Merken

What's up in the land of the Linux kernel security?

Zitierlink des Filmsegments
Embed Code

Automatisierte Medienanalyse

Beta
Erkannte Entitäten
Sprachtranskript
that's the common welcome everybody to the 1st afternoon talk on the 2nd and last day of frost control it's really much better to introduce a lot shall attack on um she is from india works for oracle and also as a hand in the Linux kernel sociable to that's something in what's up in the land of Linux kernel security just give a bit became the at
the thank you for the introduction my used so I emotionally took that out and I look at linux-kernel and
you know that article in the corner security engineering and I am also associated with these schools and of course as a whole and in the end has also of winding down of ODT so if you have any questions
about this program you can meet me in the heart of a afterwards so let's just start with lot the stock is about
so the basic idea behind giving the stock is still will haven't all view of how Linux gonna security has changed to where the signed with the advancement of the technology from the unique stock security stuff to where the heaviest at the point and what are the future challenges me how all the and how we can all and this the soul some of the lead in
the history of our notes as an was sold limits is equally as we all know all the owner of the Unix operating system and it was written in early nineties so the cost of getting model of the UNIX was understood this stationary existentially knocked system and salt musically
what the unique stock security model is the heart of his own when and not allow students to access to objects based on the identity of subjects so 1 example that is our use handle they wanted a new file and then they know that they can decide the who has scanned read or write to those files and in this policy is basically implemented as of but we should be at which are attached onto the 5 final system I and the me to set might be 1 of the 5 so they don't use it it's sad band but motion for accessing the defined like reading or guiding the process is a finite set of mainly set separately for the moment and this can be done for the on and off those flies part of the wealthy people are even our anyway so unique are also allows the 1 of an object o to save the security policies have these also our concept of possibly user which means that an entity which bypasses this unique steps policy so busy daily learning the program because uh as a supplier that means that you have every right who the system so there is a 0 probably had nothing which can stop it to access the critical information in the system itself it and
this leads us to the problems which would be had the this kind of system so the over the unique stack was implemented in a wide continues Ricci and the other people and the let's the basic idea wasn't over a wide of kind of security guard to still have our penally of the prediction and it also doesn't protect us with the floor that the my is called because of this so but whose identities and as this the user as a simple user 1 can have all kind of access is it also widens the normal users policies and 1 also cannot express kind of modern security requirements of beach this kind of model in the 0 after this technological advancement in the same area so also users can
involve the system so this is my reading the food would use it as an elective at the center you ladies and it's music and I it's minus so there is a part of its but on how I would have no way out of to be but on the other like having so all this are some of the problems which we had a unique stock system and that's how the features a security features are added into the units so all of the initially and
then people started about a started thinking about the security in the Linux operating system when the users of the Linux operating system going on the basic idea was just to accent the with minimum things from this 0 unique stock features and then these things were changed soul some of these and some of the features which when added initially I just the extensions of the units that we just
so say and foster the boss expects existentialists red and data into the economy so the British can Bozic system that allows us to all have 2 classes of users of for example the single-user and then that little for user and then be of every event and then we can have about nations like could read and write and also can decide whom they want below what kind of user can have a what kind of of the rights for example if I use a 120 side dataset and then diffuses can and have it I axis of the axis is and the right so that can be also added as a security that can be added or with that and that's how you follow manuscript was success and release so these are the kind of entity me to wear of each in uploading to the understanding of the final that so what is the 1 who is always the use of itself and can have at it right and item it's access rights named user is the 1 that the user and the name and then the item that's so you can have the exercise with that also and the of the EC as sees the list of the end is that and the permissions of each file system object can have all of the is percentages and these things are access control lists are managed to buy the site and Edificio up our minds in the Linux kernel itself then people
seeks out there but it is metadata
and so it was added as an solution of all problem because of the use of so that all those this tries all do uppity released operation to up as being system objects whether the all users have up in the shape of the fact is that after processing all for example a process that tries to set up the block and the Linux than and we check if the process has to be 0 since cystine the center with that and then only in all axes 0 at is the not so it means that when an application requires a limited time the privileges of age that they will not have the all kind of religious and this restricts then do hope off on the and and indeed all actions so that also all process as 3 sites of commitments scholar at all i inherited was but did and effective capabilities so each committee is all in the united as a meat and up according to this makes the by nations on the final with that after
that means this is already it's so namespaces landed and from the line the online operating system only 2 of our research project an extension of the UNIX research project with that and the partitioning the shop it's also our anything seen by the process so how it helps ease each process can be launched with its own private entity directory and in image of the processes and reach whilst seamlessly with our existing application quote to communicate the end got lots of security threats which are aware that so it's not this security feature as well but it had implementing the kind of security features which can be needed it all have you'll still have undermined even up the might deliver security ratified Sally by the security classifications I and what initially and that and from the user
but because of the inherent so about the API is basically an implementation of the medical that of the the algorithms on that and it's used by many gonna subsystems including the commonly a lot of so basically the only that was has function phonemic it hasn't been profitable to them sigh you store that and the management subsystem it's at the management subsystem for managing the that the is leaving the gun
so we mainly because the graphic API is used by the IP SEKT board and it is an option schemes and the gunman module signature that verification schemes that is also all all some of the kind of welcome and for supporting the hybrid maize cryptographic features it
and after that would be how our security so Linux is a have a gap malignant security stay for supporting the many of features and it can be used more so that's so that enable security model can then be used as an endpoint nodes on on any local on as out of passing the traffic between the interfaces so that it in living modules can be hooked into the fan out to examine how and how we can have examined the packets and how we can and the security features and that we was so over the next 3 that project is and there might be need to appear from what we rituals this packets into the rituals impact estimates passes into and to and from the system and also on the table I the model is the money you the on beach and demands and I see the before plaid scheme managed to ideas of is eliminated in this and it it was used before for data provided forgetting at the link BER there's also all
optimize these fertilize the
fitting I the IP packets and piece that is of an interpreter posts so to reach but indicates an entity it's the packets of data outside the within a and it can also be used to implement the VBEM ends and to the point security ch
show this led to some of the things we to at the and independently right now becomes the part of an internet security modules so the issues of the 2 add that is because of the that systems of giving a privileges to the user back of at some extent also the tool some 0 0 come on with its own limitations we need to have our system like mad money that existential system which also can give overeat reach that under that were then at a certain kind of all stole 0 have the controlled always giving advice to the user are the norm of the user most so Linux Security Module will use of implementable tight on security critical points in the gun and do MAP security force from the dock and the security policy tools and administered centrally and users do not administer administer policy for a bit also the is so this has some to Dean of patents which explored the user leaves the user live often about and the misconfiguration so at this time and EPA also allows a different physical demand is to be that in the Bunun so typically are friend box all use adaptive and book and understanding the API and then can have quality by next from those holes and it was was misleading 0 designed to provide the specific needs of everything needed to successfully implement of max system in the next so
the ban on different kind of
so anything and of impunity invariance than at the moment and the fast which wasn't it was our acts as the units so Acedan'ski is basically an implementation of the Save finding demanded that access control systems the to make the will save by a danger to security requirements which would lead to an independent that time and like from Argentina was you'll store the military and the government policies as a Linux can was to 0 to minus the classical information so
as it gets all in essence all objects on the system I assigned as a circuit was and this again a daily aligned information between entities in the system are the whole divided them and pass to the limit as a Linux module which then solves its own security policy to the to mind whether the operation would should continue or not while still on the security policy is loaded from users land and it's going to modify all also and as a units at the moment is implemented in all the Fred Ott is operating system and to also address security model uses as Linux lead to some of the extensions from the site smack
so the idea behind the authors of of us smack was tools have a simple form of Mac security and do In response to the complexity each are provided by their so units so it about basically lots based with the file systems we supports extended attributes and it's a part of dies secure adapted to the moment all soul it has gained some popularity memeticist and stuff and I think I 1 of the ITU-T system the operating system like in that is also not using smack for at all it's so
fundamentally different scheme tool accidents and x max because it has no kinetic energy limiting the and security policy is 0 are applied to the box means it is out of at the moment it is a shift made all but the level whistles a handle Music elite analysis it allows a system administrator was to restrict the program's capabilities and it also features a learning more we had the security of it about the application is of solid and then might ligated automatically handles could provide and dome
oil is our in another Mac system which implements the is the security you do it uses the it utilizes the learning more is similar to that 1 where the behavior of the system is obs out when in the security policy and it also across the degrees of growth process in location described as a domains so let's say we have our system and the system modes of from in it as CDs of all the tasks that involved with their and this should lead us to log into I use of and down on a shell and ultimately stiffening and someone without seeing the thing so this by the chain of tasks is liquidated and as a value domain for the execution of the application and but in locations which have not been on recorded on just the nite so that is real and that and then the locations which are not aware that that can be given the also all of them the prediction is an embedded octal my all over the next restricts the process over to the behaviors and the resources allowed by the administrator it is more for the end users find them as of Nov that has not been any the by implication on maybe like up shared by the adoption of the dome only will in the industries Yamaha it's a
collection of feedback security enhancement from the projects like it's just again at the end of 8 and hence the restrictions on it has an enhanced restrictions on the 3 assignment any amount it was just bad at the bank tool had kind of city out there was as yet Jessica the high the patterns or that and it was just so added as a batch and I team that there has been much improvement in the morning after the on load being is alfentanil only Alison handed in I guess 4 . 8 does what when I and eat ensures that article and loaded files is are loaded from the a city right so saying embedded in the on policy need only eat to so it allows the systems that have already fired and and on unchanging with 5 system tool and force the money was was taken and models of the form that learning modules do restrictions without needing to all signed the individual fights on on each subsystem so it also was designed with the goal and certification requirements but was later adopted by many on security models on that and other security components that also using it now I it off any jobs are on it allows I usually of a useful tool to track the other security-related information on the systems behavior and do to detect had the to dead dead so what kind of stuff that going on in that things went wrong so
then we have our set and sold it to walls was added as an a them beach illustrates the access to the system because on my process is so the development of the system called API is that it survive so it opens the wider therefore for the by EDF would be at x well and like any of the system we also have evolved in the 0 the city of system God the eyes so the the relation nature of the also can also allow the loves laughs system quality and so do the news that itself of the government by the up the applications from and then the system cause speech not mediate of again has to always goes all those that it's wrong went off the remaining software solution using the 2nd can be I've got so so about using is set from what I can do it as a primary features and if it has no subcommands aware that which can be implemented always in a 2nd order of was also known as all order when the 2 provided access to only for system cause we just the basic for system caused by right exit and signal done and then there was an
extension of the sec of are then by basically affordable there's a book but on project its effect on the media and it's undoubtedly specification off of each system calls on by making fun of processes and integration with the so also it's so the integration policy of the set of media is implemented the but the fact that 2 of the rules so Beecher had the US say extending some kind of security was all of which are provided by the 2nd and
then we have our and integrating management subsystem so it's used to maintain the integrity of files it off the system and the in degree demand a means of magnetic actually component i you me all forms of knowledge and time the news defies using the cryptographic hashes and compare them with a very high seas or that are all still arm is the main of formed by idea maybe maybe loving the on system and it also can be used as part of the malt attached station are still idea embedded in modules so it's intended to we use as a part of the body of very fine would process and do very inappropriate to be oxidized scholar beings of device on time and then our tested partition containing the of the London argue with its to be not only the we loaded it that so it's visibility was map a target which manages file integrity and the block but after
that in this many this
subsystem seperately say 0 on the top of the gun some of the models which went inside the and is the way of security sufficient and divide not sufficient because uh then the status of Linux meaning an operating system of us that of a style in 0 being operating system or moment operating system now even I realize is are using it and when the operating system has this operating system has become a part of logic of life that is also it has also increased the chances of that excellent sold the gold so in the last 3 years of Google's Android security but Blondie program has shown the kind of like that each can be done at the Connelly was easy and the gonads should be able to protect its size so this leads us to all think about the possible solutions for that so 1 of the possible solutions can be how in the sense of more research on this area and there have been 2 was reached the beach can find among many that there so as to stop about some of the was and then by even do was odd not be say all of acceleration or the so of and the moment in the corner that a wide arrange of acidic and then an analysis tool with which I've used and for those scenes in last any of the other research projects have on the university students are the BA 2 d and so b but how strong the interest in of find in doing them on the results on the bike the about classes is it's all but it's only useful but it's actually a little bit that the ones that actually did that and it would be dead the above regularly we need good and that was regularly sold and you can also automate the system on you can have our media poisons in Inglewood to adjustment the Buddha with it but not that's not the solution what you so it has also it has limitations of the urban we don't want acidic analysis with we also have a limitations of the false positives and the this also needs to be documented and because the band about maybe of also will has stemmed undergo enormous that know what kind of voice was if you are given thought but this might it's news is not probably a person who is just new to the Poland and Estonia to where the poor may not know that all of the this case has this kind of what was it is given by the but that so it's somehow hard to also 0 get the and said loves and probably it can end up all having the he also with that so some of the political
we judge by using the only non-standard moment of so fast is a sparse reach was written by in-store lots and and then was are maintained by Josh as it relies on a set of annotations designed to open with the semantic information about the types of so initially it also had it was has been to all the dead and the in gender-related loves lot there then it also extant of the features that I was extended to all you of warnings about unsupported operations on the type mismatches with the restriction of district integer types it also wants about any non gradient with all the function definition that has no declaration and then I say more than 6 thousand act as a mediator of speech then of the red above the detected using sparse our
estimates so as to which is only done by going up and up and it gives you all the kind of issue but at the back as that issues which I like not point if their friends at a point that the definitions and the uninitialized on a something that information it's but it also all have our higher chances are of of false-positives say party before 40 per cent so it's not a bit on so that it it's the pool of had the automated system the police itself is not in the Linux like it is widely used by the men and some other there was of time to times do sort of the the debt issues also named eyes to all and stores all always be 0 new practice the decimated into the next 1 and it also this is due today in the sting mode in the next guy and the idea of it is not what is say of giving me the that over it is so that it once reducing upward does is the demand and page is emitted into the over the linux-kernel subsystem emitting is it makes the patch that aware that both from that and it runs it on that when the up to 25 other architectures and then use the MIT system matters and that estimates the other is that it would be of some get off of that so all made these it also look at it also done some of the state's major odds of sinister saw the estimates scripts which has stalled knew this above all video boards this month that deal with that of before its mean added into the mainland gone so what of the store is added user measure addition but not on this gives us so this cancel each had 2 more sense is still have to be a false positives I'm not before a pool of and into the serious and what by some of the scripts which has CAT highly well off of best 0 from the author of the study and the that was based on the results given by this then be added into the into the system if a soapbox is also all other out the dimension and transformation built and there are few students which our quality and in in the bond itself and like methods iterate this and I would also than some of these groups separately on it has it's also it's not it's not only in the backs it up but it doesn't exist about so this can it can be can be uh the new itself have a language for the Semantic accident rates and over how we that this group is in that need fast form so you can remove the line you and you can add the lines based on the big enough about so many lenders grants and you not only so do simple did the state not only used to the warnings but it also just fixes the board might so but this is also 1 of the and 1 because of this tool horrendous few security issues lie on a pointed reference and the use of sleeping functions and the the use of Tiffany of fuel the locking related wealth like that will also on the missing all for all and all I think there are
of another of ideas do is
obviously the compiler of by the and uses the also have some advancements in SLA last will create wasn't and there are many others seek new security warning security related 1 means higher added so on Jesus the also this is it that means had the handling the specific kind of model when you don't want Bled accord ing door would become quite it's so say you have about chaos and you want all solve the budget below that of love then you can all use the decency that API and I planning and then it can be that the of was aware that based on the open ended and so as a phenomenon hypothesis it that means added into the on and do so basically the fast not out of them I think it is related to the money taught me to say be how also cyclomatic complexity which had sealed tool just up and the age of having a into off of detecting some kind of security issues but it's not the kind of origins of the bending we just use it isn't about 2 but tool and understanding and of what classes but then not so that it is all patterns like that and in structure was layout and the combined time on me late detecting any structures that contain a user-item notes and make sure that it is mean fully initialized there is also all structurally but then it is I'm not letting the general here and we have all of this learning of bad actually initiate an on maybe as a part of was as a part of GIS security handle that of the I mean by and see if we can do but articles I to be funded by the CIA at that time also
we have a lot of the army that tool of values to 0 for all the 1st thing that's gonna so to Latinity was never adopted by the new Johns and it has to be the main leaving of books or dead dead and many see the ease of as although we can see as of all that these of type of this kind of things where books red tho and so so entity demand that we must that all it was not based on that boat some of this in the mean right hand tools domain of things more reliant on and it is it it doesn't it actually looking the mother and memory leaks at a job Our Cisco states that adopted instantly so light feel fully a little and it's developed by Dmitri and that the magical there are it also has severely souls and memory information links are there is also on least on the project wiki that what kind of cities are handled by the also that we are detected by the tools and they also had seen handling the need and there are some advancement in the American alone which was our initially each of which was a successful product and the user labels and in the last year in the last we are as there is a proof that it can be used it can be used to successfully at the globally 1 as well and also that Edison it does entered it senators those exit to all had the by the kind of models it's like that is is that
men then game is fixing bugs sufficient because if
took me we need to fix the bottom of the need to fix the individual bounce back and I don't think had there is of something like a secure and security was uh because because the court is changing and every day that behind this online coming into the kernel itself also it's important that man and individual log is thinks that is not fixed into the latest O'Connor so it's also important to understand that these things should be uh book should be added in the statement on and the device manufacturers are adding on maybe up making that also Bordeaux and that also is that it is that it at all I been going the other updates when the user's itself on and that's a so you'll have all more likely to help my sisters also many Wiseman effective 5 years ago and there are many security thing about a meter the beach on the 2 and then the time then the minute was affected it added that kind of went there and when you get here they each day the neon thumbs to you after the money and what we'll and then it gives the economy because they only know that his mother fixed in this Monday is fixed into the new planet but it's not fixed in your all formants system so it's also important that the now when we had I sold with the model and the thing is that when you change it after the fire was 6 by the memory and I this phase and say we have all DoD lock system the system and an old man I'm going to change it for maybe we are inevitable so maybe they're going to do that but what about the nonlinear is that the edges but using the scientist fixed in that system and it was still lower than that for any was and the maybe also knows that what kind of things are used in the in that system but the user itself that so or fixing is not sufficient as of now and we need a system that are gonna should be in my little hybrid itself the security itself so this leads us to the next project which is currently going on in the scanner and it's a scholars have prediction runtime DOE so the music I
know behind the guidance that prediction project was all
half of to the bed on a simulated but itself and won't have a normal life times well it the as of now we're gonna pull this off in this project is to upstream DGS security and box features and who also here the whatever the Balkans tho is going on we are trying to kill the not classes and not the individual loves so are you can also see what is called gaze folks blog and he has actually been the united the of know what each of the in the London so what kind of features from the Gunners had prediction brought project that in a way that can be seen seen
and he yes in the conclusion of the have gone far from the unique security unit that security do all corners of prediction project maybe but these always a school off the sides because that's not what they asked me deadlines ment of the technologies the advancement of the but guess is that in this as and over security it has been said in this conference many times but maybe we can say about it 1 more time that cigarette is not on that of Mars by where's my right may be unnecessary so far and I'd like to see our more divided by economy was as I as I said that many which can be how RPG is say 10 pages for the in the foster months with the easily each other then we handed and they can have the next feature the that's gonna soul yes and then on this off-season
each and you can just check the guy in
the separate projects I also have the slides on beach of might not reach IQ on the beach has the honor was of the introduction of that was and how those 2 is results and white of the story is of particularly use would widen stand up but classes so you can just go for that and yes Linux Security Summit videos I would do and fj so all a not them questions please on this question might be a bit more complicated we propose of walk around and hand over the microphone the so questions a
customer or the first one and traffic and you mentioned that you simply the juicy plucking to randomize the layout of structures and so on the ticket doesn't know the layout of memory um how is that applied because you can imagine that you cannot reasonably randomized all structures in the call in a two-pass structures to use space of some structures represent covered out you have to text such to be randomized or how does that work but they do you have to attack each individual structure so that the plucking minimizes or how does the compiler know which structure it can safely randomized in which must be kept as is for example because of his party's a space the I mentioned which so easily you asking that of of how fix the bundle of certain that use them I I guess that it is not safe to randomized all structures using the current so that some of structures must be kept in the mobile for how this like you know which structures can be randomized which cannot do they get text is is there a label on them how does that work the dead of that make more and we have more kernel experts here than would have ever mentioned scraped or mostly for both of us look into the job security pension so almost the same idea I think hopefully it this way so is it's by keywords micromechanics custom nothing useful in the blood and the presence OK yes it hit the emits the inside of the tool right that you mentioned so yeah so thank you all your OK and almost all of that yes show main office and send it to the to the developers so that knows about much conference so interference which are or yes sir from OK moreover since the OK this is not so yes sure sure from from just going and I think many problems so security related problems partly influenced by g of security in the result of the memory model the called this using this means you know from a critical some seems like Michael Crowley sorted from the local sort of like and I think the main idea behind them is having given and called space separate 1st this is social address spaces separating chromosomes or isolating alluding to correct to torment isolated from some of their device drivers from each of all from the file system cold and so on and I think you're there was a variable to the discussion between mental Tannenbaum and other people's or evolved also use some new questions but do you know of any idea soft often using some of those concepts in the no not at the moment in but it is not based well the of God yes of them all the you think of them and that's not an extreme that I would guess this would the boiled down to something like then boxing in the kernel space right so I mean 1st only and at a space and then also execution but uh but um it's this is something like that and use a member or in other words on the and also with boxing and you would get and you would you would then transform this and in the what's about some performance of issues that you know for all the yes I think that it is if we need to add advancing any anything other than the article and show that nothing should think of it I on the system as a test in my opinion the performance problems due to the force them you can be chosen little testing for from of for finding problems and some plugins currents will a performance is more important and security you can disable it and if you have reverted various security-aware systems that performance does not know of much will they work for Hatcher across that's what a judge us of just an idea or so if you look you future yet and that's the idea of of woman should not be compromised on the lot of sodium out of function the manual Wunderlich Securities so and that's how it took the time for the people Plato get boxes yes security stuff and do you know they use with the idea that the security is important and it should be in the mean time at 7 the the well not question for the common good the issue the address space separation fails when you get to DMA then and that the common case the the 0 yeah so you would need to have really separated the trespass for direct-memory-access sure which is performed a wall of windows of power in you well the problem is interesting but a partial apart solution could be for example the image typically was device for a forcible of drugs only and your head over like to recommend books about you rich your just handing over the access rights to some pages and to other parts of the Conference for example between the driver and the file systems some appropriate places of course and its complement complicated system and it's only it's no really good solution but it called help in determining some of the problems of living some of now the question whether the
so and the question and more on on the from the uh fights severity something acceptable mold for the call and the are there any checks on this from the fires especially or other just provided by the but the Vandal of the hot room next alignment behind as I've so um so the only thing which I 0 here it so I think at some point indicating maximum system highlights all that much I don't think the of the 2 implementation I'd say out of for all kind of text of good yeah what are you distrusting uses Leo distrust of over and the process of land if you do then you should buy that the processor anyway because if the processor itself has some hidden features you don't know about you have no chance relative for promote doesn't matter if there is any hidden functionality you don't know undocumented noted for for example can um for some of the things this regression moves bypass the supervisor is only 1 bits in the process of doing well on your working when 0 or not if this is compromised somewhere in here off anyway you know sister she called what for example last autumn it's a crawl book which lives through you can write to any arbitrary page any arbitrary given its right protection from Oakland to you to this kind of parts so generic and to so this of practices is really important problem and has to be sourced from whole but it's not possible to stop trusting God wants us the and there are some books of this in this area known about which have been fixed in the past and unknown but of course this so next problem but if you really want to have security than use your Commodore 64 given us the best so these as 1400 the transistor also and you can take them all by hand and the and so but I think there will be a lot of discussion after this talk as well there was a question of what they think we get a special interest group in kernel security you're just going up and so hello and thanks for your talk on all the time people here think about desktop systems and services mainly but during the last years we're talking about or senior many embedded systems without any control and for networks be delivered with the state state of kernel and distribution and then changed for being in an unsafe environment and completely work of an update with the different features just imagine a Sony's is watching you from the from over the next update is treaty life to Facebook with a can of smart TV that you that shown yourself it's it's embedded systems that you don't have control over you have to trust the the manufacturer and you don't have any instance of control about changing the routines and the functionality of imagine you set received yeah it has 1 of the 2 but connect to you network your DAQ radio the smartphone every update you have to trust and you don't have the occasion processes for the kernel and for the 1st safe state when you bought it and everything which is coming off at which you hopefully have security issues fixed in there but also negative surprise and I don't see any systematic protection against those so dangerous thank you from the use of a question but more of a concern so there is this is same in Czech OK sure yeah but uh stem to me from Amsterdam promote this is on ahead and this is when when somebody puts in something malicious and um yes and and put some some spyware on source devices for instance or other to have yeah sure sure detect but this time from here so this do you see any any possibilities to to tuned rectify this problem on the kernel level so are the concept of I'm not aware of it should be in the city of I mean it is the objective the point now now that uses the In the 1st year and just year of and on of the task and she over her but I think of all studies In this work it some the former truth so please go ahead if you have some comments that yes so I mean uh no as of May 9 community you can't was pretty right as to just how things but as a users who so it's so maybe because you are the 1 who who are using those products and probably yes companies showed that thing this thing by the and that's how the governance and prediction is looking on as well because the band if you have these features like boat would that radical in itself is a way to all maybe operative and attacked and then the possibility of of the of x can be reduced it so yes no questions and discussion still to do but we're running out of time that the things you'd cosmic city with so thank you very much and things you come and along with interim Afghan tank
Kernel <Informatik>
Open Source
Freeware
Bit
Computersicherheit
Computersicherheit
Gamecontroller
Computeranimation
Orakel <Informatik>
Kernel <Informatik>
Punkt
Sichtenkonzept
Code
Computersicherheit
Eindeutigkeit
Orakel <Informatik>
Optimierung
Computeranimation
Objekt <Kategorie>
Prozess <Physik>
Momentenproblem
t-Test
Identitätsverwaltung
Computeranimation
Physikalisches System
Informationsmodellierung
Endliche Menge
Gruppentheorie
Netzbetriebssystem
Gruppe <Mathematik>
Nichtunterscheidbarkeit
Klon <Mathematik>
Computersicherheit
Speicherabzug
Inverser Limes
Optimierung
Computersicherheit
Eindeutigkeit
Datenmodell
Physikalisches System
Elektronische Publikation
Objekt <Kategorie>
Digital-Analog-Umsetzer
Zugriffskontrolle
Rechter Winkel
Mereologie
Information
Lesen <Datenverarbeitung>
Computersicherheit
Eindeutigkeit
Default
Datenmodell
Malware
Dienst <Informatik>
Physikalisches System
Arithmetischer Ausdruck
Computeranimation
Physikalisches System
Systemprogrammierung
Digital-Analog-Umsetzer
Informationsmodellierung
Arithmetischer Ausdruck
Teilnehmerrechensystem
Prognoseverfahren
Einheit <Mathematik>
Gruppenkeim
Flächeninhalt
Wurzel <Mathematik>
Gruppe <Mathematik>
Mereologie
Computersicherheit
Normalvektor
Web Site
Klasse <Mathematik>
Kartesische Koordinaten
Maßerweiterung
Computeranimation
Kernel <Informatik>
Mailing-Liste
Einheit <Mathematik>
Gruppentheorie
Netzbetriebssystem
Dateiverwaltung
Diffusor
Maßerweiterung
Teilnehmerrechensystem
Datentyp
Computersicherheit
Eindeutigkeit
Mailing-Liste
Physikalisches System
Ereignishorizont
Objekt <Kategorie>
Digital-Analog-Umsetzer
Zugriffskontrolle
Gruppenkeim
Rechter Winkel
Benutzerschnittstellenverwaltungssystem
Gamecontroller
Objekt <Kategorie>
Nichtlinearer Operator
Metadaten
Web Site
Shape <Informatik>
Prozess <Physik>
Prozess <Informatik>
Kartesische Koordinaten
p-Block
Physikalisches System
Hinterlegungsverfahren <Kryptologie>
Computeranimation
Kernel <Informatik>
Prozess <Physik>
Multiplikation
Datenmanagement
Implementierung
Kartesische Koordinaten
Computeranimation
Physikalisches System
Algorithmus
Datenmanagement
Netzbetriebssystem
Computersicherheit
Maßerweiterung
Operations Research
Bildgebendes Verfahren
Gerade
Lineares Funktional
Algorithmus
Namensraum
Schlüsselverwaltung
Prozess <Informatik>
Computersicherheit
Kryptologie
Funktion <Mathematik>
ATM
Projektive Ebene
Verzeichnisdienst
Kernel <Informatik>
Kontrollstruktur
Verbindungsschicht
Programmverifikation
Nummerung
Marketinginformationssystem
Whiteboard
Computeranimation
Physikalisches System
Chiffrierung
Informationsmodellierung
Elektronische Unterschrift
Fächer <Mathematik>
Kryptologie
Datennetz
Code
Computersicherheit
Hybridrechner
Hardware
Modul
Tabelle <Informatik>
Netzwerkschicht
IPSec
Computersicherheit
Kryptologie
Programmverifikation
Nummerung
Digitalfilter
Physikalisches System
Binder <Informatik>
Elektronische Unterschrift
Modul
Konfiguration <Informatik>
Framework <Informatik>
Projektive Ebene
Mini-Disc
Tabelle <Informatik>
Kernel <Informatik>
Bit
Punkt
Quader
Extrempunkt
Computeranimation
Internetworking
Modul <Datentyp>
Datennetz
Computersicherheit
Inverser Limes
Punkt
Maßerweiterung
Implementierung
Umwandlungsenthalpie
Interpretierer
IPSec
Computersicherheit
Physikalisches System
Mapping <Computergraphik>
Kritischer Punkt
Zugriffskontrolle
Forcing
Framework <Informatik>
Mereologie
Normalvektor
Objekt <Kategorie>
Subtraktion
Momentenproblem
Invarianz
Computersicherheit
Implementierung
Mechanismus-Design-Theorie
Computeranimation
Physikalisches System
Zugriffskontrolle
Einheit <Mathematik>
Regelkreis
Computersicherheit
Gruppoid
Information
Speicher <Informatik>
Level-Set-Methode
Modul
Objekt <Kategorie>
Web Site
Momentenproblem
Adressraum
Kolmogorov-Komplexität
Computeranimation
Systemprogrammierung
Physikalisches System
Informationsmodellierung
Bildschirmmaske
Einheit <Mathematik>
Netzbetriebssystem
Endogene Variable
Computersicherheit
Inverser Limes
Dateiverwaltung
Gruppoid
Maßerweiterung
Level-Set-Methode
Modul
Attributierte Grammatik
Nichtlinearer Operator
Architektur <Informatik>
Computersicherheit
Physikalisches System
Modul
Mechanismus-Design-Theorie
Endogene Variable
Objekt <Kategorie>
Codec
Zugriffskontrolle
Digitaltechnik
Mereologie
Attributierte Grammatik
Information
Funktionentheorie
Domain <Netzwerk>
Subtraktion
Prozess <Physik>
Quader
Momentenproblem
Nabel <Mathematik>
Systemverwaltung
Kartesische Koordinaten
Nummerung
Ähnlichkeitsgeometrie
Computeranimation
Übergang
Task
Physikalisches System
Domain-Name
Prognoseverfahren
Gruppe <Mathematik>
Computersicherheit
Optimierung
Verschiebungsoperator
Analysis
Programm
ATM
Gerichtete Menge
Prozess <Informatik>
Computersicherheit
Systemverwaltung
Nummerung
Physikalisches System
Benutzerprofil
Minimalgrad
Verkettung <Informatik>
Kinetische Energie
ATM
URL
Kernel <Informatik>
Rückkopplung
Prozess <Physik>
Sampler <Musikinstrument>
Weg <Topologie>
Natürliche Zahl
Flächentheorie
Sprachsynthese
Information
Computeranimation
Komponente <Software>
Systemprogrammierung
Physikalisches System
Last
Informationsmodellierung
Bildschirmmaske
Prozess <Informatik>
Software
Code
Mustersprache
Computersicherheit
Zusammenhängender Graph
Ordnungsreduktion
Softwareentwickler
Level-Set-Methode
Elektronische Publikation
Digitales Zertifikat
Prozess <Informatik>
Physikalischer Effekt
Computersicherheit
Relativitätstheorie
Firmware
Physikalisches System
Elektronische Publikation
Kontextbezogenes System
Modul
Mechanismus-Design-Theorie
Systemaufruf
Digital-Analog-Umsetzer
System F
Menge
Last
Rechter Winkel
ATM
Grundsätze ordnungsmäßiger Datenverarbeitung
Projektive Ebene
Information
Stapelverarbeitung
Ordnung <Mathematik>
Hash-Algorithmus
Prozess <Physik>
Sampler <Musikinstrument>
Desintegration <Mathematik>
Datenmanagement
Google Chrome
Computeranimation
Komponente <Software>
Physikalisches System
Bildschirmmaske
Datenmanagement
Konsistenz <Informatik>
Arbeitsplatzcomputer
Zusammenhängender Graph
Maßerweiterung
Modul
Soundverarbeitung
Elektronische Publikation
Architektur <Informatik>
Prozess <Informatik>
Kategorie <Mathematik>
Rechenzeit
Computersicherheit
Schlussregel
Physikalisches System
Elektronische Publikation
Partitionsfunktion
Modul
Integral
Minimalgrad
Menge
Mereologie
Hypermedia
Projektive Ebene
Messprozess
p-Block
Resultante
Bit
Momentenproblem
Ortsoperator
Klasse <Mathematik>
t-Test
Mathematische Logik
Analysis
Computeranimation
Eins
Informationsmodellierung
Softwaretest
Netzbetriebssystem
Gruppe <Mathematik>
Computersicherheit
Inverser Limes
Optimierung
Grundraum
Analysis
Videospiel
Computersicherheit
Humanoider Roboter
Physikalisches System
Teilbarkeit
Flächeninhalt
Mereologie
Hypermedia
Projektive Ebene
Resultante
Kernel <Informatik>
Bit
Punkt
Momentenproblem
Formale Sprache
Gruppenkeim
t-Test
Information
Computeranimation
Gradient
Homepage
Formale Semantik
Typentheorie
Computersicherheit
Skript <Programm>
Gerade
Einflussgröße
Addition
Lineares Funktional
Nichtlinearer Operator
ATM
Computersicherheit
Zeiger <Informatik>
Bitrate
Variable
Arithmetisches Mittel
Funktion <Mathematik>
Menge
Ganze Zahl
Julia-Menge
Deklarative Programmiersprache
Information
Computerunterstützte Übersetzung
Aggregatzustand
Ortsoperator
Hausdorff-Dimension
Sprachsynthese
Transformation <Mathematik>
Graphikkarte
Whiteboard
Schwach besetzte Matrix
Bildschirmmaske
Ganze Zahl
Datentyp
Operations Research
Speicher <Informatik>
Leck
Schätzwert
Autorisierung
Beobachtungsstudie
Fehlermeldung
Transformation <Mathematik>
Torvalds, Linus
Physikalisches System
Mustervergleich
Quick-Sort
Patch <Software>
Computerarchitektur
Brennen <Datenverarbeitung>
Umwandlungsenthalpie
Kernel <Informatik>
Konfiguration <Informatik>
Plug in
Computersicherheit
Klasse <Mathematik>
Automatische Handlungsplanung
Objektklasse
Statistische Hypothese
Computeranimation
Informationsmodellierung
Umwandlungsenthalpie
Datenstruktur
Code
Unordnung
Mereologie
Mustersprache
Attributierte Grammatik
Compiler
Datenstruktur
Versionsverwaltung
Funktionentheorie
Basisvektor
Kernel <Informatik>
Verklemmung
Information
ROM <Informatik>
Computeranimation
Leck
Informationsmodellierung
Domain-Name
Prozess <Informatik>
Spieltheorie
Adressraum
Datentyp
Leck
Fuzzy-Logik
Binder <Informatik>
Biprodukt
Wiki
Arithmetisches Mittel
System F
Thread
Rechter Winkel
Loop
Festspeicher
Beweistheorie
Projektive Ebene
Information
Lateinisches Quadrat
Aggregatzustand
Kernel <Informatik>
Computersicherheit
Rechenzeit
Physikalisches System
Objektklasse
Information
Computeranimation
Web log
Kernel <Informatik>
Informationsmodellierung
Prognoseverfahren
Gruppe <Mathematik>
Festspeicher
Fokalpunkt
Minimum
Meter
Projektive Ebene
Nichtlineares System
Metropolitan area network
Kernel <Informatik>
Videospiel
Quader
Web log
Computersicherheit
Listenprogrammgenerator
Klasse <Mathematik>
Eindeutigkeit
Varietät <Mathematik>
Objektklasse
Information
Computeranimation
Homepage
Mailing-Liste
Prognoseverfahren
Einheit <Mathematik>
Rechter Winkel
Fokalpunkt
Computersicherheit
Projektive Ebene
Normalvektor
Rechenschieber
Kernel <Informatik>
Bit
Klasse <Mathematik>
Computersicherheit
Projektive Ebene
Ereignishorizont
Level-Set-Methode
Computeranimation
Videokonferenz
Resultante
Distributionstheorie
Bit
Punkt
Prozess <Physik>
Extrempunkt
Compiler
Adressraum
Gruppenkeim
Raum-Zeit
Übergang
Kernel <Informatik>
Homepage
Prognoseverfahren
Prozess <Informatik>
Gruppe <Mathematik>
Lineare Regression
Bildschirmfenster
Dateiverwaltung
Softwaretest
Lineares Funktional
Extremwert
Datennetz
Computersicherheit
Güte der Anpassung
Systemaufruf
Strömungsrichtung
Quellcode
Störungstheorie
Biprodukt
Teilmenge
Dienst <Informatik>
Forcing
Rechter Winkel
Festspeicher
Grundsätze ordnungsmäßiger Datenverarbeitung
Ablöseblase
Programmierumgebung
Smartphone
Aggregatzustand
Instantiierung
Facebook
Quader
Implementierung
Strömungsgleichrichter
Task
Informationsmodellierung
Koroutine
Spyware
Coprozessor
Datenstruktur
Bildgebendes Verfahren
Hilfesystem
Leistung <Physik>
Trennungsaxiom
Beobachtungsstudie
Videospiel
Expertensystem
Spider <Programm>
Relativitätstheorie
Plug in
Physikalisches System
Chipkarte
Objekt <Kategorie>
Druckertreiber
Flächeninhalt
Mereologie
Gamecontroller
Wort <Informatik>
Computeranimation

Metadaten

Formale Metadaten

Titel What's up in the land of the Linux kernel security?
Serientitel FrOSCon 2017
Autor Thakkar, Vaishali
Lizenz CC-Namensnennung 4.0 International:
Sie dürfen das Werk bzw. den Inhalt zu jedem legalen Zweck nutzen, verändern und in unveränderter oder veränderter Form vervielfältigen, verbreiten und öffentlich zugänglich machen, sofern Sie den Namen des Autors/Rechteinhabers in der von ihm festgelegten Weise nennen.
DOI 10.5446/32281
Herausgeber Free and Open Source software Conference (FrOSCon) e.V.
Erscheinungsjahr 2017
Sprache Englisch

Inhaltliche Metadaten

Fachgebiet Informatik
Abstract A lot of progress has been made in the Linux kernel security in the last 10 years. Also, there are lot of things we could be doing better, and one could make the case that we have fallen behind the state of the art in a number of areas, including self-protection and hardening. Along with that there has been effort going on to improve the static/dynamic analysis to fix security issues. This talk aims at providing the overview of the work going on in the Linux kernel security including but not limited to secuirty modules, static/dynamic analysis tools, kernel self protection project etc.
Schlagwörter Security

Zugehöriges Material

Folgende Ressource ist Begleitmaterial zum Video
Video wird in der folgenden Ressource zitiert

Ähnliche Filme

Loading...