Loading…
Attending this event?
September 16-17, 2024 | Vienna, Austria
View More Details & Registration
Note: The schedule is subject to change.

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for Linux Security Summit Europe 2024 to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

This schedule is automatically displayed in Central European Summer Time (UTC+2). To see the schedule in your preferred timezone, please select from the drop-down at the bottom of the menu to the right.
Simple
Expanded
Grid
By Venue
Refereed Presentations clear filter
arrow_back View All Dates
Tuesday, September 17
 

09:05 CEST

Restricting Unprivileged User Namespaces in Ubuntu - John Johansen & Maxime Bélair, Canonical
Tuesday September 17, 2024 09:05 - 09:50 CEST
Hall L3
A retrospective on the work to restrict unprivileged user namespaces by default in Ubuntu 24.04. This presentation will cover the challenges, problems, and the solutions that Ubuntu choose. It will also take a look at work to address the problems that remain.
Speakers
avatar for John Johansen

John Johansen

Software Engineer, Canonical
John Johansen began working with open source software in the late 80s and began playing with Linux in 93. He completed a masters in mathematics at the University of Waterloo and the began working for Immunix doing compiler hardening, and then AppArmor. After Immunix was acquired by... Read More →
avatar for Maxime Bélair

Maxime Bélair

Security Engineer, PhD, Canonical
Maxime is a security engineer at Canonical. He currently works in the development of AppArmor
Restricting Unprivileged User Namespaces In Ubuntu pdf
Tuesday September 17, 2024 09:05 - 09:50 CEST
Hall L3
  Refereed Presentations
  • Session Slides Attached Yes

09:55 CEST

Update on Landlock: IOCTL Support - Günther Noack, Google
Tuesday September 17, 2024 09:55 - 10:40 CEST
Hall L3
The Landlock security module lets Linux processes restrict what they can do and puts developers in charge of defining appropriate sandboxing policies for their programs. We will give a brief overview over Landlock’s current features, recent developments, and talk about what is next. We will discuss in more detail Landlock’s new support for restricting the use of IOCTL and the design considerations and trade-offs that went into it.
Speakers
avatar for Günther Noack

Günther Noack

Software Engineer, Google
Günther Noack is a software engineer at Google, where he works on security things. He has contributed to Landlock in the kernel since 2022 and maintains the Landlock Go library. In his free time, he enjoys running and swimming.
Update on Landlock IOCTL support pdf
Tuesday September 17, 2024 09:55 - 10:40 CEST
Hall L3
  Refereed Presentations
  • Session Slides Attached Yes

11:10 CEST

LVBS and Advanced Kernel Integrity - Thara Gopinath, Microsoft
Tuesday September 17, 2024 11:10 - 11:55 CEST
Hall L3
Linux Virtualization based Security (LVBS) is a security feature that can a) harden the kernel and b) ensure that critical kernel resources remain untampered, even if the kernel gets compromised. VBS uses hardware virtualization and the hypervisor (Hyper-V) to create an isolated virtual environment that runs as a higher trust level, called Virtual Trust Level 1 (VTL1). In earlier talks on LVBS we explored the fundamentals of having a secure kernel running in VTL1 and how we support basic kernel integrity through LVBS. In this talk we explore how LVBS can be extended to offer advanced kernel integrity features. We examine the status quo in Linux kernel today and the various kernel features that manipulate page tables to inject/modify kernel code. We then discuss how these features can be hardened via LVBS to ensure that authenticity and integrity of the modified/loaded code can be ensured, even if the kernel is compromised. We will also present the status of our work in hardening some of these features. Finally, as future work we also explore hardening of key kernel data structures that are target to attack and present our goals in guarding them against unauthorized modification.
Speakers
avatar for Thara Gopinath

Thara Gopinath

Principal Software Engineering Lead, Microsoft
Thara Gopinath is a Principal Software Engineering Lead at Microsoft. She has been working on various Linux kernel subsystems since 2009 and currently leads the team implementing Linux Virtualization Based Security (LVBS) at Microsoft.
LSSEU24 LVBS pdf
Tuesday September 17, 2024 11:10 - 11:55 CEST
Hall L3
  Refereed Presentations

14:35 CEST

Systemd & TPMs - Lennart Poettering, Microsoft
Tuesday September 17, 2024 14:35 - 15:20 CEST
Hall L3
In this talk I'd like to give an update on what's new in systemd's various TPM related subsystems, such as disk encryption, PCR policy management, measurement APIs, event log and more.
Speakers
avatar for Lennart Poettering

Lennart Poettering

Principal Software Engineer, Microsoft
I work at Microsoft and hack on systemd.
lss2024 pdf
Tuesday September 17, 2024 14:35 - 15:20 CEST
Hall L3
  Refereed Presentations
 
  • Filter By Date
    Sep 15 -17, 2024
  • Filter By Venue
    Vienna, Austria
    All
    Entrance 1
    Foyer L
    Hall L3
  • Filter By Type
    BoF Sessions
    Refereed Presentations
    Registration / Breaks
    Short Topic Presentations
    Welcome Remarks
  • Session Slides Attached
    Yes
  • Timezone
Share Modal

Share this link via

Or copy link

Filter sessions
Apply filters to sessions.
Filtered by Date - 
Clear filter
Sunday, September 15
Monday, September 16
Tuesday, September 17
Entrance 1
Foyer L
Hall L3
  • BoF Sessions
  • Refereed Presentations
  • Registration / Breaks
  • Short Topic Presentations
  • Welcome Remarks
  • Session Slides Attached
  • Yes