read More →



Thursday October 31, 2019 10:55 - 11:25 CET
Forum 1
  Short Topic Discussions
  • Experience Level Any
  • Session Slides Included Yes

11:25 CET

A New Proposal for Protecting Kernel Data Memory - Igor Stoppa, Huawei
This is a followup to the presentation "Protecting the Protection Mechanisms" from the Security Summit 2018. The revised proposal addresses various points that were not covered in the previous implementation. Primarily, the focus of the rewritten patch-set is to express the meta-data used to describe the properties of the various memory regions, while reducing the overhead of verifying them. This feat is achieved by segmenting the vmalloc address space and encoding specific properties in the actual address ranges used to map memory pages containing data with such properties. Such approach is also meant to pave the way toward the hardening of the page tables.

Speakers
avatar for Igor Stoppa

Igor Stoppa

Principal Security Engineer, Huawei
Igor received his Msc in Electrical Engineering from Polytechnic university of Turin. He has been working (both professionally and as hobby) on various types of embedded systems for almost two decades, covering diverse aspects: power management, test automation, SW updates and now... Read More →



Thursday October 31, 2019 11:25 - 11:55 CET
Forum 1
  Short Topic Discussions

11:55 CET

Tracing: The Bane of You Security Folks - Steven Rostedt, VMware Inc
Tracing has the opposite purpose of security. Security tries to hide secrets, and the less the Linux kernel allows user applications know, the better the security. Tracing on the other hand, tries to give as much information as it can to the user. It should only give this information to those that needs it, but even determining that conflicts many times with the security ideas. This talk will talk a bit about what tracing is trying to show, and to whom it is showing it to. It will discuss tactics that are done that Linux kernel security folks should really be aware of. As tracing tries to be as low overhead when not enabled, it will take on tricks like live text modification, and redirecting calls. Tracing does everything a root kit author loves. And this talk will tell you what you need to know about that.

Speakers
avatar for Steven Rostedt

Steven Rostedt

Software Engineer, Google
Steven Rostedt currently works for Google on their ChromeOS team. Steven is the main developer and maintainer of ftrace, the official tracer of the Linux kernel, as well as the user space tools trace-cmd, the ftrace tracing libraries and co-maintainer of KernelShark. Steven is one... Read More →



Thursday October 31, 2019 11:55 - 12:40 CET
Forum 1
  Refereed Presentations
  • Experience Level Beginner
  • Session Slides Included Yes

12:40 CET

Lunch (Attendees on Own)
Thursday October 31, 2019 12:40 - 13:50 CET
TBA

13:50 CET

Kernel Runtime Security Instrumentation - KP Singh, Google
Existing Linux Security Modules can only be extended by modifying and rebuilding the kernel, making it difficult to react to new threats. Kernel Runtime Security Instrumentation (KRSI) [1] aims to provide an extensible Linux Security Module (LSM) by allowing userspace programs and system owners to attach eBPF (extended Berkeley Packet Filter) programs to security hooks. This makes the LSM framework extensible without needing to rebuild/re-write and enables a new class of security and auditing software.

The talk discusses the need for such an LSM (with representative use cases) and compares it to some existing alternatives, such as Landlock, a separate custom LSM, kprobes+eBPF etc. The second half of the talk outlines the proposed design and interfaces, and includes a live demo

Speakers
avatar for KP Singh

KP Singh

Staff Software Engineer, Google
KP Singh is the author and maintainer of the mainline eBPF LSM (a.k.a KRSI) for flexible security audit and policy enforcement on Linux. At Google, he leads the effort to build telemetry and detection software deployed on Google's corp, prod and cloud endpoints spanning different... Read More →



Thursday October 31, 2019 13:50 - 14:35 CET
Forum 1
  Refereed Presentations
  • Experience Level Advanced
  • Session Slides Included Yes

14:35 CET

CRIU and SELinux - Adrian Reber, Red Hat
To implement container live migration with Checkpoint/Restore in Userspace (CRIU) for container runtimes which are using SELinux, CRIU needs to handle SELinux labeling correctly. This talk will describe what was necessary to be able to fully restore processes with all SELinux labels and how this is difficult when trying to live migrate containers. At the same time this talk wants to highlight that it is now possible to migrate processes or containers without losing SELinux state and information. This talk also tries to collect feedback if the current implementation in CRIU is missing important parts.

Speakers
avatar for Adrian Reber

Adrian Reber

Principal Software Engineer, Red Hat
Adrian is a Principal Software Engineer at Red Hat and is migrating processes at least since 2010. He started to migrate processes in a high performance computing environment and at some point he migrated so many processes that he got a PhD for that. Occasionally he still migrates... Read More →



Thursday October 31, 2019 14:35 - 15:05 CET
Forum 1
  Short Topic Discussions
  • Experience Level Beginner
  • Session Slides Included Yes

15:05 CET

Address Spaces for Namespaces - Mike Rapoport, IBM
Address space isolation is used to protect the kernel and userspace programs from each other for ages.

Assuming that kernel exploits and speculation vulnerabilities are inevitable it's worth to isolate parts of the kernel to minimize damage that these exploits can cause.

One way to create such isolation is to assign an address space to the Linux namespaces, so that tasks running in namespace A have different view of kernel memory mappings than the tasks running in namespace B.

We propose to extend the SL*B allocators with the ability to create "exclusive" caches visible only in one namespace and thus ensure that per-namespace objects are mapped only in the owning namespace address
space.

We'll present the design of the "exclusive" caches and POC implementation targeting network namespaces.

Speakers
MR

Mike Rapoport

Researcher, IBM
Mike has lots of programming experience in different areas ranging from medical equipment to visual simulation, but most of all he likes hacking on Linux kernel and low level stuff. Throughout his career Mike promoted use of free and open source software and made quite a few contributions... Read More →



Thursday October 31, 2019 15:05 - 15:35 CET
Forum 1
  Short Topic Discussions
  • Experience Level Advanced
  • Session Slides Included Yes

15:35 CET

Coffee Break
Thursday October 31, 2019 15:35 - 15:55 CET
Forum 1/2/3 Foyer

15:40 CET

15:55 CET

Using a Different LSM from the Host in a Container - John Johansen, Canonical
Despite containers being in broad use, there are still use cases where containers can not make use of Linux Security Modules (LSMs) in the way they would like. Particularly challenging is the case where the container would like to make use of a different LSM from what the host is using.

This presentation will cover the challenges, pitfalls, and solutions encountered while enabling the AppArmor LSM to be used by a container while the host uses a different LSM. It will focus in particular on running snappy application and LXD systems containers leveraging AppArmor on a host using SELinux or Smack, and discuss why the inverse is currently more difficult.

Speakers
JJ

John Johansen

Security Engineer, Canonical
John Johansen began working with open source software in the late 80s and began playing with Linux in 93. He completed a masters in mathematics at the University of Waterloo and the began working for Immunix doing compiler hardening, and then AppArmor. After Immunix was acquired by... Read More →



Thursday October 31, 2019 15:55 - 16:25 CET
Forum 1
  Discussion Topics

16:30 CET

Tutorial: Using Linux Primitives to Build Your Own Containers - Stéphane Graber & Christian Brauner, Canonical Ltd.
Most people are familiar with various container tools including Docker, LXC and LXD. But they rarely are familiar with the kernel features enabling those tools.

To better understand everything involved, we will be creating our own container, from scratch.

Starting to look at the various namespaces, what they do, how to use them together, then setting up a suitable filesystem, integrating with a LSM, do some privilege and capability dropping and putting restrictions in place with cgroups.

At every step, you will see what your container can do and what it probably shouldn't be allowed to do, through this experience you will get a better understanding of all the moving pieces that are put together to create a container.

Speakers
CB

Christian Brauner

Senior Software Engineer, Canonical Ltd.
Christian Brauner is a kernel developer and maintainer of the LXD and LXC projects currently working at Canonical. He works mostly upstream on the Linux Kernel maintaining various bits and pieces. He is strongly committed to working in the open, and an avid proponent of Free Software... Read More →
avatar for Stephane Graber

Stephane Graber

Project leader for LXD, Canonical Ltd.
Stéphane Graber is the upstream project leader for LXC and LXD at Canonical and a frequent speaker and track leader at events related to containers and Linux. Stéphane is a longtime contributor to the Ubuntu Linux distribution as an Ubuntu core developer and previous Ubuntu technical... Read More →



Thursday October 31, 2019 16:30 - 18:00 CET
Forum 1
  Tutorial
 
Friday, November 1
 

08:00 CET

09:00 CET

The Linux Crypto API - Ard Biesheuvel, ARM Ltd.
The Linux crypto subsystem has a poor reputation when it comes to usability of its API. This is not entirely undeserved, but it makes sense to take a closer look at why the current API was designed the way it is and what we are doing to improve it. Also, we'll take a look at some examples of how a better understanding of the underlying crypto on the part of the crypto API user would have resulted in much better (and more secure) code.

Speakers
AB

Ard Biesheuvel

Principal Software Engineer, ARM Ltd.
Ard Biesheuvel is employed by Arm Ltd. to contribute to open source projects such as Tianocore and the Linux kernel. His mission is to make security and hardening features that exist for other architectures equally well supported on ARM, or better. His contributions to the arm64 Linux... Read More →



Friday November 1, 2019 09:00 - 09:45 CET
Forum 1
  Refereed Presentations

09:45 CET

OpenPOWER: Host OS (Linux Kernel) Secure Boot Key Management - Nayna Jain, IBM
OpenPOWER Secure Boot provides an open and flexible model to manage keys that are used by Linux based bootloader to further verify and load the Host Operating System(Linux Kernel). The main features of this model are:
- A pluggable architecture to support different key hierarchies and update mechanisms based on vendors’ choice.
- A choice for vendors to preload the OS or sysadmins to reinstall the OS in the secureboot state.

This talk discusses the end-to-end solution of OpenPOWER Host OS Secure Boot Key Management which involves managing ownership and authority over the keys, authenticated updates, securing the stored keys, blacklisting and compatibility for the userspace tools. The design spans across the firmware, kernel and userspace. The firmware and kernel patches, which also includes their interfaces, are being actively reviewed by the community.

Speakers
NJ

Nayna Jain

Software Engineer, IBM
Nayna Jain is a software designer and developer at IBM Linux Technology Center. She is involved into the secure and trusted boot development in IBM for OpenPOWER. Her experience is in the Linux Kernel security subsystem, secure boot, trusted computing, and security advocacy. She had... Read More →


Friday November 1, 2019 09:45 - 10:30 CET
Forum 1
  Refereed Presentations
  • Experience Level Any

10:30 CET

10:50 CET

Keylime - An Open Source TPM Project for Remote Trust. - Luke Hinds, Red Hat
Keylime (keylime.dev) is a young, rapidly growing open source project originally created in the security research department of MIT's Lincoln Laboratory. It provides a way of measuring the cryptographic hardware root of trust of machines hosting an Trusted Platform Module (TPM) chip. Keylime is about making TPM technology accessible for developers and users. It handles the complexity, you drive the use case!

Speakers
avatar for Luke Hinds

Luke Hinds

Security Lead, Office of the CTO, Red Hat
Luke Hinds works in the Emerging Technologies department of the CTO office, where he leads a team of talented engineers focused on the development of cutting edge security technologies. He has worked in Open Source for 20 years, since the early days of ipfilter in the Linux Kernel... Read More →


Friday November 1, 2019 10:50 - 11:35 CET
Forum 1

11:35 CET

Securing TPM Secrets with TXT and Kernel Signatures - Paul Moore, Cisco
This presentation will discuss a work in progress to secure data in the TPM2’s NVRAM using Intel’s TXT and extensions to tboot to support kernel signature verification. The ultimate goal being the ability to restrict access to TPM2 stored data to only those kernels which have been signed by an authorized entity while being robust in the face of kernel upgrades and downgrades.

The talk will discuss the design, and current progress, in the context of existing solutions using traditional TXT and UEFI Secure Boot; explaining why these solutions fall short either in terms of protection or usability.

Speakers
avatar for Paul Moore

Paul Moore

Principal Software Engineer, Microsoft
Paul Moore has been involved in various Linux security efforts since 2004 at Hewlett-Packard, Red Hat, Cisco, and presently, Microsoft. He currently maintains the SELinux, audit, and labeled networking subsystems in the Linux Kernel as well as the libseccomp userspace library.



Friday November 1, 2019 11:35 - 12:20 CET
Forum 1
  Refereed Presentations
  • Experience Level Advanced
  • Session Slides Included Yes

12:20 CET

Lunch (Attendees on Own)
Friday November 1, 2019 12:20 - 13:50 CET
TBA

13:50 CET

LSM Stacking - What You Can Do Now and What's Next - Casey Schaufler, Intel
Before the 5.1 Linux kernel it was only possible to combine Linux security modules (LSM) that don't use extended security "blobs". With the introduction of infrastructure blob management it is now possible for a limited set of extended system security data to be shared, allowing greater flexibility in security module combination. This talk will describe what data can currently be shared. It moves on to describe plans to expand the blobs that can be shared. Plans for achieving the ultimate goal of complete module stacking wrap up the presentation. Feedback on the plans, and suggestions for alternatives and improvements are solicited.

Speakers
avatar for Casey Schaufler

Casey Schaufler

Engineer, Intel
Casey Schaufler worked on Unix kernels in the 1970s-90s. He has implemented access control lists, mandatory access control, extended filesystem attributes, X11 access controls, network protocols and audit systems. His involvement in Linux began with the Linux Security Module work... Read More →



Friday November 1, 2019 13:50 - 14:20 CET
Forum 1
  Short Topic Discussions

14:20 CET

Upcoming x86 Technologies for Malicious Hypervisor Protection - David Kaplan, AMD
This talk will introduce AMD SEV-SNP (Secure Nested Paging), the next generation of AMD’s x86 virtualization isolation technology. Building upon the existing AMD SEV and AMD SEV-ES features released in 2017, SEV-SNP provides additional hardware security that is designed to protect VMs from malicious hypervisors. SEV-SNP adds new memory integrity protection, new use models, and more flexibility in attestation and VM management when working with protected VMs in hostile environments.

This talk will delve into the specific security that is provided by the SEV-SNP architecture, the stronger threat model that it supports, and the new hardware structures and x86 instructions being added to implement these protections. Finally, this talk will discuss the impacts of these changes to the open source ecosystem and identify areas where Linux may desire to take advantage of these new protections.

Speakers
avatar for David Kaplan

David Kaplan

Security Architect, Advanced Micro Devices
David Kaplan is a Fellow at AMD who focuses on developing new security technologies across the AMD product line as part of the Product Security Organization. He is the lead architect for the AMD encrypted virtualization features and has worked on both CPU and SOC level security features... Read More →



Friday November 1, 2019 14:20 - 15:05 CET
Forum 1
  Refereed Presentations

15:05 CET

15:25 CET

Zephyr Project Security Status - David Brown, Linaro
In this talk, David Brown will give an overview of recent and ongoing work on security in the Zephyr Project. The Zephyr Project is a Linux Foundation hosted collaboration project, a real time embedded OS (RTOS) optimized for resource constrained devices. Areas covered will include the Core Infrastructure Initiative Best Practices, static analysis, various certifications, API design, and fuzzing.

Speakers
avatar for David Brown

David Brown

Senior Engineer, Linaro
David Brown is a member of the Linaro IoT and Embedded Group (LITE), as well as the Security Working Group, and has worked on the Linux kernel, with a focus on security for a number of years. Recently, he has been focusing on security as it relates to IoT embedded devices, including... Read More →



Friday November 1, 2019 15:25 - 16:10 CET
Forum 1
  Refereed Presentations
  • Experience Level Any
  • Session Slides Included Yes

16:10 CET

Closing Remarks
Friday November 1, 2019 16:10 - 16:15 CET
Forum 1