September 14-15, 2017 - Los Angeles, CA
Click Here For Information & Registration

Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

Conference Session [clear filter]
Thursday, September 14


ARMv8.3 Pointer Authentication - Mark Rutland, ARM Ltd.
ARMv8.3 adds a hardware-assisted mechanism to detect illicit modification of pointer values, which can mitigate attacks against control flow such as ROP and JOP.

The pointer authentication adds new instructions to sign and authenticate pointers using a Pointer Authentication Code (PAC). These instructions are simple to integrate into compilers and JITs while also being backwards compatible, enabling protected code to function on hardware where the feature is not available.

This presentation will provide an overview of the extension, the use thereof, and Linux enablement.

avatar for Mark Rutland

Mark Rutland

Kernel Engineer, ARM
Mark Rutland is a kernel developer at ARM Ltd, based in Cambridge, UK. Mark contributes to the arm and arm64 ports, working on boot infrastructure, firmware interfaces (e.g. ACPI, DT, PSCI, UEFI), and architectural security features. Along with others he co-maintains Device Tree bindings... Read More →

Thursday September 14, 2017 9:05am - 9:50am
Gold 4


Defeating Invisible Enemies: Firmware Based Security in the OpenPOWER Platform - George Wilson, IBM
Adversaries mount attacks at all layers of the system stack including — to an increasing extent — firmware and kernel. Platform-level intrusion is a threat that academic papers have extensively described, researchers have demonstrated is real, and recent Wikileaks revelations have documented is pervasive. Technologies such as Trusted Computing and code signing are able to detect bootkits and rootkits and help prevent systems from executing these persistent and often invisible exploits. This talk discusses the motivation, design, and implementation of new Trusted Boot and Secure Boot features that bring strong firmware based protections to OpenPOWER systems.

avatar for George Wilson

George Wilson

Security Architect, LTC, IBM
George Wilson is a security architect and security development team lead in IBM's Linux Technology Center. Since joining the LTC in 2004, he has led IBM's Linux security certifications and continued development and product exploitation of open source security technology including... Read More →

Thursday September 14, 2017 9:50am - 10:35am
Gold 4


Landlock LSM: Toward Unprivileged Sandboxing - Mickaël Salaün, Developer
Linux has multiple access-control systems that can help containing malicious processes. However, it may be difficult and inefficient, especially for unprivileged users, to create a sandboxed application because of the currently administrator-oriented security. Unlike XNU Sandbox (macOS, iOS), Capsicum (FreeBSD) or Pledge (OpenBSD), seccomp-bpf lacks the ability to create a full standalone sandbox (e.g. restrict access to a set of files).

In this talk, we present a new LSM called Landlock. Its final aim is to enable unprivileged users to isolate their processes following the principle of least privilege. To achieve this goal, Landlock leverages eBPF to create flexible access-control rules. Thanks to multiple reviews, Landlock is getting closer to upstream, while gaining interest from the hardening and the container communities.


Mickaël Salaün

Security Engineer, ANSSI
Mickaël Salaün is a security researcher, software developer and open source enthusiast. He is mostly interested in Linux-based operating systems, especially from a security point of view. He works on system hardening and has built security sandboxes (e.g. StemJail) before hacking... Read More →

Thursday September 14, 2017 10:45am - 11:30am
Gold 4


The State of Kernel Self-Protection - Kees Cook, Google
The Kernel Self-Protection Project focuses on addressing gaps in Linux's defensive technologies. With Linux reaching into every corner of modern life, and userspace frequently being very locked-down, the kernel has become an ever-increasing target for attackers and much more needs to be done to harden the kernel so it can protect itself. A quick overview will be shown of what we're trying to protect Linux against, as well as the state of the art in available technologies. Also presented will be a summary of the last year's participation by many people over a wide range of technologies, with a review of KSPP attempts, accomplishments, active efforts, and an examination of future projects and goals.

avatar for Kees Cook

Kees Cook

Security Engineer, Google
Kees Cook has been working with Free Software since 1994, and has been a Debian Developer since 2007. He is currently employed as a Linux kernel security engineer by Google, working on Android and and Chrome OS. From 2006 through 2011 he worked for Canonical as the Ubuntu Security... Read More →

Thursday September 14, 2017 11:30am - 12:15pm
Gold 4


Confessions of a Security Hardware Driver Maintainer - Gilad Ben-Yossef, ARM
System security is a big challenge faced by all of everyone these days and Linux has a considerable array of built-in security mechanisms and sub-systems. However, system security is determined not by a single component but by the overall security of the software and the hardware as an integrated unit and how well the two are integrated together. A hardware capability which has the potential to increase system security will only do so if the software makes good use of it. This talk will describe the work the author is doing in driving better integration between hardware security provider components and the relevant Linux subsystems – from verified boot and root of trust services, via better storage security via DM-Crypt and DM-Verity to key management and TEE integration and how the kernel can evolve to offer better generic support of hardware capabilities in this area.

avatar for Gilad Ben-Yossef

Gilad Ben-Yossef

Principal Software Engineer, Arm
Gilad Ben-Yossef is a principal software engineer working at Arm on upstream kernel security at large and Arm CryptCell engine support in particular. Gilad is the co-author of O’Reilly’s “Building Embedded Linux Systems” 2nd edition, co-founder of the Israeli FOSS NGO "HaMakor... Read More →

Thursday September 14, 2017 1:45pm - 2:30pm
Gold 4
  • Experience Level Any


CII Best Practices Badge, 1.5 Years Later - David Wheeler, IDA
OSS is critical in the world today. However, OSS projects do not always follow best practices, leading to dangerous security vulnerabilities. To address this, in 2016 the Core Infrastructure Initiative (CII) established a "best practices badge" program, which created "best practices" criteria and a process so OSS projects could get a badge for meeting these criteria. This incentivizes projects to apply best practices and helps users identify projects using best practices.

This presentation will discuss the current status of the badging program. It will highlight recent changes, including the new criteria for the new “higher-level” silver and gold badges. It will also discuss the projects with badges, security improvements projects have made to get the badge, some interesting ways that projects have met the criteria, and the criteria most missed today.


David A. Wheeler

Research Staff Member, IDA
Dr. David A. Wheeler is an expert on developing secure software and on open source software (OSS) development. He wrote the book "Secure Programming HOWTO" on how to develop secure software, and his work on countering malicious tools ("Fully Countering Trusting Trust through Diverse... Read More →

Thursday September 14, 2017 2:30pm - 3:15pm
Gold 4
Friday, September 15


Hatching Security: LinuxKit as Security Incubator -Tycho Andersen & Riyaz Faizullabhoy, Docker
The host operating system and kernel are natural targets on machines which host containers, hostile or otherwise. In this talk we’ll discuss a new open source project called LinuxKit — which is part of the open source Moby Project, and led by Docker. LinuxKit is a tool for building Linux subsystems specifically designed to securely host containers. We’re making design decisions specific to our use case: read only host rootfs, small non-modularized config with most things disabled, etc.

We are actively working on upstreaming kernel features (e.g. teaching IMA about namespaces, so it can be sensibly used by containers), and incubating other projects such as WireGuard, Landlock, and HPE’s okernel separation project. Additionally, we are interested collaborating on kernel hardening patches, and are interested in finding other collaboration opportunities at LSS.


Tycho Andersen

Software Engineer, Docker, Inc
Tycho is an engineer at Docker working on LinuxKit, a toolkit for building container-focused host operating systems out of Linux. In his spare time he rides bikes and does improv comedy. Tycho has been fortunate to speak at a number of industry conferences including linux.conf.au... Read More →
avatar for Riyaz Faizullabhoy

Riyaz Faizullabhoy

Security Engineer, Docker
Security Engineer @ Docker. Current maintainer of LinuxKit and Notary. Previously spoken at LinuxCon NA, ContainerCon EU, a top-voted session at DockerCon 2017, Docker meetups, and led the DockerCon security workshop.

Friday September 15, 2017 9:00am - 9:45am
Gold 4


Running Linux in a Shielded VM - Michael Kelley, Microsoft
As enterprise server workloads move from physical hardware to virtual machines, the data they contain is at greater risk of being misused or stolen. Sysadmins, or outside attackers who gain access to the hypervisor, can easily copy virtual disks for offline cracking or glean secrets from the memory allocated to the VM, even if they have no access to the VM itself. To provide greater protection for the data in VMs, Microsoft’s Hyper-V hypervisor introduces “shielded VMs”. Shielded VMs have a range of protections that make it much harder for attackers or insiders to access data inside the VM. In this presentation, Michael Kelley will describe shielded VMs and work Microsoft has done with Linux to make it run in a shielded VM. This work includes the changes made to the Linux boot path, the use of dm-crypt, and the creation of templates from which multiple Linux shielded VMs can be deployed.

avatar for Michael Kelley

Michael Kelley

Principal PM Manager, Microsoft
Michael Kelley is a Principal Software Engineer in Microsoft’s Enterprise Open Source Group, working on Linux in Hyper-V, the Azure public cloud, and Azure Stack. He is currently working on Linux on ARM64 hardware and on Linux running in a Hyper-V Shielded VM. Michael has been a... Read More →

Friday September 15, 2017 9:45am - 10:30am
Gold 4


Keys Subsystem - Dave Howells, Red Hat

Friday September 15, 2017 10:40am - 11:25am
Gold 4


Protecting VM Register State with AMD SEV-ES - David Kaplan, AMD
At LSS 2016, the AMD Secure Encrypted Virtualization (SEV) feature was discussed, which enabled encryption of a VM memory space to protect it from the hypervisor. In this talk, David Kaplan will present the new SEV with Encrypted State (SEV-ES) feature which can further protect VMs by protecting the VM guest register state during world switches. The SEV-ES feature protects against register state leakage and control flow manipulation by the hypervisor by encrypting guest register state and creating a new x86 exception for handling virtualization intercepts.

In addition to presenting the hardware functionality of SEV-ES, this talk will discuss the status of Linux/KVM enablement of both the SEV and SEV-ES features and provide code pointers for anyone interested in playing with these technologies.

avatar for David Kaplan

David Kaplan

Security Architect, Advanced Micro Devices, Inc.
David Kaplan is a Fellow at AMD who focuses on developing new security technologies across the AMD product line as part of the Security Architecture Research and Development Center. He is the lead architect for the AMD memory encryption features and has worked on both CPU and SOC... Read More →

Friday September 15, 2017 11:25am - 12:10pm
Gold 4


Proposal of a Method to Prevent Privilege Escalation Attacks for Linux Kernel - Yuichi Nakamura, Hitachi,Ltd & Toshihiro Yamauchi, Okayama University
In many Linux kernel exploits, attackers aim to escalate privilege (obtain uid=0) via vulnerabilities of system calls. In this presentation, we propose a method to prevent privilege escalation attacks. The basic design, implementation, evaluation results and limitations are discussed.

Our method focusses on the feature that privileges of process is changed only in particular system call processing, and monitors the changes of privileges by each system call to prevent privilege escalation attacks. The watched privileges include not only those related to DAC(such as uid), but also includes important valuables of MAC system such as SELinux (e.g: selinux_enforcing). The method is implemented as a patch for Linux kernel and evaluated. It is found that privilege escalation can be prevented in real vulnerabilities, and the performance overhead is pretty small.


Yuichi Nakamura

Senior Engineer, Hitachi,Ltd
Yuichi Nakamura works for Open Source Solution Center at Hitachi,Ltd, and is responsible for security solution. He received a PhD degree from Okayama University about a study including SELinux policy development. He gave presentations in many OSS events such as OLS and ELC. He also... Read More →

Toshihiro Yamauchi

Associate Professor, Okayama University
Toshihiro Yamauchi is an associate professor at Okayama University. His research interests include operating systems and computer security.

Friday September 15, 2017 1:40pm - 2:25pm
Gold 4


SELinux in Android O: Separating Policy to Allow for Independent Updates - Daniel Cashman, Google
SELinux has provided Android with a mandatory access control (MAC) system that has enabled a centralized representation of Android's security model that covers every part of the system. In Android O, project treble (https://android-developers.googleblog.com/2017/05/here-comes-treble-modular-base-for.html) presented a fundamental re-architecting of Android by separating the ownership of the core Android framework from vendor hardware implementation to enable independent updates.

This talk discusses changes to Android's SELinux infrastructure and policy maintenance to allow for such policy modularization. This includes the creation of an SELinux API and versioning scheme, the incorporation of CIL, and move to on-device policy creation, in addition to policy changes for the release.


Daniel Cashman

I am a software engineer at Google currently working on the Android Platform Security team and am one of the primary SELinux on Android maintainers. No previous conference speaking experience.

Friday September 15, 2017 2:25pm - 3:10pm
Gold 4


Securing Automated Decryption - Nathaniel McCallum, Red Hat
Keeping secrets is tough. It is hard enough when you have control over the full computing chain. But now we are expected to keep secrets while storing those secrets in cloud and SaaS infrastructures. At least we can trust the network providers, right? Of course, the answer is to encrypt the data. But then how do we know who should have access to the data and when?

This talk will look at the new strategies and cryptographic techniques implemented by the Clevis (client) and Tang (server) open source projects. Tang aims to be a replacement for key escrows, using simple algorithms to bind data to third party entities. Clevis is a decryption automation framework which permits sophisticated unlocking policies that go beyond password management.


Nathaniel McCallum

Red Hat
Nathaniel McCallum is a Principal Software Engineer at Red Hat where he develops security related technologies. | | If you're looking for someone to blame for software projects such as FreeOTP, José, Clevis and Tang, Nathaniel is the guy. He also regularly breaks projects such... Read More →

Friday September 15, 2017 4:30pm - 5:15pm
Gold 4