Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

0

Share

Download to read offline

Linux Security Status on 2017

Download to read offline

Presentation Material for openSUSE.Asia

Related Books

Free with a 30 day trial from Scribd

See all

Related Audiobooks

Free with a 30 day trial from Scribd

See all
  • Be the first to like this

Linux Security Status on 2017

  1. 1. Linux Security 2017 status and AppArmor info. Kazuki Omo( 面 和毅 ): ka-omo@sios.com Secure OSS Sig. : http://www.secureoss.jp
  2. 2. 2 Who am I ? - Security Researcher/Engineer (17 years) - SELinux/MAC Evangelist (12 years) - Antivirus Engineer (3 years) - SIEM Engineer (3 years) - Linux Engineer (17 years)
  3. 3. 3 Agenda - Current Linux Security Trend - Update for AppArmor
  4. 4. Current Linux Security Status
  5. 5. 5 Current Linux Security Status No one is talking about these Anymore!! In Japan OSS env... - How to enforce user to enable SELinux/AppArmor. - Why SELinux is better than AppArmor. - Why you need to enable SELinux/AppArmor….
  6. 6. 6 Current Typical Linux Security Projects. - Kernel hardening - Working with ChipSet - MAC, Capability, SecComp. - Userland (Container)
  7. 7. Chipset
  8. 8. 8 ARM Protect against illicit modification of pointers
  9. 9. 9 ARM
  10. 10. 10 AMD Encrypt for truly separate each VMs.
  11. 11. 11 AMD Performance degrade is negligible.
  12. 12. 12 AMD Separate HostOS and GuestOS
  13. 13. 13 TPM2 Support Trusted Boot / Integrity Mgmt / Log for analyze
  14. 14. 14 Current Typical Linux Security Projects. - Kernel hardening - Working with ChipSet - MAC, Capability, SecComp. - Userland (Container)
  15. 15. Kernel (Hardening)
  16. 16. 16 Kernel Hardening
  17. 17. 17 Kernel Self Protection
  18. 18. 18 Kernel Self Protection
  19. 19. 19 Kernel Self Protection Discussion for Stack Clash jump Stack Stack guard
  20. 20. 20 Current Typical Linux Security Projects. - Kernel hardening - Working with ChipSet - MAC, Capability, SecComp. - Userland (Container)
  21. 21. Android (Environment)
  22. 22. 22 ARM Use Secure boot for integrity check.
  23. 23. 23 Google Android: default(hash for integrity check.)
  24. 24. 24 SELinux in Android Oreo
  25. 25. 25 SE-Android SELinux is “already working” on Android. Mitigating
  26. 26. 26 SE-Android Now they are focusing how to easy to maintain.
  27. 27. 27 SE-Android Now they are focusing how to easy to maintain.
  28. 28. 28 Current Typical Linux Security Projects. - Kernel hardening - Working with ChipSet - MAC, Capability, SecComp. - Userland (Container)
  29. 29. MAC, Attack Surface Reducing, etc.
  30. 30. 30 Access Control Pre: Docker(CentOS) → SELinux Enabled Docker(AppArmor) → AppArmor Enabled Disable SELinux? Disable AppArmor?
  31. 31. 31 Container A Host OS Access Control (Stackable LSM) Container B Container C How to Mix them. → Stackable Container/Cloud: Host Env is given by Host-Admin.
  32. 32. 32 Attack Surface Reducing seccomp System call filtering
  33. 33. AppArmor Updates
  34. 34. 34 AppArmor Updates Stacking LSM / containers
  35. 35. 35 AppArmor Updates Policy Namespaces & Stacking
  36. 36. Conclusion
  37. 37. 37 Conclusion - Linux Security is still growthing. - Not so much information in Japan. - We will keep to watching/spreading/contributing.
  38. 38. 38 Any Questinos?
  39. 39. 39 Thank You!!!

Presentation Material for openSUSE.Asia

Views

Total views

499

On Slideshare

0

From embeds

0

Number of embeds

85

Actions

Downloads

7

Shares

0

Comments

0

Likes

0

×