The Sched app allows you to build your schedule but is not a substitute for your event registration. In addition, you must be registered for Linux Security Summit to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

This schedule is automatically displayed in Pacific Daylight Time (PDT), UTC-7. Please select from the drop-down menu to the right to see the schedule in your preferred timezone above "Filter by Date."

Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

Virtual [clear filter]
Wednesday, September 29

9:50am PDT

(VIRTUAL) Hardening the Linux Guest for the Confidential Cloud Computing - Elena Reshetova, Intel
Confidential Cloud Computing is a powerful security model where the cloud tenants are not required to trust the SW stack provided by Cloud Service Providers (CSPs). This includes the Virtual Machine Monitor (VMM) that has been an internal part of VM guest’s TCB for decades. In recent years CPU vendors are coming forward with the technologies that make possible to support this changed threat model (AMD SEV, Intel TDX, etc.), but a lot of work also needs to be done on the VM guest SW stack to truly make this setup secure. This talk would present our efforts and methodology for hardening the mainline Linux kernel that can be used as a secure VM guest kernel. We will talk about the challenges we have faced, successful and failed approaches, as well as share some initial results. We also hope to start a discussion with the Linux community on how we all can work together to develop and integrate these hardening measures into the general practices for all involved components of the Linux guest SW stack.

avatar for Elena Reshetova

Elena Reshetova

Security architect, Intel
Elena Reshetova is a security architect and researcher at Intel working on various Linux security projects. Her current research interests evolve around Linux kernel hardening for the confidential cloud computing.

Wednesday September 29, 2021 9:50am - 10:35am PDT
Room 402 - Chiliwack
  Refereed Presentation
  • Talk Type Virtual
  • Presentation Slides Attached Yes

11:05am PDT

(VIRTUAL) Deep Dive into Landlock Internals - Mickaël Salaün, Microsoft
Landlock is the first Mandatory Access Control available to unprivileged processes on Linux. It is available since Linux 5.13, which enables all applications to sandbox themselves. Landlock development started 5 years ago, and multiple approaches were tried (e.g. extending seccomp, using eBPF) before picking the good one. This talk first explains the goal of Landlock and the related consequences. This will enable to explain the kernel implementation constraints, the choices that led to the current design, and the potential and limits of the current and future features. More information about Landlock can be found on the official website: https://landlock.io

avatar for Mickaël Salaün

Mickaël Salaün

Senior Software Engineer, Microsoft
Mickaël Salaün is a security researcher, software developer and open source enthusiast. He is mostly interested in Linux-based operating systems, especially from a security point of view. He has built security sandboxes before hacking into the kernel on a new LSM called Landlock... Read More →

Wednesday September 29, 2021 11:05am - 11:50am PDT
Room 402 - Chiliwack
  Refereed Presentation
  • Talk Type Virtual
  • Presentation Slides Attached Yes

11:50am PDT

(VIRTUAL) Hardware-Assisted Fine-Grained Control-Flow Integrity: Adding Lasers to Intel's CET/IBT - Joao Moreira, Intel
This talk presents FineIBT, a compiler-based enhancement that enables fine-grained forward-edge Control-Flow Integrity (CFI) policies on top of Intel's Control-flow Enforcement Technology (CET). By combining the new hardware features with compiler instrumentation, FineIBT anchors indirect control transfers to sanity checks, enabling policies more restrictive than those supported solely by CET and increasing its effectiveness against control-flow hijacking attacks. An evaluation through custom benchmarks shown that FineIBT provides similar security guarantees with less performance costs when compared to Clang CFI, retaining its penalty between 1% and 7% while the latter added overheads between 5% and 53%. Beyond that, FineIBT also has other perks, such as benefiting from the CET's hardening against transient execution attacks and not depending on Link-Time Optimizations. This talk will explore the FineIBT implementation recently sent to the kernel-hardening mailing list, then discuss specific scenarios, such as how it could be used in the Linux kernel, possible improvements and expected challenges. Technical reference: https://www.openwall.com/lists/kernel-hardening/2021/02/11/1

avatar for Joao Moreira

Joao Moreira

Offensive Security Researcher, Intel
Joao is an Offensive Security Researcher at Intel. His research interests are mostly focused in compiler-enabled features and analyses, but he will normally be down to chat about anything that involves binaries. Joao holds a PhD from the University of Campinas, where he worked on... Read More →

Wednesday September 29, 2021 11:50am - 12:35pm PDT
Room 402 - Chiliwack
  Refereed Presentation
  • Talk Type Virtual
  • Presentation Slides Attached Yes

2:45pm PDT

(VIRTUAL) Device Mapper Target Measurements for Remote Attestation using IMA - Tushar Sugandhi, Microsoft Corp & Alasdair G Kergon, Red Hat
For a given system, various external services/infrastructure tools interact with it (during setup and system run-time.) They share sensitive data/execute critical workload on that system. The external services may want to verify the current run-time state of the kernel subsystems before fully trusting the system with business-critical data/workload. Device mapper is one such subsystem that plays a critical role on a given system by providing various important functionalities to the block devices e.g. crypt, verity, integrity etc. The attributes chosen to configure these target types can significantly impact the security profile of the block device, and of the system itself. So, verifying the current state of various block devices and their target attributes is crucial for external services before fully trusting the system with business-critical data/workload. IMA provides the necessary functionality for device mapper to measure the state and configuration of various block devices. Our work includes using the IMA functionality to measure the device state and configuration changes and store those in IMA logs, so that it can be used by external services for managing the system.


Tushar Sugandhi

Senior Software Developer, Microsoft Corp
Tushar Sugandhi works as a Senior Software Development Engineer for Microsoft, and is located in Redmond WA. He has worked in areas Container Security, Hardware Based Isolation, System Integrity, Remote Attestation etc. Currently he is working in Linux Kernel Device Mapper space to... Read More →

Alasdair G Kergon

Member of the Kernel Storage Group at Red Hat., RedHat
Alasdair Kergon is a member of the kernel storage group at Red Hat. He is a maintainer of Device-Mapper framework provided by the Linux kernel for mapping physical block devices onto higher-level virtual block devices.

Wednesday September 29, 2021 2:45pm - 3:30pm PDT
Room 402 - Chiliwack

4:00pm PDT

(VIRTUAL) Kernel Self-Protection Project - Kees Cook, Google
This presentation will cover the last two years of the Kernel Self-Protection Project. The project continues to eliminate classes of bugs and block exploitation techniques in the kernel. First we'll review of all the security defenses that landed in kernels 5.3 through 5.13. Some highlights are improved heap sanity checking, better entropy, generic refcount_t, sane API size argument limits, array bounds checking, shadow call stack, control flow integrity, stack variable zeroing, and set_fs() removal. Then we'll take a quick look at the evolution of kernel CVE lifetimes, counts, and bug classes with a focus on buffer overflows over the last few years. Additionally, we'll have a summary of kernel testing as seen through the lens of kernelci.org. Finally, there will be an overview of what defenses are still under development, and a review of some areas where help is especially needed.

avatar for Kees Cook

Kees Cook

Kernel Security Engineer, Google
Kees Cook has been working with Free Software since 1994, has been a Debian Developer since 2007, and has been a member of the Linux Kernel Technical Advisory Board since 2019. He is currently employed as a Linux kernel security engineer by Google, focusing on upstream kernel security... Read More →

Wednesday September 29, 2021 4:00pm - 4:45pm PDT
Room 402 - Chiliwack

4:45pm PDT

(VIRTUAL) Securing TPM Secrets in the Datacenter - Paul Moore, Microsoft & Joy Latten, Cisco
This talk will focus on how existing technologies such as UEFI Secure Boot, the UEFI shim bootloader, and TPM2 can be combined to provide a secure secret storage such that only authorized OSes are able to access the secrets. Further, the approach described in this presentation has been designed to function across lights-out firmware, bootloader, and system updates, making this solution appealing for datacenter systems with limited physical access. Additional discussion points will include considerations for unrestricted developer systems and reprovisioning the TPM2 in deployed systems. The first half of this presentation will discuss the ideas behind the design of our solution, including why a different approach was necessary. The second half of this presentation will describe our experience implementing this design and the lessons we learned along the way.

avatar for Paul Moore

Paul Moore

Principal Software Engineer, Microsoft
Paul Moore has been involved in various Linux platform security efforts since 2004 at Hewlett-Packard, Red Hat, Cisco, and Microsoft. He currently maintains the SELinux, audit, and labeled networking subsystems in the Linux Kernel as well as the libseccomp userspace library.

Joy Latten

Software Engineer, Cisco
Member of the puzzleOS team at Cisco. Currently working on various security tasks for puzzleOS. Have worked on security projects in opensource for 18+ years.

Wednesday September 29, 2021 4:45pm - 5:30pm PDT
Thursday, September 30

9:05am PDT

(VIRTUAL) Subsystem Update: Linux Integrity Status Update - Mimi Zohar, IBM
The Integrity subsystem status update will provide an overview of the new features and other changes upstreamed the past two years, as well as discuss current and future development.


Mimi Zohar

Software Engineer, IBM
Mimi Zohar is a member of the Secure Systems Group at the IBM T.J. Watson Research Center. Her current interests are in the areas of system security and integrity, a natural progression from prior work in firewall design for perimeter security. She is the linux-integrity subsystem... Read More →

Thursday September 30, 2021 9:05am - 9:35am PDT
Room 402 - Chiliwack

9:35am PDT

(VIRTUAL) Patatt: End-to-end Patch Cryptographic Attestation for Patches - Konstantin Ryabitsev, The Linux Foundation
The kernel, along with several other important projects, continue to use fully decentralized means of collaboration that is based on sending patches and code reviews via email. Existing end-to-end email attestation mechanisms, such as PGP/MIME or S/MIME, have important drawbacks that limit their usefulness when it comes to attesting structured content like patches. Patatt is a small library that adopts the DKIM standard to introduce end-to-end cryptographic signing of patches. When incorporated into maintainer tools like b4, it allows for full end-to-end attestation of code, as well as public keyring management via the git repository itself.

avatar for Konstantin Ryabitsev

Konstantin Ryabitsev

Director, IT Projects, The Linux Foundation
Konstantin has been part of the IT management team behind kernel.org for the past 10 years. Part of his duties has been to help improve maintainer tooling and the end-to-end security of the development workflow behind the Linux kernel.

Thursday September 30, 2021 9:35am - 10:05am PDT
Room 402 - Chiliwack
  Short Topic
  • Talk Type Virtual
  • Presentation Slides Attached Yes

11:05am PDT

(VIRTUAL) Where do Security and Safety Meet? - Elana Copperman, Mobileye/Intel
System security and safety have common goals, yet often follow divergent development paths. We are taking a look at the Linux kernel configuration features, many of which were originally designed for security, which can be used to enable safety critical applications. In this talk, we will give an overview of our recent work researching existing kernel features important to enable safety critical applications. The kernel configurations are mapped onto Common Weakness Enumerations, but more significantly we demonstrate how they are specifically relevant to support basic safety features such as kernel memory or avoiding race conditions. The work is in the context of ELISA (https://elisa.tech), striving to promote the acceptance of Linux in industries such as avionics, medical devices, and automotive, for which safety is an essential requirement. Our goal is to discuss our work with the Linux kernel developers engaged in the Linux Self-Protection Project and others interested in this area.

avatar for Elana Copperman

Elana Copperman

System Architect, Mobileye
Elana Copperman, PhD is a System Software Architect at Mobileye (until recently, part of Intel). She provides support for designing safety features in Mobileye products, including system boot, drivers, and Linux infrastructure. Before working at Mobileye, she worked as a Security... Read More →

Thursday September 30, 2021 11:05am - 11:50am PDT
Room 402 - Chiliwack
  Refereed Presentation
  • Talk Type Virtual
  • Presentation Slides Attached Yes

2:00pm PDT

(VIRTUAL) /dev/random - A New Approach - Stephan Mueller, atsec information security GmbH
A new approach for providing a /dev/random implementation is publicly available with the LRNG implementation and sent to the Linux kernel community for review. This new implementation provides the following benefits: * Sole use of contemporary cryptographic algorithms for data processing * Significant performance gains in performance critical interrupt handler * Availability of test interfaces allowing all execution steps to be validated including extracting of raw noise for entropy assessments * Flexible configuration including runtime-replacement of cryptographic components for crypto-agility * Clean design of combining multiple entropy sources With its API and ABI compliant interfaces to the existing /dev/random implementation the LRNG can be used as a drop-in replacement. The presentation is intended to introduce the different aspects of the LRNG and explain how the LRNG integrates with the Linux kernel. The goal is to allow peer kernel developers to understand the LRNG. The presentation also provides suggestions on how the LRNG may be integrated into the mainline kernel.


Stephan Mueller

Consultant, atsec information security GmbH
Stephan Mueller works in the field of IT security for more than 20 years with atsec. The tasks mainly revolve around supporting vendors and developers to successfully perform various types of validations including FIPS 140-2. In addition, assessments of cryptographic implementations... Read More →

Thursday September 30, 2021 2:00pm - 2:45pm PDT
Room 402 - Chiliwack
  Refereed Presentation
  • Talk Type Virtual
  • Presentation Slides Attached Yes

2:45pm PDT

(VIRTUAL) Fuzzing Linux with Xen - Tamas K Lengyel, Intel
Last year we've successfully upstreamed a new feature to Xen that allows high-speed fuzzing of virtual machines (VMs) using VM-forking. Recently through collaboration with the Xen community external monitoring of VMs via Intel Processor Trace has also been upstreamed. Combined with the native Virtual Machine Introspection (VMI) capability Xen now provides a unique platform for fuzzing and binary analysis. To illustrate the power of the platform we'll present the details of a real-world fuzzing operation that targeted Linux kernel-modules from an attack-vector that has previously been hard to reach: memory exposed to devices via Direct Memory Access (DMA) for fast I/O. If the input the kernel reads from DMA-exposed memory is malformed or malicious - what could happen? So far we discovered: 9 NULL-pointer dereferences; 3 array index out-of-bound accesses; 2 infinite-loops in IRQ context and 2 instances of tricking the kernel into accessing user-memory but thinking it is kernel memory. The bugs have been in Linux for many years and were found in kernel modules used by millions of devices. All bugs are now fixed upstream. In this talk we'll show how we found these bugs.

avatar for Tamas K Lengyel

Tamas K Lengyel

Senior Security Researcher, Intel
Tamas works as Senior Security Researcher at Intel. He received his PhD in Computer Science from the University of Connecticut where he built hypervisor-based malware-analysis and collection tools. In his free time he is maintainer of the Xen Project Hypervisor's VMI subsystem, LibVMI... Read More →

Thursday September 30, 2021 2:45pm - 3:30pm PDT
Room 402 - Chiliwack

4:00pm PDT

(VIRTUAL) Abstracting TEE Silicon Implementations with Shims - Nathaniel McCallum & Harald Hoyer, Profian
Enarx provides a WebAssembly runtime across multiple TEE implementations, currently targeting Intel SGX and AMD SEV, with plans for others in the future (including from Arm and IBM). The various architectures presented by the silicon vendors are very diverse, and creating a design that allows implementations on the various platforms has presented a variety of challenges. In this talk, Nathaniel & Harald will concentrate on the shim layers below the WebAssembly runtime, and the approaches the project has taken to support Intel SGX and AMD SEV in particular. They will discuss design trade-offs and choice of language for implementation. They will also talk about pitfalls which presented themselves and what implementations on future silicon is likely to require, based on information already available in the public domain.

avatar for Nathaniel McCallum

Nathaniel McCallum

CTO, Profian
Nathaniel is CTO at Profian, a start-up in the Trusted Execution Space, based around Enarx (https://enarx.dev/), an open source project which is part of the Confidential Computing Consortium, a Linux Foundation project. By day, he tackles tough security problems. By night, he tackles... Read More →
avatar for Harald Hoyer

Harald Hoyer

Distinguished Software Engineer, Profian
- Creator of dracut (initramfs generator and runtime)- Contributor to udev and systemd in the early days- Merger of / and /usr- Fedora/Red Hat contributor for over 20 years

Thursday September 30, 2021 4:00pm - 4:45pm PDT
Room 402 - Chiliwack
Friday, October 1

9:05am PDT

(VIRTUAL) Mitigating Linux Kernel Memory Corruptions with ARM Memory Tagging - Andrey Konovalov, xairy.io
Memory Tagging Extension (MTE) is an ARM v8.5 feature that enables hardware-assisted validation of the correctness of memory accesses. In a nutshell, MTE allows assigning tags to memory allocations, as well as to pointers that refer to those allocations. When a pointer is accessed, the CPU performs a validity check that ensures that the memory tag matches the pointer tag. As of now, MTE is integrated into the Linux kernel. It is available in both mainline and the Android common kernels. This talk focuses on the way MTE is used to assert the validity of kernel memory accesses. The talk describes the current state of the newly added Hardware Tag-Based KASAN mode and its planned improvements.


Andrey Konovalov

Security Engineer, xairy.io
Andrey Konovalov is a security engineer focusing on the Linux kernel. Andrey is a contributor to several security-related Linux kernel subsystems and tools: KASAN — a bug detector and a security mitigation, KCOV — a coverage collection subsystem, and syzkaller — a production-grade... Read More →

Friday October 1, 2021 9:05am - 9:50am PDT
Room 402 - Chiliwack
  Refereed Presentation
  • Talk Type Virtual
  • Presentation Slides Attached Yes

9:50am PDT

(VIRTUAL) All the Things You Can Do with ARMv8 Virtualization - Janne Karhunen & Jani Hyvönen, Digital 14
ARMv8 is heavily under-utilized architecture when it comes to Linux. In this talk we will be showing how to tweak it to do AMD SEV/INTEL TDX like secure virtualization with the KVM and the plain MMU, how to protect the host and the guest Linux kernels via the hypervisor mode and how you can model your secure virtual hardware to run Linux or even Android. The talk covers the quirks of the real life ARMv8 implementations people carry in their pockets.


Janne Karhunen

Senior Principal Engineer, Digital 14
Janne Karhunen is a longtime Linux kernel and security engineer with background with various kernel subsystems, primarily focusing on the Linux security subsystem applications for the mobile use cases. Ever since the mobile ARMv8 chipsets properly started to support virtualization... Read More →

Jani Hyvönen

Principal Engineer, Digital 14
Jani is a longtime mobile chipset wizard, lately primarily focusing on the Qualcomm chipsets and their features, as well as development/debugging environments.

Friday October 1, 2021 9:50am - 10:35am PDT
Room 402 - Chiliwack

11:50am PDT

(VIRTUAL) Live Migration Architecture for Intel TDX-based Confidential VMs - Ravi Sahita & Jun Nakajima, Intel
Confidential computing establishes a new security model for data-in-use protection - a large volume of sensitive data is processed in public clouds, where the trusted computing base (TCB) is large including hypervisors, host operating system, operators, orchestration software, devices (with firmware), and BIOS/SMM. Intel TDX (Trust Domain Extensions) provides capabilities to limit the TCB for VM workloads, with the goal to removing the host software from the TCB (by running the VM as a TD VM). At the same time, cloud and enterprise operators require capabilities such as live migration of VM workloads to support reliability and availability of the infrastructure. This talk describes the Intel TDX architecture to enable live migration of TD VMs running confidential workloads. The proposed architecture provides live-migration while maintaining the baseline functionality and security requirements of Intel TDX. The talk will describe the expanded threat model, and the platform capabilities to address these potential new threats, followed by a summary of the modifications to KVM/QEMU and implications to the TD VM owners when opting-in to live migration of TD VMs.

avatar for Ravi Sahita

Ravi Sahita

Security Architect (Sr. PE), Intel
Ravi Sahita is a Senior Principal Engineer at Intel in the Data Platforms Group. He has 20 years of experience in computer security, hardware virtualization, systems and platform software, CPU ISA and applying machine learning for security. His current focus is on architecture development... Read More →
avatar for Jun Nakajima

Jun Nakajima

Sr. Principal Engineer, Intel Corporation
Jun Nakajima is a Senior Principal Engineer at the Intel Open Source Technology Center, leading virtualization and security for open source projects. Jun presented a number of times at technical conferences, including LSS, KVM Forum, Xen Summit, LinuxCon, OpenStack Summit, and USENIX... Read More →

Friday October 1, 2021 11:50am - 12:35pm PDT
Room 402 - Chiliwack

2:00pm PDT

(VIRTUAL) CVEHound: Audit Kernel Sources for Missing CVE Fixes - Denis Efremov, Oracle
CVEHound is a tool for checking Linux kernel sources for missing CVE fixes. Usual ways to track CVE fixes are vendor security announcements and a git history of a particular kernel tree. However, many vendors provide sources as tarballs without development history and don't publish enough information about security fixes. Hence, it's not possible to check these releases automatically without manually inspecting sources. CVEHound takes into account only C source code during work. Internally, the tool uses semantic patches (coccinelle patterns) to find missing backports of CVE fixes. This allows the tool to be agnostic from the kernel version and detect a missing fix in a half-open interval starting from the first commit where a bug was introduced and ending with the fix/backport patch. Since the tool uses a source-based approach this allows also to detect partial/broken/missing backports of security fixes. The talk is a tool presentation with a corresponding approach that can be interesting to kernel developers for maintaining kernel trees, certification labs for compliance checking, system administrators, and penetration testers for security audits.


Denis Efremov

Developer, Oracle
Worked for 10 years at ISP RAS (Institute for System Programming Russian Academy of Science) as researcher/formal verification engineer. Recently joined Ksplice team at Oracle as a kernel developer.

Friday October 1, 2021 2:00pm - 2:30pm PDT
Room 402 - Chiliwack
  • Timezone
  • Filter By Date Linux Security Summit 2021 Sep 29 -Oct 1, 2021
  • Filter By Venue Seattle, WA, USA
  • Filter By Type
  • Breaks & Networking
  • General Sessions
  • Refereed Presentation
  • Short Topic
  • Talk Type
  • Presentation Slides Attached

Filter sessions
Apply filters to sessions.