Name: Landlock LSM: Toward Unprivileged Sandboxing - Mickaël Salaün, Developer
Start: 2017-09-14T10:45:00-0700
End: 2017-09-14T11:30:00-0700

September 14-15, 2017 - Los Angeles, CA
Click Here For Information & Registration

Back To Schedule

Landlock LSM: Toward Unprivileged Sandboxing - Mickaël Salaün, Developer

Feedback form is now closed.

Linux has multiple access-control systems that can help containing malicious processes. However, it may be difficult and inefficient, especially for unprivileged users, to create a sandboxed application because of the currently administrator-oriented security. Unlike XNU Sandbox (macOS, iOS), Capsicum (FreeBSD) or Pledge (OpenBSD), seccomp-bpf lacks the ability to create a full standalone sandbox (e.g. restrict access to a set of files).

In this talk, we present a new LSM called Landlock. Its final aim is to enable unprivileged users to isolate their processes following the principle of least privilege. To achieve this goal, Landlock leverages eBPF to create flexible access-control rules. Thanks to multiple reviews, Landlock is getting closer to upstream, while gaining interest from the hardening and the container communities.

Speakers

Mickaël Salaün

Security Engineer, ANSSI

Mickaël Salaün is a security researcher, software developer and open source enthusiast. He is mostly interested in Linux-based operating systems, especially from a security point of view. He works on system hardening and has built security sandboxes (e.g. StemJail) before hacking... Read More →

Thursday September 14, 2017 10:45am - 11:30am PDT
Gold 4

Conference Session

Experience Level Intermediate

Linux Security Summit North America 2017

Mickaël Salaün

Attendees (23)

Linux Security Summit North America 2017

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Mickaël Salaün

Attendees (23)