Loading…
The Sched app allows you to build your schedule but is not a substitute for your event registration. In addition, you must be registered for Linux Security Summit to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

This schedule is automatically displayed in Pacific Daylight Time (PDT), UTC-7. Please select from the drop-down menu to the right to see the schedule in your preferred timezone above "Filter by Date."

Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

In Person [clear filter]
Wednesday, September 29
 

9:00am PDT

(IN PERSON) Welcome & Opening Remarks - James Morris
Speakers
avatar for James Morris

James Morris

Linux Kernel & Security Manager, Microsoft
James is the maintainer of the Linux security subsystem, and engineering manager at Microsoft.


Wednesday September 29, 2021 9:00am - 9:05am PDT
Room 402 - Chiliwack

9:05am PDT

(IN PERSON) SyzScope: Revealing High-Risk Security Impacts of Fuzzer-Exposed Bugs - Xiaochen Zou, University of California, Riverside
It is well-known that the lack of understanding of security impact can lead to delayed bug fixes as well as patch propagation. Even worse, for the syzbot platform that continuously fuzzes Linux kernels, all bug reports and their reproducers are made public on a dashboard as soon as they are generated. This can become a goldmine for adversaries if they can infer the bugs' security impacts before defenders do. Therefore, we propose the following questions: 1.Are those seemingly low-risk bugs actually low-risk? 2.Do bug reports reveal the real impact of bugs? 3.Can we convert a seemingly low-risk bug to a high-risk bug automatically? We develop SyzScope, a system that can automatically uncover new "high-risk" impacts given a bug with only "low-risk" impacts. From analyzing over a thousand low-risk bugs on syzbot, SyzScope successfully determined that 133 low-risk bugs in fact contain high-risk impacts, e.g., control flow hijack and arbitrary memory write, many of which still do not have patches available yet.

Speakers
XZ

Xiaochen Zou

Research Assistant, University of California, Riverside
I'm a PhD student at UC Riverside. I currently work on kernel fuzzing and exploitation. I just finished a project called SyzScope that helps developers and maintainers evaluate the severity of fuzzing-exposed bugs. SyzScope utilize fuzzing, static analysis, and symbolic execution... Read More →



Wednesday September 29, 2021 9:05am - 9:50am PDT
Room 402 - Chiliwack

2:00pm PDT

(IN PERSON) AMD SEV-SNP Development Update - David Kaplan, Advanced Micro Devices & Brijesh Singh, SMTS
In 2019, AMD introduced SEV-SNP (Secure Nested Paging), the latest generation of AMD VM isolation technology designed for confidential computing. Now that SEV-SNP hardware is commercially available, AMD is focusing on upstream enablement of the various new security capabilities provided by this technology, including memory integrity protection, new attestation models, interrupt security, and more. In this talk, we will provide a brief overview of these new capabilities and the status of upstream enablement work in the Linux kernel, QEMU, and related projects. We’ll also discuss planned future areas of development and how anyone interested can get involved.

Speakers
avatar for David Kaplan

David Kaplan

Security Architect, Advanced Micro Devices
David Kaplan is a Fellow at AMD who focuses on developing new security technologies across the AMD product line as part of the Product Security Organization. He is the lead architect for the AMD encrypted virtualization features and has worked on both CPU and SOC level security features... Read More →
BS

Brijesh Singh

SMTS, Advanced Micro Devices
Brijesh Singh is a member of the Linux OS group at Advanced Micro Devices. He is responsible for enabling and enhancing support for AMD processor features in the Linux kernel. He is currently working on extending the SEV support to enable SEV-SNP (Secure Nested Paging).



Wednesday September 29, 2021 2:00pm - 2:45pm PDT
Room 402 - Chiliwack
  Refereed Presentation
 
Thursday, September 30
 

9:00am PDT

(IN PERSON) Welcome Back and Remarks - James Morris
Speakers
avatar for James Morris

James Morris

Linux Kernel & Security Manager, Microsoft
James is the maintainer of the Linux security subsystem, and engineering manager at Microsoft.


Thursday September 30, 2021 9:00am - 9:05am PDT
Room 402 - Chiliwack

10:05am PDT

(IN PERSON) The Future of Code Integrity Enforcement: Extending IMA - Fan Wu, Microsoft
Last year an LSM called IPE was proposed. It has a similar purpose to IMA appraisal – to provide system-wide Code Integrity policy enforcement on executables. Fan is attempting to extend IMA to cover the IPE use cases to bridge the two systems. In this talk, Fan will present the current progress of the extension of IMA, along with some difficulties due to its original architecture limitation that was discovered during the implementation process, then offer some potential solutions.

Speakers
FW

Fan Wu

Software Engineer, Microsoft
Fan Wu is a software engineer at Microsoft, his current focus is operating system security.


Thursday September 30, 2021 10:05am - 10:35am PDT
Room 402 - Chiliwack

11:50am PDT

(IN PERSON) Triaging Kernel Out-Of-​Bounds Write Vulnerabilities - Weiteng Chen, University of California, Riverside
The monolithic nature of modern OS kernels leads to a constant stream of bugs being discovered. It is often unclear which of these bugs are worth fixing, as only a subset of them may be serious enough to lead to security takeovers (i.e., privilege escalations). Therefore, researchers have recently started to develop automated exploit generation techniques (for UAF bugs) to assist the bug triage process. In this paper, we investigate another top memory vulnerability in Linux kernel—out-of-bounds (OOB) memory write from heap. We design KOOBE to assist the analysis of such vulnerabilities based on two observations: (1) Surprisingly often, different OOB vulnerability instances exhibit a wide range of capabilities. (2) Kernel exploits are multi-interaction in nature which allows the exploit crafting process to be modular. Specifically, we focus on the extraction of capabilities of an OOB vulnerability and the subsequent exploitability evaluation process. In our evaluation, we analyze 17 most recent Linux kernel OOB vulnerabilities, for which KOOBE successfully generated candidate exploit strategies for 11 of them. Further, we are able to construct fully working exploits for all of them.

Speakers
avatar for Weiteng Chen

Weiteng Chen

University of California, Riverside
Weiteng Chen is a 5th-year PhD student in the computer science department at University of California, Riverside, where he is working with professor Zhiyun Qian. His research focuses on OS security and vulnerability analysis. He is particularly interested in exploitability assessment... Read More →



Thursday September 30, 2021 11:50am - 12:35pm PDT
Room 402 - Chiliwack

4:45pm PDT

(IN PERSON) IPE Namespaces: Targeted Enforcement of CI - Deven Bowers, Microsoft
Code integrity is widely recognized as one of the most effective security mitigations for modern threats, especially those targeting high-value systems. However, code integrity policies typically apply to an entire system, which may not be possible depending on the system's workload. This presentation will cover the newest update to Integrity Policy Enforcement (IPE), namespaces, which allows system builders to apply a code integrity namespace to a specific process and all of its descendants, allowing more targeted policy enforcement for systems such as docker hosts. There will be a live, proof-of-concept example, demonstrating its functionality. The presentation will work through an example where a system's workload is not acceptable for full-integrity verification, and how that issue is solved through namespaces, and some of the more interesting design decisions around the namespace implementation within IPE.

Speakers
avatar for Deven Bowers

Deven Bowers

Software Engineer, Microsoft
I graduated college in 2017 from UNC-Chapel Hill. I joined Microsoft shortly after, where I worked on code integrity (CI) systems in NTOS until late 2019, at which I transitioned to working on CI in Linux as my primary responsibility at Microsoft. I presented at LSS 2020 on my Integrity... Read More →



Thursday September 30, 2021 4:45pm - 5:30pm PDT
Room 402 - Chiliwack
 
Friday, October 1
 

9:00am PDT

(IN PERSON) Welcome Back and Remarks - James Morris
Speakers
avatar for James Morris

James Morris

Linux Kernel & Security Manager, Microsoft
James is the maintainer of the Linux security subsystem, and engineering manager at Microsoft.


Friday October 1, 2021 9:00am - 9:05am PDT
Room 402 - Chiliwack

11:05am PDT

(IN PERSON) Finding Multiple Bug Effects for More Precise Exploitability Estimation - Zhenpeng Lin & Yueqi Chen, Penn State University
Syzkaller, the state-of-the-art kernel fuzzing tool, has significantly expedited the bug finding in the Linux kernel, which generates 1000+ kernel bug reports over the past two years. In the Linux kernel, a possible trend in the future would be the number of bugs found grows faster than the number of bugs fixed. Limited human resources and efforts should be put into fixing bugs that have more potential to be exploited. The exploitability of bugs can be approximated by looking at the memory corruption ability shown in the bug reports. However, a bug could have many bug effects[ by triggering the root cause differently. A bug report that shows a General Protection Fault error could have the same root cause as the one showing a Use After Free error. Knowing all the bug effects gives precise exploitability estimation. In this talk, we will introduce a new approach to find all the potential bug effects given a kernel bug report. We will show our evaluation results to demonstrate the effectiveness and efficiency of our tool.

Speakers
avatar for Yueqi Chen

Yueqi Chen

PhD student, Penn State University
Yueqi Chen received his B.Sc degree from Nanjing University in 2017 and is currently a PhD Student with Dr. Xinyu Xing at Pennsylvania State University. He was awarded the IBM PhD Fellowship 2020. His research focuses on OS security and vulnerability analysis. He is particularly interested... Read More →
avatar for Zhenpeng Lin

Zhenpeng Lin

PhD student, Penn State University
Zhenpeng Lin is a PhD student advised by Dr. Xinyu Xing at Pennsylvania State University. His research focuses on vulnerability discovery and exploitation. His work was published at CCS 2020. In addition, he plays CTF a lot. As a core member of Nu1L, he won 1st place in BCTF 2017... Read More →



Friday October 1, 2021 11:05am - 11:50am PDT
Room 402 - Chiliwack

2:30pm PDT

(IN PERSON) Analysing and Improving the Security Properties of Secret Memory - James Bottomley & Mike Rappoport, IBM
Various patches are advancing through the kernel to designate regions of memory as hidden or secret. The current implementation mechanism for almost all of them is to remove them from the direct map of the kernel, meaning that it becomes impossible to refer to the memory from within the kernel without finding a way to map it and if an address in secret memory is ever accessed by the kernel or from another user space process, a page fault will result. The enhanced security for secret memory comes from the fact that most of the attempts to exfiltrate secrets mostly rely either on rop gadgets or privilege escalation. Since root cannot gain access to the secret from userspace because of the lack of direct map entry, the only viable exfiltration mechanism is via rop. Since there are no easy gadgets available to map a kernel address, it involves constructing a complex rop chain, making the exfiltration significantly harder (although not impossible). What we'd like to discuss in this session is how we could improve the security posture of secret memory and what its use cases might be (we've already put together a preloader that allocates openssl private keys in secret memory).

We'll be using the Plumbers BBB infrastructure. You can try it out here
bbb5.lpc.events.
  • We've disabled the authentication, so just type your name to join
  • We'll be using the plumbers protocols, so unmute video to interact
  • It will all be streamed over the AccelEvents platform, so if you only want to ask questions over chat, you don't need to use BBB

Speakers
avatar for James Bottomley

James Bottomley

DE, IBM
James Bottomley is a Distinguished Engineer at IBM Research where he works on Cloud and Container technology. He is also Linux Kernel maintainer of the SCSI subsystem. He has been a Director on the BoardJames Bottomley is a Distinguished Engineer at IBM Research where he works on... Read More →
MR

Mike Rapoport

Developer, IBM
Mike has lots of programming experience in different areas ranging from medical equipment to visual simulation, but most of all he likes hacking on Linux kernel and low level stuff. Throughout his career Mike promoted use of free and open source software and made quite a few contributions... Read More →


Friday October 1, 2021 2:30pm - 3:00pm PDT
Room 402 - Chiliwack

3:00pm PDT

(IN PERSON) Closing Remarks - James Morris
Speakers
avatar for James Morris

James Morris

Linux Kernel & Security Manager, Microsoft
James is the maintainer of the Linux security subsystem, and engineering manager at Microsoft.


Friday October 1, 2021 3:00pm - 3:05pm PDT
Room 402 - Chiliwack
 
  • Timezone
  • Filter By Date Linux Security Summit 2021 Sep 29 -Oct 1, 2021
  • Filter By Venue Seattle, WA, USA
  • Filter By Type
  • Breaks & Networking
  • General Sessions
  • Refereed Presentation
  • Short Topic
  • Talk Type
  • Presentation Slides Attached

Filter sessions
Apply filters to sessions.