Better IPSec Security Association Resolution - Netconf 2006 Tokyo

VTI の中身

Masakazu Asama

SmartCloud Enterprise: Using a SOCKS Proxy with VLANs

Alex Amies

Mandatory Access Control Networking Update - Netonf 2006 Tokyo

Secure and Simple Sandboxing in SELinux

The networking industry has made good progress in the last few years on developing programmable interfaces and protocols for the control plane to enable a more dynamic and efficient infrastructure. Despite this progress, some parts of networking risk being left behind, most notably network management and configuration. The state-of-the-art in network management remains relegated to proprietary device interfaces (e.g., CLIs), imperative, incremental configuration, and lack of meaningful abstractions. We propose a framework for network configuration guided by software-defined networking principles, with a focus on developing common models of network devices, and common languages to describe network structure and policies. We also propose a publish/subscribe framework for next generation network telemetry, focused on streaming structured data from network elements themselves.

SDN in the Management Plane: OpenConfig and Streaming Telemetry

Anees Shaikh

In his previous talk, Paul talked about getting your system to work with SELinux. This involved setting the security on your files and directories so that they worked with SELinux. However, many people have customised their Linux installs and want SELinux to do what they say, not the other way around. Sysadmins in particular are not 'run of the mill' users, and they have different requirements to what typically comes out of the box. Situations such as serving web pages from NFS shares or non-standard directories, or installing applications in custom locations, need specialised configuration of SELinux in order to make it work with your needs. This talk will deal with those situations. Fortunately for Sysadmins, much of the work in developing SELinux policies for Linux has focussed on their requirements. Paul will show you a few of the things behind the scenes that make your job as a Sysadmin much easier and safer with SELinux.

Slug 2009 06 SELinux For Sysadmins

PaulWay

Much has been written on SELinux, and a lot of it seems confusing. It's buzzword heavy, involves locking your computer up, has a strange new set of permissions that are obscure in architecture and silently fails where things used to just work. Why use it? Well, for most people, it's not actually that hard to understand. In this talk, Paul Wayper talks about how to make sense of what SELinux does, and how to keep it out of the way and get on with using your computer. In the process Paul will deal with the background to SELinux, what it's main aims are, and why you really do want it turned on.

SELinux for Everyday Users

PaulWay

Viewers also liked (8)

Directions in SELinux Networking

VTI の中身

SmartCloud Enterprise: Using a SOCKS Proxy with VLANs

Mandatory Access Control Networking Update - Netonf 2006 Tokyo

Secure and Simple Sandboxing in SELinux

SDN in the Management Plane: OpenConfig and Streaming Telemetry

Slug 2009 06 SELinux For Sysadmins

SELinux for Everyday Users

Similar to Better IPSec Security Association Resolution - Netconf 2006 Tokyo

One Year of Porting - Post-mortem of two Linux/SteamOS launches

Leszek Godlewski

Anatomy of neutron from the eagle eyes of troubelshoorters

Sadique Puthen

Single Packet Authorization - Slides English

Leandro Almeida

Webinar topic: Layer 7 Firewall on Mikrotik Presenter: Achmad Mardiansyah In this webinar series, We are discussing Network Security with Mikrotik Please share your feedback or webinar ideas here: http://bit.ly/glcfeedback Check our schedule for future events: https://www.glcnetworks.com/en/schedule/ Follow our social media for updates: Facebook, Instagram, YouTube Channel, and telegram Recording is available on Youtube https://youtu.be/Z0Akaksp0DA

Layer 7 Firewall on Mikrotik

GLC Networks

Linux Network Stack

Adrien Mahieux

Fast dynamic analysis, Kostya Serebryany

yaevents

20 мая 2011, научный семинар Константин Серебряный "Быстрый динамичекский анализ программ на примере поиска гонок (data races)" Доклад посвящен динамическому анализу программ и, в частности, поиску гонок (data races). В рамках семинара будут рассмотрены следующие темы: • Динамический анализ программ. Введение в теорию поиска гонок. Анализ потока событий программы. Требования по производительности. • Базовый алгоритм инструмента ThreadSanitizer. Анализ производительности или почему алгоритм медленный? • Ускорение и параллелизация базового алгоритма ThreadSanitizer. • War stories: опыт внедрения регулярного тестирования для поиска гонок в Google Russia.

Константин Серебряный "Быстрый динамичекский анализ программ на примере поиск...

Yandex

cachegrand is what happens when you throw in a mix a SIMD-accelerated hashtable — capable of performing parallel GET operations without locks or busy-wait loops (e.g. atomic operations) — with fibers, io_uring, your own I/O library, your own memory allocator, and an in-memory & on-disk time series database! Written in C, built from scratch, natively modular - currently working on Redis compatibility — it's a platform that can deliver very high QPS with low latencies for caching and data streaming with the door open to supporting business logic in Rust & WebAssembly down the line. This session will focus on developing techniques and OS components used highlighting how they can provide an extra boost to your platforms, no matter the programming language.

cachegrand: A Take on High Performance Caching

ScyllaDB

UWE Linux Boot Camp 2007: Hacking embedded Linux on the cheap

edlangley

延伸Linux关键业务到双活高速NVMe-oF存储-OpenInfraDays-China2018

Roger Zhou 周志强

SREcon Europe 2016 - Full-mesh IPsec network at Hosted Graphite

HostedGraphite

Implementing efficient spinlocks in userspace is not possible yet in Linux, even after years of different approaches and proposed solutions.The main gap to achieve it is the lack of ABI providing an easy and low-overhead way to check if the current lock holder is running or not. In this session, we are going to present the problem, and to propose a solution for it using the restartable sequences infrastructure as means to expose the thread state to userspace in a cheap way, without requiring system calls. RFC: https://lore.kernel.org/lkml/20230529191416.53955-1-mathieu.desnoyers@efficios.com/ (c) Linux Plumbers Conference 2023 15-15 Nov Omni Richmond Hotel, Richmond, VA (US) https://lpc.events/event/17/page/198-lpc-2023-overview

Userspace adaptive spinlocks with rseq

Igalia

Memory model

MingdongLiao

This presentation shows that code coverage guided fuzzing is possible in the context of network daemon fuzzing. Some fuzzers are blackbox while others are protocol aware. Even ones which are made protocol aware, fuzzer writers typically model the protocol specification and implement packet awareness logic in the fuzzer. Unfortunately, just because the fuzzer is protocol aware, it does not guarantee that sufficient code paths have been reached. The presentation deals with specific scenarios where the target protocol is completely unknown (proprietary) and no source code or protocol specs are accessible. The tool developed builds a feedback loop between the client and the server components using the concept of "gate functions". A gate function triggers monitoring. The pintool component tracks the binary code coverage for all the functions untill it reaches an exit gate. By instrumenting such gated functions, the tool is able to measure code coverage during packet processing.

BSides LV 2016 - Beyond the tip of the iceberg - fuzzing binary protocols for...

Alexandre Moneger

Performance optimization techniques for Java code

Attila Balazs

pfSense 2.2 Preview - pfSense Hangout November 2014

Netgate

Snap - the universal packaging format for linux distros

Anthony Wong

Ceph Day Melbourne - Troubleshooting Ceph

Ceph Community

BlackHat 2009 - Hacking Zigbee Chips (slides)

Michael Smith

Streaming huge databases using logical decoding

Alexander Shulgin

Similar to Better IPSec Security Association Resolution - Netconf 2006 Tokyo (20)

One Year of Porting - Post-mortem of two Linux/SteamOS launches

Anatomy of neutron from the eagle eyes of troubelshoorters

Single Packet Authorization - Slides English

Layer 7 Firewall on Mikrotik

Linux Network Stack

Fast dynamic analysis, Kostya Serebryany

Константин Серебряный "Быстрый динамичекский анализ программ на примере поиск...

cachegrand: A Take on High Performance Caching

UWE Linux Boot Camp 2007: Hacking embedded Linux on the cheap

延伸Linux关键业务到双活高速NVMe-oF存储-OpenInfraDays-China2018

SREcon Europe 2016 - Full-mesh IPsec network at Hosted Graphite

Userspace adaptive spinlocks with rseq

Memory model

BSides LV 2016 - Beyond the tip of the iceberg - fuzzing binary protocols for...

Performance optimization techniques for Java code

pfSense 2.2 Preview - pfSense Hangout November 2014

Snap - the universal packaging format for linux distros

Ceph Day Melbourne - Troubleshooting Ceph

BlackHat 2009 - Hacking Zigbee Chips (slides)

Streaming huge databases using logical decoding

More from James Morris

Unix was not designed with security primarily in mind. It was initially developed in the late 1960s -- before the Internet was invented. While relatively simple, the Unix security model is inadequate for protecting against common security threats. Its designers identified fundamental design flaws over thirty years ago. As Linux is modeled on Unix, it inherits this traditional Unix security model. Meeting modern security requirements has required significant enhancements to Linux, which are ongoing, but well-advanced. While many new security ideas have emerged, Linux developers have necessarily been constrained by decades of operating system standards and conventions. Aimed at admins, developers and technical managers, the talk will cover: * The historical context of Linux security * Modern security OS requirements * How these requirements are being addressed (or not) by various enhancements made to Linux security * Areas of ongoing and future work. We'll also consider how FOSS culture contributes to security.

Linux Kernel Security: Adapting 1960s Technology to Meet 21st Century Threats

Adding Extended Attribute Support to NFS

Linux Kernel Security Overview - KCA 2009

sVirt: Hardening Linux Virtualization with Mandatory Access Control

Have You Driven an SELinux Lately? - An Update on the SELinux Project - OLS ...

OLPC Networking Overview

Cryptographic Hardware Support for the Linux Kernel - Netconf 2004

Kernel Security for 2.8 - Kernel Summit 2004

How and Why You Should Become a Kernel Hacker - FOSS.IN/2007

Overview of NSA Security Enhanced Linux - FOSS.IN/2005

SELinux Kernel Internals and Architecture - FOSS.IN/2005

Anatomy of Fedora Kiosk Mode (FOSS.MY/2008)

Intrigued by why some of the world's largest companies (Netflix, Google, Cisco, Twitter, Uber etc) are using gRPC? In this demo based talk we delve into the world of gRPC in .Net, what it does and why we should use it. We compare the interface with both Rest and graphQL. We will show you how to implement grpc server-side in .net and in the web. Finally, I will show you how the tooling helps you deliver powerful interfaces and interact with them quickly and simply.

More from James Morris (12)

Linux Kernel Security: Adapting 1960s Technology to Meet 21st Century Threats

Adding Extended Attribute Support to NFS

Linux Kernel Security Overview - KCA 2009

sVirt: Hardening Linux Virtualization with Mandatory Access Control

Have You Driven an SELinux Lately? - An Update on the SELinux Project - OLS ...

OLPC Networking Overview

Cryptographic Hardware Support for the Linux Kernel - Netconf 2004

Kernel Security for 2.8 - Kernel Summit 2004

How and Why You Should Become a Kernel Hacker - FOSS.IN/2007

Overview of NSA Security Enhanced Linux - FOSS.IN/2005

SELinux Kernel Internals and Architecture - FOSS.IN/2005

Anatomy of Fedora Kiosk Mode (FOSS.MY/2008)

Recently uploaded

Demystifying gRPC in .Net by John Staveley

John Staveley

The field of Information retrieval (IR) is currently undergoing a transformative shift, at least partly due to the emerging applications of generative AI to information access. In this talk, we will deliberate on the sociotechnical implications of generative AI for information access. We will argue that there is both a critical necessity and an exciting opportunity for the IR community to re-center our research agendas on societal needs while dismantling the artificial separation between the work on fairness, accountability, transparency, and ethics in IR and the rest of IR research. Instead of adopting a reactionary strategy of trying to mitigate potential social harms from emerging technologies, the community should aim to proactively set the research agenda for the kinds of systems we should build inspired by diverse explicitly stated sociotechnical imaginaries. The sociotechnical imaginaries that underpin the design and development of information access technologies needs to be explicitly articulated, and we need to develop theories of change in context of these diverse perspectives. Our guiding future imaginaries must be informed by other academic fields, such as democratic theory and critical theory, and should be co-developed with social science scholars, legal scholars, civil rights and social justice activists, and artists, among others.

Search and Society: Reimagining Information Access for Radical Futures

Bhaskar Mitra

GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...

Sri Ambati

Mission to Decommission: Importance of Decommissioning Products to Increase E...

Bits & Pixels using AI for Good.........

Alison B. Lowndes

De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...

How world-class product teams are winning in the AI era by CEO and Founder, P...

💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™: See how to accelerate model training and optimize model performance with active learning Learn about the latest enhancements to out-of-the-box document processing – with little to no training required Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath. Speakers: 👨‍🏫 Andras Palfi, Senior Product Manager, UiPath 👩‍🏫 Lenka Dulovicova, Product Program Manager, UiPath

Speed Wins: From Kafka to APIs in Minutes

confluent

Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...

UiPathCommunity

IoT Analytics Company Presentation May 2024

IoTAnalytics

FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf

Quantum Computing: Current Landscape and the Future Role of APIs

Vlad Stirbu

UiPath Test Automation using UiPath Test Suite series, part 3

DianaGray10

FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf

FIDO Alliance Osaka Seminar: Overview.pdf

НАДІЯ ФЕДЮШКО БАЦ «Професійне зростання QA спеціаліста»

QADay

FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf

From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...