Kernel TLV, profile picture
Uploaded byKernel TLV
PDF, PPTX549 views

Present Absence of Linux Filesystem Security

The document discusses the challenges and gaps in Linux filesystem security, highlighting issues such as the context of operations, unusual operations, and destructive actions. It outlines fundamental security concepts like permissions and capabilities while noting the limitations of existing solutions. Recommendations for addressing these issues are suggested, inviting further contact for detailed discussions.

Embed presentation

Download as PDF, PPTX
Present Absence of Linux Filesystem Security Philip Derbeko January, 2018
About Me (philip@ensilo.com)
Present Absence A character who does not appear for much of, if not all the plot, but whose presence is nevertheless felt. More accurately, the absence of the character is most significant.
Recap of FS Security
Recap of FS Security
Recap of FS Security
Recap of FS Security
Recap of FS Security
Recap of FS Security
Recap of FS Security 1. Read/Write/Execute 2. Inheritance 3. Only “Allow” permissions
Recap of FS Security
Recap of FS Security
Privacy vs. Security
The “Root” of the problem Permanent link to this comic: https://xkcd.com/149/
Capabilities Anyone?
Capabilities Anyone?
LSM to the rescue ??? Issues: - Not mandatory - Single active module - Kernel compilation - Limited Hooks
3 Security Gaps 1.Context of operations 2.Weird Operations 3.Destructive Operations
Context of operations
Do you really know what is going on?
Do you really know what is going on?
Context of Operations
Weird Operations
Weird Operations
Weird Operations
Weird Operations
Destructive Operations
Destructive Operations
Destructive Operations KillDisk – encryption loop
Destructive Operations Encoder – encryption loop
Destructive Operations
Destructive Operations – ShieldFS assumptions/findings 1. # of folder listing operations 2. # of read files 3. # of written files 4. # of renamed or moved files 5. # of accessed files 6. Average entropy of file-write operations
Solution ?
contact@enSilo.com www.ensilo.com company/enSilo @enSiloSec Thank You
Weird Operations

More Related Content

PDF
SGX Trusted Execution Environment
byKernel TLV
 
PDF
Fun with FUSE
byKernel TLV
 
PPTX
Bypassing ASLR Exploiting CVE 2015-7545
byKernel TLV
 
PDF
OpenWrt From Top to Bottom
byKernel TLV
 
PDF
Make Your Containers Faster: Linux Container Performance Tools
byKernel TLV
 
PDF
DPDK In Depth
byKernel TLV
 
PPTX
Kernel Proc Connector and Containers
byKernel TLV
 
PDF
Building Network Functions with eBPF & BCC
byKernel TLV
 
SGX Trusted Execution Environment
byKernel TLV
 
Fun with FUSE
byKernel TLV
 
Bypassing ASLR Exploiting CVE 2015-7545
byKernel TLV
 
OpenWrt From Top to Bottom
byKernel TLV
 
Make Your Containers Faster: Linux Container Performance Tools
byKernel TLV
 
DPDK In Depth
byKernel TLV
 
Kernel Proc Connector and Containers
byKernel TLV
 
Building Network Functions with eBPF & BCC
byKernel TLV
 

More from Kernel TLV

PDF
FreeBSD and Drivers
byKernel TLV
 
PDF
File Systems: Why, How and Where
byKernel TLV
 
PDF
Emerging Persistent Memory Hardware and ZUFS - PM-based File Systems in User ...
byKernel TLV
 
PPTX
grsecurity and PaX
byKernel TLV
 
PDF
Userfaultfd and Post-Copy Migration
byKernel TLV
 
PDF
Specializing the Data Path - Hooking into the Linux Network Stack
byKernel TLV
 
PDF
The Linux Block Layer - Built for Fast Storage
byKernel TLV
 
PPTX
Introduction to DPDK
byKernel TLV
 
PPTX
Linux Interrupts
byKernel TLV
 
PDF
VLANs in the Linux Kernel
byKernel TLV
 
PDF
Linux Kernel Cryptographic API and Use Cases
byKernel TLV
 
PPTX
Windows Internals for Linux Kernel Developers
byKernel TLV
 
PDF
Switchdev - No More SDK
byKernel TLV
 
PDF
Userfaultfd: Current Features, Limitations and Future Development
byKernel TLV
 
PPTX
DMA Survival Guide
byKernel TLV
 
PDF
Fun with Network Interfaces
byKernel TLV
 
PDF
netfilter and iptables
byKernel TLV
 
PPSX
FD.IO Vector Packet Processing
byKernel TLV
 
PPTX
WiFi and the Beast
byKernel TLV
 
PDF
KernelTLV Speaker Guidelines
byKernel TLV
 
FreeBSD and Drivers
byKernel TLV
 
File Systems: Why, How and Where
byKernel TLV
 
Emerging Persistent Memory Hardware and ZUFS - PM-based File Systems in User ...
byKernel TLV
 
grsecurity and PaX
byKernel TLV
 
Userfaultfd and Post-Copy Migration
byKernel TLV
 
Specializing the Data Path - Hooking into the Linux Network Stack
byKernel TLV
 
The Linux Block Layer - Built for Fast Storage
byKernel TLV
 
Introduction to DPDK
byKernel TLV
 
Linux Interrupts
byKernel TLV
 
VLANs in the Linux Kernel
byKernel TLV
 
Linux Kernel Cryptographic API and Use Cases
byKernel TLV
 
Windows Internals for Linux Kernel Developers
byKernel TLV
 
Switchdev - No More SDK
byKernel TLV
 
Userfaultfd: Current Features, Limitations and Future Development
byKernel TLV
 
DMA Survival Guide
byKernel TLV
 
Fun with Network Interfaces
byKernel TLV
 
netfilter and iptables
byKernel TLV
 
FD.IO Vector Packet Processing
byKernel TLV
 
WiFi and the Beast
byKernel TLV
 
KernelTLV Speaker Guidelines
byKernel TLV
 

Recently uploaded

PDF
AI in Odoo 19: Driving Business Growth in 2025
byEnvertis Software Solutions
 
PDF
First Semester BCA Fundamentals of Computers – Solved Question Paper (Kuvempu...
byKuvempu University
 
PDF
Core PHP vs Laravel Which is Better for Backend Development.pdf
byPixlogix Infotech
 
PDF
MGA Insurance Product Launch Acceleration
byOpenkoda
 
PPTX
AI-Powered Clinic Management Software for Trichology Clinics in India Enhanci...
byEasy Clinic
 
PPTX
The Future of Surgical Practice How AI is Transforming Diagnostics, Schedulin...
byEasy Clinic
 
PPTX
Managed Splunk Partner vs In-House: Cost, Risk & Value Comparison
byssuser6ab5a5
 
PDF
Code, Coins and Collaboration: How Open Source Shapes Modern Finance.
byDavid Okononfua
 
PPTX
Magnet-AXIOM_overview_tool_cyber_tool.pptx
byashishtjoseph
 
PPTX
Microsoft Power Platform Power Apps Presentation.pptx
bymazenamerican
 
PPTX
Microsoft Power Platform Power BI Presentation.pptx
bymazenamerican
 
PDF
2025_12_17 - OpenMetadata Community Meeting.pdf
byOpenMetadata
 
PPTX
OpenChain at Okinawa Event on the 4th of December 2025
byShane Coughlan
 
PPTX
OpenID AuthZEN Overview - Gartner IAM 25
byDavid Brossard
 
PPTX
AI Clinic Management Software for Otolaryngology Clinics Bringing Precision, ...
byEasy Clinic
 
PPTX
GDS Integration Solution | GDS Integration Service
byyugababu033
 
PDF
PeopleSoft Lift and Shift to Oracle Cloud Infrastructure.pdf
byAstuteBusiness
 
PDF
API_SECURITY CONSULTANCY SERVICES IN USA
bydavidjohansen1597
 
PDF
Combinatorial Interview Problems with Backtracking Solutions - From Imperativ...
byPhilip Schwarz
 
PDF
Navigating SEC Regulations for Crypto Exchanges Preparing for a Compliant Fut...
byzak jasper
 
AI in Odoo 19: Driving Business Growth in 2025
byEnvertis Software Solutions
 
First Semester BCA Fundamentals of Computers – Solved Question Paper (Kuvempu...
byKuvempu University
 
Core PHP vs Laravel Which is Better for Backend Development.pdf
byPixlogix Infotech
 
MGA Insurance Product Launch Acceleration
byOpenkoda
 
AI-Powered Clinic Management Software for Trichology Clinics in India Enhanci...
byEasy Clinic
 
The Future of Surgical Practice How AI is Transforming Diagnostics, Schedulin...
byEasy Clinic
 
Managed Splunk Partner vs In-House: Cost, Risk & Value Comparison
byssuser6ab5a5
 
Code, Coins and Collaboration: How Open Source Shapes Modern Finance.
byDavid Okononfua
 
Magnet-AXIOM_overview_tool_cyber_tool.pptx
byashishtjoseph
 
Microsoft Power Platform Power Apps Presentation.pptx
bymazenamerican
 
Microsoft Power Platform Power BI Presentation.pptx
bymazenamerican
 
2025_12_17 - OpenMetadata Community Meeting.pdf
byOpenMetadata
 
OpenChain at Okinawa Event on the 4th of December 2025
byShane Coughlan
 
OpenID AuthZEN Overview - Gartner IAM 25
byDavid Brossard
 
AI Clinic Management Software for Otolaryngology Clinics Bringing Precision, ...
byEasy Clinic
 
GDS Integration Solution | GDS Integration Service
byyugababu033
 
PeopleSoft Lift and Shift to Oracle Cloud Infrastructure.pdf
byAstuteBusiness
 
API_SECURITY CONSULTANCY SERVICES IN USA
bydavidjohansen1597
 
Combinatorial Interview Problems with Backtracking Solutions - From Imperativ...
byPhilip Schwarz
 
Navigating SEC Regulations for Crypto Exchanges Preparing for a Compliant Fut...
byzak jasper
 

Present Absence of Linux Filesystem Security