Security Retrospective of the last year

Cite

openSUSE

Meissner, Marcus

Formal Metadata

Title

Security Retrospective of the last year

Title of Series

openSUSE Conference 2018

Number of Parts

Author

Meissner, Marcus

Contributors

Chaos Computer Club e.V.

License

CC Attribution 3.0 Unported:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor.

Identifiers

10.5446/54550 (DOI)

Publisher

openSUSE

Release Date

2018

Language

English

Content Metadata

Subject Area

Computer Science

Genre

Conference/Talk

Abstract

Not just Meltdown and Spectre Last year was a quite busy year on the security front, various big issues happened, so its good to tell what security has done there and is doing for openSUSE and SUSE in general here. The talk will give a brief overview of how the SUSE Security Team works and operates. We will look at the reactive work including statistics, and also look at proactive secure development lifecycle activities. I will also highlight some of the big security issues we faced over the last year. - Stack Clash from mid of 2017. Overview of the problem, what we do for mitigations, and our long way for compiler mitigations. - Meltdown and Spectre As we hoped never to have a StackClash like issue again, CPU sidechannel issues surfaced which needed kernel mitigations begin of January. I will give an overview over what these issues are, and how we mitigated them or are still mitigating them. I will also talk about one of my projects done in the last year: - Full PIE enablement for the distribution and its long road to Factory.