Explore a comprehensive conference talk on binary policy implementation using IMA and AppArmor at Google. Dive into the technical aspects of Google's approach to platform security for their vast fleet of developer machines. Learn about novel techniques for providence-based policy on Linux workstations, including targeting IMA signatures and restricting executables from non-Google repositories. Discover the operational challenges of rolling out restrictive policies at scale, and gain insights into binary signing, execution control, and security domain transitions. Examine topics such as Santa, auditing, IMA EVM, extended attributes, keyring restrictions, and process tree complexities. Understand how Google addresses various security concerns, including untrusted vs. trusted executions, script handling, and log event management.