JM
Uploaded byJames Morris
PDF, PPTX518 views

Kernel Security for 2.8 - Kernel Summit 2004

The document discusses the kernel security features present in the 2.6 Linux kernel and outlines potential future enhancements for version 2.7 and beyond. Key features include SELinux, audit frameworks, and integration with resource management and virtualization. Additionally, it suggests improvements such as signed modules, better capabilities, and expanded applications for Linux Security Modules (LSM).

Embed presentation

Download as PDF, PPTX
Kernel Security for 2.8 Linux Kernel Summit Ottawa 2004 James Morris, Red Hat
Current Status Several security features in 2.6: ● LSM ● Crypto API (software) ● Cryptoloop ● dm-crypt ● IPSec ● SELinux (MAC, RBAC) ● NX ● Audit Framework ● Syscall Auditing Discussion?
Potential Future Directions (2.7+) ● SELinux: ● MLS (multilevel security) ● Labeled networking ● Integration with resource management ● NFSv4 integration ● Virtualization: ● Increased isolation ● Polyinstantiation ● Hardware Crypto API ● Kernel keyring management ● More LSM applications? ● Continued refinement of Netfilter ● Signed modules (2.6?) ● Signed binaries ● Exec-shield (2.6?) ● TPM ● LT ● Better capabilities (Chris Wright) ● Separate out DAC (Chris Wright)

More Related Content

PPTX
Implementation of IPsec with PKI
bySukhpreet Singh
 
PPTX
AISA 2018 Perth Conference: State Of Web Wecurity In 2018
byJames Bromberger
 
PDF
Configuring Site-to-Site VPN's on ASA Firewalls
byKelvin Charles
 
DOCX
Working Of Gridseeddata
byzoomhash
 
PDF
[WSO2Con Asia 2018] Talk Microservices to Me: The Role of IAM in Microservice...
byWSO2
 
PDF
Moby SIG Orchestration Security Summit Presentation
byDiogo Mónica
 
PDF
Accomplishments_Brief_20150330
byRyan Hsu
 
PDF
wolfSSL TLS 1.3 Support in 2018
bywolfSSL
 
Implementation of IPsec with PKI
bySukhpreet Singh
 
AISA 2018 Perth Conference: State Of Web Wecurity In 2018
byJames Bromberger
 
Configuring Site-to-Site VPN's on ASA Firewalls
byKelvin Charles
 
Working Of Gridseeddata
byzoomhash
 
[WSO2Con Asia 2018] Talk Microservices to Me: The Role of IAM in Microservice...
byWSO2
 
Moby SIG Orchestration Security Summit Presentation
byDiogo Mónica
 
Accomplishments_Brief_20150330
byRyan Hsu
 
wolfSSL TLS 1.3 Support in 2018
bywolfSSL
 

What's hot

PDF
Securing Data in Transit -
bywolfSSL
 
PDF
micro-ROS: bringing ROS 2 to MCUs
byeProsima
 
PDF
Intro to sysdig in 15 minutes
bySysdig
 
PDF
Mikrotik Hotspot
byGLC Networks
 
PDF
Micro XRCE-DDS: Bringing DDS into microcontrollers
byeProsima
 
PDF
MQTT 101 - Getting started with the lightweight IoT Protocol
byChristian Götz
 
PDF
Your House is My House: Use of Offensive Enclaves In Adversarial Operations
byDimitry Snezhkov
 
PDF
MTLS in a Microservices World
byDiogo Mónica
 
PDF
Mtcna outline
bysourmkn
 
PPT
MQTT security
byAnthony Chow
 
PPTX
Not petya business case
byAlexander Kravchenko
 
PPTX
Quic
byOmidEsmaelbeyg
 
PDF
.NET Cloud-Native Bootcamp Minneapolis
byVMware Tanzu
 
PDF
Container Security Mmanagement
bySuresh Thivanka Rupasinghe
 
PDF
Tech w22
bySelectedPresentations
 
DOCX
Working Of Gridseeddata
byzoomhash
 
PPTX
Microservices architecture presentation
byJoseph SHYIRAMBERE
 
PDF
NTXISSACSC3 - Critical Criteria for (Cloud) Workload Security by Steve Armend...
byNorth Texas Chapter of the ISSA
 
PDF
Linux Security, from Concept to Tooling
byMichael Boelen
 
PDF
platform without vendor lock-in
byKai Jokiniemi
 
Securing Data in Transit -
bywolfSSL
 
micro-ROS: bringing ROS 2 to MCUs
byeProsima
 
Intro to sysdig in 15 minutes
bySysdig
 
Mikrotik Hotspot
byGLC Networks
 
Micro XRCE-DDS: Bringing DDS into microcontrollers
byeProsima
 
MQTT 101 - Getting started with the lightweight IoT Protocol
byChristian Götz
 
Your House is My House: Use of Offensive Enclaves In Adversarial Operations
byDimitry Snezhkov
 
MTLS in a Microservices World
byDiogo Mónica
 
Mtcna outline
bysourmkn
 
MQTT security
byAnthony Chow
 
Not petya business case
byAlexander Kravchenko
 
Quic
byOmidEsmaelbeyg
 
.NET Cloud-Native Bootcamp Minneapolis
byVMware Tanzu
 
Container Security Mmanagement
bySuresh Thivanka Rupasinghe
 
Tech w22
bySelectedPresentations
 
Working Of Gridseeddata
byzoomhash
 
Microservices architecture presentation
byJoseph SHYIRAMBERE
 
NTXISSACSC3 - Critical Criteria for (Cloud) Workload Security by Steve Armend...
byNorth Texas Chapter of the ISSA
 
Linux Security, from Concept to Tooling
byMichael Boelen
 
platform without vendor lock-in
byKai Jokiniemi
 

Viewers also liked

PDF
Linux Kernel Security Overview - KCA 2009
byJames Morris
 
PDF
Linux Kernel Security: Adapting 1960s Technology to Meet 21st Century Threats
byJames Morris
 
PDF
From Topic to Presentation
byFabrício Faria
 
PPTX
Linux Security Overview
byKernel TLV
 
PPT
Kernal
byRamasubbu .P
 
PDF
sVirt: Hardening Linux Virtualization with Mandatory Access Control
byJames Morris
 
PDF
Kernel Recipes 2013 - Linux Security Modules: different formal concepts
byAnne Nicolas
 
PPTX
About Smartphone
byAshraful Islam
 
Linux Kernel Security Overview - KCA 2009
byJames Morris
 
Linux Kernel Security: Adapting 1960s Technology to Meet 21st Century Threats
byJames Morris
 
From Topic to Presentation
byFabrício Faria
 
Linux Security Overview
byKernel TLV
 
Kernal
byRamasubbu .P
 
sVirt: Hardening Linux Virtualization with Mandatory Access Control
byJames Morris
 
Kernel Recipes 2013 - Linux Security Modules: different formal concepts
byAnne Nicolas
 
About Smartphone
byAshraful Islam
 

Similar to Kernel Security for 2.8 - Kernel Summit 2004

PDF
2009-08-11 IBM Teach the Teachers (IBM T3), Linux Security Overview
byShawn Wells
 
PDF
SELinux workshop
byjohseg
 
PDF
Remote security with Red Hat Enterprise Linux
byGiuseppe Paterno'
 
PDF
MR201406 A Re-introduction to SELinux
byFFRI, Inc.
 
PDF
SELinux Project Overview - Linux Foundation Japan Symposium 2008
byJames Morris
 
PPTX
Security Enhanced Linux Overview
byEmre Can Kucukoglu
 
PPTX
Selinux
byMohitgupta8560
 
PDF
2008-09-09 IBM Interaction Conference, Red Hat Update for System z
byShawn Wells
 
PDF
Overview of NSA Security Enhanced Linux - FOSS.IN/2005
byJames Morris
 
PDF
2008-03-06 Harris Corp Security Seminar
byShawn Wells
 
PDF
2008-10-15 Red Hat Deep Dive Sessions: SELinux
byShawn Wells
 
PDF
Have You Driven an SELinux Lately? - An Update on the SELinux Project - OLS ...
byJames Morris
 
PDF
The State of Security Enhanced Linux - FOSS.IN/2007
byJames Morris
 
PDF
Directions in SELinux Networking
byJames Morris
 
PDF
Linux Security Status on 2017
byKazuki Omo
 
PDF
Secure and Simple Sandboxing in SELinux
byJames Morris
 
PDF
The Design of Convoluted Kernel Architectural Framework for Trusted Systems –...
byrahulmonikasharma
 
PDF
Your First Guide to "secure Linux"
byToshiharu Harada, Ph.D
 
PDF
SELinux Johannesburg Linux User Group (JoziJUg)
byJumping Bean
 
PPTX
SELinux_@gnu_group_meetup
byJayant Chutke
 
2009-08-11 IBM Teach the Teachers (IBM T3), Linux Security Overview
byShawn Wells
 
SELinux workshop
byjohseg
 
Remote security with Red Hat Enterprise Linux
byGiuseppe Paterno'
 
MR201406 A Re-introduction to SELinux
byFFRI, Inc.
 
SELinux Project Overview - Linux Foundation Japan Symposium 2008
byJames Morris
 
Security Enhanced Linux Overview
byEmre Can Kucukoglu
 
Selinux
byMohitgupta8560
 
2008-09-09 IBM Interaction Conference, Red Hat Update for System z
byShawn Wells
 
Overview of NSA Security Enhanced Linux - FOSS.IN/2005
byJames Morris
 
2008-03-06 Harris Corp Security Seminar
byShawn Wells
 
2008-10-15 Red Hat Deep Dive Sessions: SELinux
byShawn Wells
 
Have You Driven an SELinux Lately? - An Update on the SELinux Project - OLS ...
byJames Morris
 
The State of Security Enhanced Linux - FOSS.IN/2007
byJames Morris
 
Directions in SELinux Networking
byJames Morris
 
Linux Security Status on 2017
byKazuki Omo
 
Secure and Simple Sandboxing in SELinux
byJames Morris
 
The Design of Convoluted Kernel Architectural Framework for Trusted Systems –...
byrahulmonikasharma
 
Your First Guide to "secure Linux"
byToshiharu Harada, Ph.D
 
SELinux Johannesburg Linux User Group (JoziJUg)
byJumping Bean
 
SELinux_@gnu_group_meetup
byJayant Chutke
 

More from James Morris

PDF
SELinux Kernel Internals and Architecture - FOSS.IN/2005
byJames Morris
 
PDF
Adding Extended Attribute Support to NFS
byJames Morris
 
PDF
Cryptographic Hardware Support for the Linux Kernel - Netconf 2004
byJames Morris
 
PDF
Mandatory Access Control Networking Update - Netonf 2006 Tokyo
byJames Morris
 
PDF
Anatomy of Fedora Kiosk Mode (FOSS.MY/2008)
byJames Morris
 
PDF
Better IPSec Security Association Resolution - Netconf 2006 Tokyo
byJames Morris
 
PDF
OLPC Networking Overview
byJames Morris
 
PDF
How and Why You Should Become a Kernel Hacker - FOSS.IN/2007
byJames Morris
 
SELinux Kernel Internals and Architecture - FOSS.IN/2005
byJames Morris
 
Adding Extended Attribute Support to NFS
byJames Morris
 
Cryptographic Hardware Support for the Linux Kernel - Netconf 2004
byJames Morris
 
Mandatory Access Control Networking Update - Netonf 2006 Tokyo
byJames Morris
 
Anatomy of Fedora Kiosk Mode (FOSS.MY/2008)
byJames Morris
 
Better IPSec Security Association Resolution - Netconf 2006 Tokyo
byJames Morris
 
OLPC Networking Overview
byJames Morris
 
How and Why You Should Become a Kernel Hacker - FOSS.IN/2007
byJames Morris
 

Recently uploaded

PPTX
UNIT 1- Introduction to Basic of Computer Fundamentals
bypawarbhaktiit
 
PDF
Saga: The new era of transactions in a microservices architecture
byGiovanni Marigi
 
PPTX
DVCON24-IBM ai/ml driven hardware verification
byArun Joseph
 
PPTX
Software Tools for penetration Testing (1).pptx
byAmosCheruiyot13
 
PPTX
On-Device AI with Gemma 3n and PaliGemma 2 Session Slides - GDG VESIT
bygdgcodecellcmpn
 
PDF
Requestly or Postman: What’s the Right API Tool for Your Team?
byhenrycavill30521
 
PDF
Josh Chu Boston - An Innovative Technology Executive
byJosh Chu Boston
 
PPTX
How Blockchain Application Development Enables Trustless Digital Ecosystems.pptx
byLisa ward
 
PDF
Intro to CrafterQ - AI Agent Platform for the Enterprise.pdf
byCrafterQ
 
PPTX
Building Real-Time Voice AI — Udaiappa Ramachandran
byUdaiappa Ramachandran
 
PDF
Best-Travel-Portal-Development-Solutions-for-Online-Growth
bykashishnagarrajput
 
PPTX
Oracle SCM Cloud Solutions for Smart Supply Chain Management
byChetu
 
PDF
65 AI-related Posts Catalog https://tinyurl.com/mpavkr8z
byBob Marcus
 
PDF
SAP WalkMe Overview.pdf SAP WalkMe Overview.pdf
byMurniatiSimbolon2
 
PDF
Digital Transformation Services The Key to Futureproofing Your Business
byQuadrafort Technolgies
 
PDF
Mobile Onboarding UX 11 Best Practices for Retention (2026).pdf
byDesign Studio UI UX
 
PDF
The Cost of Missing Critical Connections in Data - Suspicious Behavior Detect...
byEnterprise Knowledge
 
PDF
Generating Structured Outputs from Unstructured Content Using LLMs
byEnterprise Knowledge
 
PDF
Early Signs of Constraint Loss in Modern System Design
byReality Drift Archive
 
PPTX
02_Extended Warehouse Management Functions and Features.pptx
byUdayakumar218983
 
UNIT 1- Introduction to Basic of Computer Fundamentals
bypawarbhaktiit
 
Saga: The new era of transactions in a microservices architecture
byGiovanni Marigi
 
DVCON24-IBM ai/ml driven hardware verification
byArun Joseph
 
Software Tools for penetration Testing (1).pptx
byAmosCheruiyot13
 
On-Device AI with Gemma 3n and PaliGemma 2 Session Slides - GDG VESIT
bygdgcodecellcmpn
 
Requestly or Postman: What’s the Right API Tool for Your Team?
byhenrycavill30521
 
Josh Chu Boston - An Innovative Technology Executive
byJosh Chu Boston
 
How Blockchain Application Development Enables Trustless Digital Ecosystems.pptx
byLisa ward
 
Intro to CrafterQ - AI Agent Platform for the Enterprise.pdf
byCrafterQ
 
Building Real-Time Voice AI — Udaiappa Ramachandran
byUdaiappa Ramachandran
 
Best-Travel-Portal-Development-Solutions-for-Online-Growth
bykashishnagarrajput
 
Oracle SCM Cloud Solutions for Smart Supply Chain Management
byChetu
 
65 AI-related Posts Catalog https://tinyurl.com/mpavkr8z
byBob Marcus
 
SAP WalkMe Overview.pdf SAP WalkMe Overview.pdf
byMurniatiSimbolon2
 
Digital Transformation Services The Key to Futureproofing Your Business
byQuadrafort Technolgies
 
Mobile Onboarding UX 11 Best Practices for Retention (2026).pdf
byDesign Studio UI UX
 
The Cost of Missing Critical Connections in Data - Suspicious Behavior Detect...
byEnterprise Knowledge
 
Generating Structured Outputs from Unstructured Content Using LLMs
byEnterprise Knowledge
 
Early Signs of Constraint Loss in Modern System Design
byReality Drift Archive
 
02_Extended Warehouse Management Functions and Features.pptx
byUdayakumar218983
 

Kernel Security for 2.8 - Kernel Summit 2004

  • 1.
    Kernel Security for2.8 Linux Kernel Summit Ottawa 2004 James Morris, Red Hat
  • 2.
    Current Status Several securityfeatures in 2.6: ● LSM ● Crypto API (software) ● Cryptoloop ● dm-crypt ● IPSec ● SELinux (MAC, RBAC) ● NX ● Audit Framework ● Syscall Auditing Discussion?
  • 3.
    Potential Future Directions(2.7+) ● SELinux: ● MLS (multilevel security) ● Labeled networking ● Integration with resource management ● NFSv4 integration ● Virtualization: ● Increased isolation ● Polyinstantiation ● Hardware Crypto API ● Kernel keyring management ● More LSM applications? ● Continued refinement of Netfilter ● Signed modules (2.6?) ● Signed binaries ● Exec-shield (2.6?) ● TPM ● LT ● Better capabilities (Chris Wright) ● Separate out DAC (Chris Wright)