Linux Security Status on 2017
Report
Kazuki OmoFollow
Oct. 19, 2017•0 likes•548 views
0 likes
Be the first to like this
Show More
views
Total views
0
On Slideshare
0
From embeds
0
Number of embeds
0
Check these out next
Linux Security Status on 2017
Oct. 19, 2017•0 likes•548 views
0 likes
Be the first to like this
Show More
views
Total views
0
On Slideshare
0
From embeds
0
Number of embeds
0
Download to read offline
Report
Technology
Presentation Material for openSUSE.Asia
Kazuki OmoFollow
Recommended
IWMW 1999: Web SIte SecurityIWMW
How to install OpenStack MITAKA --allinone - cheat sheet -Naoto MATSUMOTO
Kernel Recipes 2013 - Linux Security Modules: different formal conceptsAnne Nicolas
RabbitMQ Server - cheat sheet -Naoto MATSUMOTO
MQTTS mosquitto - cheat sheet -Naoto MATSUMOTO
Slides null puliya linux basicsAnant Shrivastava
Linux Security Status on 2017
- Linux Security 2017 status and AppArmor info. Kazuki Omo( 面 和毅 ): ka-omo@sios.com Secure OSS Sig. : http://www.secureoss.jp
- 2 Who am I ? - Security Researcher/Engineer (17 years) - SELinux/MAC Evangelist (12 years) - Antivirus Engineer (3 years) - SIEM Engineer (3 years) - Linux Engineer (17 years)
- 3 Agenda - Current Linux Security Trend - Update for AppArmor
- Current Linux Security Status
- 5 Current Linux Security Status No one is talking about these Anymore!! In Japan OSS env... - How to enforce user to enable SELinux/AppArmor. - Why SELinux is better than AppArmor. - Why you need to enable SELinux/AppArmor….
- 6 Current Typical Linux Security Projects. - Kernel hardening - Working with ChipSet - MAC, Capability, SecComp. - Userland (Container)
- Chipset
- 8 ARM Protect against illicit modification of pointers
- 9 ARM
- 10 AMD Encrypt for truly separate each VMs.
- 11 AMD Performance degrade is negligible.
- 12 AMD Separate HostOS and GuestOS
- 13 TPM2 Support Trusted Boot / Integrity Mgmt / Log for analyze
- 14 Current Typical Linux Security Projects. - Kernel hardening - Working with ChipSet - MAC, Capability, SecComp. - Userland (Container)
- Kernel (Hardening)
- 16 Kernel Hardening
- 17 Kernel Self Protection
- 18 Kernel Self Protection
- 19 Kernel Self Protection Discussion for Stack Clash jump Stack Stack guard
- 20 Current Typical Linux Security Projects. - Kernel hardening - Working with ChipSet - MAC, Capability, SecComp. - Userland (Container)
- Android (Environment)
- 22 ARM Use Secure boot for integrity check.
- 23 Google Android: default(hash for integrity check.)
- 24 SELinux in Android Oreo
- 25 SE-Android SELinux is “already working” on Android. Mitigating
- 26 SE-Android Now they are focusing how to easy to maintain.
- 27 SE-Android Now they are focusing how to easy to maintain.
- 28 Current Typical Linux Security Projects. - Kernel hardening - Working with ChipSet - MAC, Capability, SecComp. - Userland (Container)
- MAC, Attack Surface Reducing, etc.
- 30 Access Control Pre: Docker(CentOS) → SELinux Enabled Docker(AppArmor) → AppArmor Enabled Disable SELinux? Disable AppArmor?
- 31 Container A Host OS Access Control (Stackable LSM) Container B Container C How to Mix them. → Stackable Container/Cloud: Host Env is given by Host-Admin.
- 32 Attack Surface Reducing seccomp System call filtering
- AppArmor Updates
- 34 AppArmor Updates Stacking LSM / containers
- 35 AppArmor Updates Policy Namespaces & Stacking
- Conclusion
- 37 Conclusion - Linux Security is still growthing. - Not so much information in Japan. - We will keep to watching/spreading/contributing.
- 38 Any Questinos?
- 39 Thank You!!!