Play all

Intro

Why Do You Want To Write A Linux Security Module? We already have terrific security

When Is A Linux Security Module The Right Choice? Add access control Things controlled by

Restrictive Controls

When Is A Linux Security Module The Wrong Choice?

What Are The Alternatives?

Security Module Don'ts

What Do You Want To Protect?

What Do You Want To Protect it From?

The Hooks And Blobs Of A Linux Security Module

Access Control Hooks

Hooks Are Bail On Fail

State Maintenance Hooks

Access Hook Return values

Infrastructure Managed Security Blobs

Module Details

Setting Blob Sizes

The Blob, the Secid and the Secctx

Lifecycle Management Of A secctx

Credentials

Tasks

proc//attr

Object Based Hooks

Inodes

Traditional File Security Attributes

Extended Attributes

IPC objects and Keys

CONFIG_SECURITY_PATH

Aliases

Symlinks

Hardlinks

Mounts

Mount Namespaces

Network Hooks

Network Labels - Secmark

Network Labels - NetLabel

Description:

Explore the fundamentals of creating a Linux Security Module (LSM) in this comprehensive tutorial led by Casey Schaufler from Intel, joined by experts Paul Moore and John Johansen. Learn when to implement an LSM, its capabilities and limitations, and alternatives such as mainline changes and namespaces. Dive into security module data management conventions, filesystem, process, networking, and audit interfaces. Gain insights on proper implementation techniques for upstream acceptance, understanding LSM infrastructure, and mastering essential concepts like hooks, blobs, and access control. Cover topics including security attribute management, credential handling, task management, object-based hooks, and network security labels. Acquire the knowledge needed to enhance Linux kernel security through expert guidance in this 95-minute session.

How to Write a Linux Security Module

Linux Foundation

Add to list

#Conference Talks #Information Security (InfoSec) #Cybersecurity #Access Control #Computer Science #Operating Systems #Linux Kernel Security