The Sched app allows you to build your schedule but is not a substitute for your event registration. In addition, you must be registered for Linux Security Summit to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

This schedule is automatically displayed in Pacific Daylight Time (PDT), UTC-7. Please select from the drop-down menu to the right to see the schedule in your preferred timezone above "Filter by Date."

Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

Short Topic [clear filter]
Thursday, September 30

9:05am PDT

(VIRTUAL) Subsystem Update: Linux Integrity Status Update - Mimi Zohar, IBM
The Integrity subsystem status update will provide an overview of the new features and other changes upstreamed the past two years, as well as discuss current and future development.


Mimi Zohar

Software Engineer, IBM
Mimi Zohar is a member of the Secure Systems Group at the IBM T.J. Watson Research Center. Her current interests are in the areas of system security and integrity, a natural progression from prior work in firewall design for perimeter security. She is the linux-integrity subsystem... Read More →

Thursday September 30, 2021 9:05am - 9:35am PDT
Room 402 - Chiliwack

9:35am PDT

(VIRTUAL) Patatt: End-to-end Patch Cryptographic Attestation for Patches - Konstantin Ryabitsev, The Linux Foundation
The kernel, along with several other important projects, continue to use fully decentralized means of collaboration that is based on sending patches and code reviews via email. Existing end-to-end email attestation mechanisms, such as PGP/MIME or S/MIME, have important drawbacks that limit their usefulness when it comes to attesting structured content like patches. Patatt is a small library that adopts the DKIM standard to introduce end-to-end cryptographic signing of patches. When incorporated into maintainer tools like b4, it allows for full end-to-end attestation of code, as well as public keyring management via the git repository itself.

avatar for Konstantin Ryabitsev

Konstantin Ryabitsev

Director, IT Projects, The Linux Foundation
Konstantin has been part of the IT management team behind kernel.org for the past 10 years. Part of his duties has been to help improve maintainer tooling and the end-to-end security of the development workflow behind the Linux kernel.

Thursday September 30, 2021 9:35am - 10:05am PDT
Room 402 - Chiliwack
  Short Topic
  • Talk Type Virtual
  • Presentation Slides Attached Yes

10:05am PDT

(IN PERSON) The Future of Code Integrity Enforcement: Extending IMA - Fan Wu, Microsoft
Last year an LSM called IPE was proposed. It has a similar purpose to IMA appraisal – to provide system-wide Code Integrity policy enforcement on executables. Fan is attempting to extend IMA to cover the IPE use cases to bridge the two systems. In this talk, Fan will present the current progress of the extension of IMA, along with some difficulties due to its original architecture limitation that was discovered during the implementation process, then offer some potential solutions.


Fan Wu

Software Engineer, Microsoft
Fan Wu is a software engineer at Microsoft, his current focus is operating system security.

Thursday September 30, 2021 10:05am - 10:35am PDT
Room 402 - Chiliwack
Friday, October 1

2:00pm PDT

(VIRTUAL) CVEHound: Audit Kernel Sources for Missing CVE Fixes - Denis Efremov, Oracle
CVEHound is a tool for checking Linux kernel sources for missing CVE fixes. Usual ways to track CVE fixes are vendor security announcements and a git history of a particular kernel tree. However, many vendors provide sources as tarballs without development history and don't publish enough information about security fixes. Hence, it's not possible to check these releases automatically without manually inspecting sources. CVEHound takes into account only C source code during work. Internally, the tool uses semantic patches (coccinelle patterns) to find missing backports of CVE fixes. This allows the tool to be agnostic from the kernel version and detect a missing fix in a half-open interval starting from the first commit where a bug was introduced and ending with the fix/backport patch. Since the tool uses a source-based approach this allows also to detect partial/broken/missing backports of security fixes. The talk is a tool presentation with a corresponding approach that can be interesting to kernel developers for maintaining kernel trees, certification labs for compliance checking, system administrators, and penetration testers for security audits.


Denis Efremov

Developer, Oracle
Worked for 10 years at ISP RAS (Institute for System Programming Russian Academy of Science) as researcher/formal verification engineer. Recently joined Ksplice team at Oracle as a kernel developer.

Friday October 1, 2021 2:00pm - 2:30pm PDT
Room 402 - Chiliwack

2:30pm PDT

(IN PERSON) Analysing and Improving the Security Properties of Secret Memory - James Bottomley & Mike Rappoport, IBM
Various patches are advancing through the kernel to designate regions of memory as hidden or secret. The current implementation mechanism for almost all of them is to remove them from the direct map of the kernel, meaning that it becomes impossible to refer to the memory from within the kernel without finding a way to map it and if an address in secret memory is ever accessed by the kernel or from another user space process, a page fault will result. The enhanced security for secret memory comes from the fact that most of the attempts to exfiltrate secrets mostly rely either on rop gadgets or privilege escalation. Since root cannot gain access to the secret from userspace because of the lack of direct map entry, the only viable exfiltration mechanism is via rop. Since there are no easy gadgets available to map a kernel address, it involves constructing a complex rop chain, making the exfiltration significantly harder (although not impossible). What we'd like to discuss in this session is how we could improve the security posture of secret memory and what its use cases might be (we've already put together a preloader that allocates openssl private keys in secret memory).

We'll be using the Plumbers BBB infrastructure. You can try it out here
  • We've disabled the authentication, so just type your name to join
  • We'll be using the plumbers protocols, so unmute video to interact
  • It will all be streamed over the AccelEvents platform, so if you only want to ask questions over chat, you don't need to use BBB

avatar for James Bottomley

James Bottomley

James Bottomley is a Distinguished Engineer at IBM Research where he works on Cloud and Container technology. He is also Linux Kernel maintainer of the SCSI subsystem. He has been a Director on the BoardJames Bottomley is a Distinguished Engineer at IBM Research where he works on... Read More →

Mike Rapoport

Developer, IBM
Mike has lots of programming experience in different areas ranging from medical equipment to visual simulation, but most of all he likes hacking on Linux kernel and low level stuff. Throughout his career Mike promoted use of free and open source software and made quite a few contributions... Read More →

Friday October 1, 2021 2:30pm - 3:00pm PDT
Room 402 - Chiliwack
  • Timezone
  • Filter By Date Linux Security Summit 2021 Sep 29 -Oct 1, 2021
  • Filter By Venue Seattle, WA, USA
  • Filter By Type
  • Breaks & Networking
  • General Sessions
  • Refereed Presentation
  • Short Topic
  • Talk Type
  • Presentation Slides Attached

Filter sessions
Apply filters to sessions.