Linux Security Summit Session Archive
Blogs
1
Posts
1
Posters
54
Views
1
Watching
-
LSS 2025 NA
Playlist
Index
- Welcome + Opening Remarks - James Morris, Microsoft
- Kernel Hardening: Ten Years Deep - Kees Cook, Google
- Lessons Learned While Making an AppArmor Play Machine - Alexandre Pujol, Linagora
- SeaBee: Defense for the Defense - Alan Wandke & Jacob Satterfield, National Security Agency
- Ubuntu Permission Prompting - John Johansen, Canonical
- Bypass Kernel Barriers: Fuzzing Linux Kernel in Userspace With LKL - Xuan Xing & Eugene Rodionov
- Putting Together a Secure Virtualization and Containerization Platform - Stéphane Graber, Zabbly
- Getting on the Same (Virtual Memory) Page: A Roundtable on Data-only Attack Mitigat... Maxwell Bland
- Integrating Confidential Computing Into Cloud Infrastructure: Challenges and Opport... Carlos Bilbao
- Welcome Back + Remarks - James Morris
- The State and Direction of LSM Stacking - Casey Schaufler, The Smack Project
- Binding TDISP & Platform Attestation Reports for Confidential VMs - Anna Trikalinou
- SELinux All the Way Down: Namespaces for SELinux - Stephen Smalley, National Security Agency
- Handling New Syscalls in Seccomp Filters - Tom Hromatka, Oracle Corporate & Paul Moore, Microsoft
- SymBisect: Accurate Bisection for Fuzzer-Exposed Linux Vulnerabilities - Zheng Zhang, Meta
- Layered Attestation of a Cross-Domain System - Perry Alexander, University of Kansas
- eBPF as an Active Security Enforcement Layer Stop DNS Data Breaches : Beyond Pass... Vedang Parasnis
LSS 2025 EU
Playlist
Index
- Welcome + Opening Remarks - Elena Reshetova, Security Architect, Intel
- Linux and CHERI: Back to the Future - Carl Shaw, Codasip
- IMA Update: Lessons Learned from Re-implementing IMA-measurement in User Space - Roberto Sassu
- Prioritizing the Linux OS Hardening and CVE Mitigation - Baoli Zhang, Intel
- Kernel Hardening With Protection Keys - Kevin Brodsky, Arm
- AppArmor Update - John Johansen, Canonical
- SELinux Update - Paul Moore, Microsoft
- Opportunities and Challenges on Merging HW Security Features into Linux Mainline Kernel - Panel
- Welcome Back + Remarks - Elena Reshetova, Security Architect, Intel
- FineIBT Enhanced: Hardening Linux’s Microarchitectural Security on X86 - S. Constable & S. Österlund
- Script Integrity - Mickaël Salaün, Microsoft
- Landlock Config - Mickaël Salaün, Microsoft
- Securing CI/CD Runners Through eBPF - Mert Coskuner, Yahoo & Cenk Kalpakoglu, Kondukto
- Recoverable, Tamper-resistant Full-disk Encryption at the Distributed Edge - Kobus van Schoor
- Hardening the Barebox Bootloader - Ahmad Fatoum, Pengutronix
LSS 2024 NA
Playlist
Index
- Welcome & Opening Remarks - James Morris, Microsoft
- Protecting the Linux Kernel from Confidential Computing Threats... - Carlos Bilbao & Elena Reshetova
- Securing Confidential VMs with COCONUT-SVSM - Jörg Rödel, SUSE
- Mitigating Integer Overflow in C - Kees Cook, Google
- Control Flow Integrity on RISC-V Linux - Deepak Gupta, Rivos Inc
- Linux Virtualization Based Security - Anna Trikalinou, Microsoft Corporation & Thara Gopinath
- Provenance-Aware Integrity Monitoring with Linux Security Identifiers - Fred Araujo & Teryl Taylor
- The Digest_cache LSM - Roberto Sassu, Huawei Technologies Duesseldorf GmbH
- Welcome Back & Check-In - James Morris, Microsoft
- Unprivileged Access Control in AppArmor - John Johansen & Georgia Garcia, Canonical
- Stacked LSMs and User Space - Casey Schaufler, The Smack Project
- Snapshotting IMA Log - Tushar Sugandhi, Microsoft
- Enhancing Kernel Bug Discovery with Large Language Models - Zahra Tarkhani, Microsoft
- A Hybrid Alias Analysis Framework and Its Application to Protecting the Linux Kernel - Guoren Li
- SandBox Mode (SBM) - New Execution Mode Between Kernel and User Space - Petr Tesarik, Self-employed
- Enhancing Systemd Security Using TPM 2.0 - Bill Roberts, ARM
LSS 2024 EU
Playlist
Index
- Welcome & Opening Remarks - Elena Reshetova, Intel
- SLUB Internals for Exploit Developers - Andrey Konovalov, xairy.io
- Enabling Hardware Security Modules for Confidential Computing - Reinhard Buendgen, IBM
- Hiding Attestation with Linux Keyring in Confidential Virtual Machines - Mikko Ylinen, Intel
- Enabling New Security Frontiers: Deep-Dive Into Implementing Confidential Computing on RISC-V - R...
- The Critical Path to Implant Backdoors and Potential Mitigation Techniques: Learnings from XZ...
- Compartmentalizing Vulnerable Kernel Components Without Stopping the Machine - Qinrun Dai
- Systemd & TPMs - Lennart Poettering, Microsoft
- Welcome Back & Remarks - Elena Reshetova, Intel
- Restricting Unprivileged User Namespaces in Ubuntu - John Johansen & Maxime Bélair, Canonical
- Update on Landlock: IOCTL Support - Günther Noack, Google
- LVBS and Advanced Kernel Integrity - Thara Gopinath, Microsoft
- Verifying and Signing EBPF Programs with Inspektor Gadget - Francis Laniel, Microsoft
- Safer Seccomp: Dead Syscalls Elimination - Yuan Tan & Siqi Fan, Lanzhou University; Xiao Liu
LSS 2023 NA
Playlist
Index
- Welcome & Opening Remarks - James Morris, Microsoft
- Verifiable End To End Secure OCI Native Machines - Serge Hallyn & Joy Latten, Cisco
- systemd and TPM2 - Lennart Poettering, Microsoft
- System Calls for the Linux Security Module Infrastructure - Casey Schaufler, The Smack Project
- How to Backdoor the Linux Kernel (and fail?) - Konstantin Ryabitsev, The Linux Foundation
- HotBPF++: A More Powerful Memory Protection for the Linux Kernel - Zicheng Wang & Yueqi Chen
- Controlling Script Execution - Mickaël Salaün, Microsoft
- Welcome Back & Daily Announcements Day 02 - James Morris, Microsoft
- MPK/PKS Linux Kernel Compartmentalization - Sebastian Österlund, Intel
- Enforcing Runtime Integrity with Maat - Jonathan Myers & Andrew Guinn
- Heki: Hypervisor-Enforced Kernel Integrity for Linux with KVM - Mickaël Salaün, Microsoft
- When Confidential Containers Meet Arm CCA - Jia He, Arm China
- Building the Largest Working Set of Apparmor Profiles - Alexandre Pujol, The Collaboratory @TUDublin
- SyzDescribe: Principled, Automated, Static Generation of Syscall Descriptions for... - Yu Hao
- Welcome Back & Daily Announcements Day 03 - James Morris, Microsoft
- Dynamic Key Managed PowerPC Guest Secure Boot - Sudhakar Kuppusamy & George Wilson
- Progress On Bounds Checking in C and the Linux Kernel - Kees Cook, Google & Gustavo A.R. Silva
- SecurityPerf: A New Open-Source Framework for Benchmarking the Performance... - Austin Gadient
- Coupling Key-Ring and Linux Crypto-API Framework(LCF) via Crypto... - Pankaj Gupta & Varun Sethi
- LSM Maintainers Panel - John Johansen, Mickaël Salaün, Casey Schaufler, Mimi Zohar and Paul Moore
LSS 2023 EU
Playlist
Index
- Welcome & Opening Remarks - Elena Reshetova, Intel
- BPF and Security. Friends and Foes - Alexei Starovoitov, Meta
- Genmai: A Security Vulnerability Detection Framework for Linux Operating..- Gao Tong & Song Chengjin
- Estimating Security Risk Through Repository Mining - Tamas K. Lengyel, Intel
- A PKCS #11 Signing Provider for OpenSSL - Reinhard Buendgen, IBM
- Enabling Hardware-Assisted Shields for Linux Security Subsystems - Zahra Tarkhani, Microsoft
- OP-TEE: Using the ARM Trust-Zone to Control Tamper Resistant Processors - Jorge Ramirez-Ortiz
- Welcome Back & Check-In - Elena Reshetova, Intel
- Hardware-backed Per-process Secrets - Matthew Garrett, Aurora
- Blueprint for Secure Boot and Data Integrity Using rustBoot... - Ulrich Matejek & Philipp Ahmann
- LSM Updates: IMA, SELinux, AppArmor, SMACK &...- Roberto Sassu, Paul Moore, John Johansen & KP Singh
- Update on Landlock: Audit, Debugging and Metrics - Mickaël Salaün, Microsoft
- Landlock Workshop: Sandboxing Application for Fun and Protection - Mickaël Salaün, Microsoft
LSS 2022 NA
Playlist
Index
- Welcome & Opening Remarks- James Morris & Meaningful Bounds Checking in the Linux Kernel- Kees Cook
- Improving Container Security with System Call Interception
- Hardening the Linux Guest for the Confidential Cloud Computing: Deep Dive and Results
- Namespacing the Linux Integrity Measurement Architecture
- How Can We Effectively Test Transient Execution Mitigations? - Russell Currey, IBM
- Wide-Block Cipher Support and HCTR2 - Nathan Huckleberry, Google
- Preparing for Zero-Day: Vulnerability Disclosure in Open Source Software
- Welcome Back & Remarks & Code Aware Services in the Service of Vulnerability Detection
- Cascade - A New High Level SELinux Policy Language - Daniel Burgener, Microsoft
- PowerVM Platform Keystore - Securing Linux Credentials Locally - Nayna Jain, IBM
- IMA Policy Support for fs-verity: A Win-win for IMA & fs-verity - Mimi Zohar, IBM
- Establishing Trust in Linux Keyrings - Is Trust Built-in, Imputed, or Transitive?
- Update on Landlock: Lifting the File Reparenting Limits and Supporting Network Rules
- BPF LSM - Updates and What next? - KP Singh, Google
LSS 2022 EU
Playlist
Index
- Welcome & Opening Remarks - Elena Reshetova, Intel
- io_uring: So Fast. It's Scary. - Paul Moore, Microsoft
- Flexible Array Transformations and Array-bounds Checking - Gustavo A. R. Silva, The Linux Foundation
- HotBPF - An On-demand and On-the-fly Memory Protection for the Linux Ker... Yueqi Chen & Zhenpeng Li
- Device Attestation in Hardware TEE based Confidential Computing - Jiewen Yao & Jun Nakajima, Intel
- AMD SEV-SNP Attestation: Establishing Trust in Guests - Jeremy Powell, Advanced Micro Devices
- Secure and Dynamic Hardware Partitioning Management on Heterogeneous SoC - Zahra Tarkhani, Microsoft
- Welcome Back & Remarks - Elena Reshetova, Intel
- Sanitizing the Linux Kernel — On KASAN and other Dynamic Bug-finding Tools - Andrey Konovalov
- Finally, a Smack Reference Policy - Casey Schaufler, The Smack Project
- What's New in the User Namespace - Stephane Graber, Canonical Ltd. & Christian Brauner, Microsoft
- State of Intel SGX in Linux - Jarkko Sakkinen & Roman Volosatovs, Profian Inc
- Introducing IO Devices into Trusted Execution Environments - Jun Nakajima, Intel Corporation
- Improving Unmodified Classic Application Confinement - John Johansen & Georgia Garcia, Canonical
LSS 2021 NA
Playlist
Index
- Welcome & Opening Remarks - James Morris
- SyzScope: Revealing High-Risk Security Impacts of Fuzzer-Exposed Bugs - Xiaochen Zou
- Hardening the Linux Guest for the Confidential Cloud Computing - Elena Reshetova, Intel
- Deep Dive into Landlock Internals - Mickaël Salaün, Microsoft
- Hardware-Assisted Fine-Grained Control-Flow Integrity: Adding Lasers to Intel's CET/IBT
- AMD SEV-SNP Development Update - David Kaplan, Advanced Micro Devices & Brijesh Singh, SMTS
- Device Mapper Target Measurements for Remote Attestation using IMA
- Kernel Self-Protection Project - Kees Cook, Google
- Securing TPM Secrets in the Datacenter - Paul Moore, Microsoft & Joy Latten, Cisco
- Welcome Back and Remarks - Day 2 - James Morris
- Subsystem Update: Linux Integrity Status Update - Mimi Zohar, IBM
- Patatt: End-to-end Patch Cryptographic Attestation for Patches - Konstantin Ryabitsev
- The Future of Code Integrity Enforcement: Extending IMA - Fan Wu, Microsoft
- Where do Security and Safety Meet? - Elana Copperman, Mobileye/Intel
- Triaging Kernel Out-Of-Bounds Write Vulnerabilities - Weiteng Chen
- /dev/random - A New Approach - Stephan Mueller, atsec information security GmbH
- Fuzzing Linux with Xen - Tamas K Lengyel, Intel
- Abstracting TEE Silicon Implementations with Shims - Nathaniel McCallum & Harald Hoyer, Profian
- Welcome Back and Remarks - Day 3 - James Morris
- Mitigating Linux Kernel Memory Corruptions with ARM Memory Tagging - Andrey Konovalov, xairy.io
- All the Things You Can Do with ARMv8 Virtualization - Janne Karhunen & Jani Hyvönen, Digital 14
- Finding Multiple Bug Effects for More Precise Exploitability Estimation - Zhenpeng Lin & Yueqi Chen,
- Live Migration Architecture for Intel TDX-based Confidential VMs - Ravi Sahita & Jun Nakajima, Intel
- CVEHound: Audit Kernel Sources for Missing CVE Fixes - Denis Efremov, Oracle
- Analysing & Improving the Security Properties of Secret Memory - James Bottomley & Mike Rappoport
- IPE Namespaces - Targeted Enforcement of CI - Deven Bowers, Microsoft
- Closing Remarks - James Morris
LSS 2021 EU
Playlist
Index
- Opening Remarks - James Morris, Kernel Developer, Microsoft
- 10 Years of Linux Security - A Report Card - Bradley Spengler, Open Source Security, Inc.
- Automatically Securing Linux Application Containers in Untrusted Clouds
- Control Flow Integrity in the Linux Kernel - Kees Cook, Google
- Encrypting Memory at Scale - Derek Chamorro & Brian Bassett, Cloudflare
- Integrity Policy Enforcement: Full System Integrity Verification - Deven Bowers, Microsoft
- Panel Discussion: What is Lacking in Linux Security and What Are or Should We be Doing about This
- Panel Discussion: What is Lacking in Linux Security and What Are or Should We be Doing about This
- SELint - An SELinux Policy Static Analysis Tool - Daniel Burgener, Microsoft
LSS 2020 NA
Playlist
Index
- Opening Remarks - James Morris, Kernel Developer, Microsoft
- 10 Years of Linux Security - A Report Card - Bradley Spengler, Open Source Security, Inc.
- Automatically Securing Linux Application Containers in Untrusted Clouds
- Control Flow Integrity in the Linux Kernel - Kees Cook, Google
- Encrypting Memory at Scale - Derek Chamorro & Brian Bassett, Cloudflare
- Integrity Policy Enforcement: Full System Integrity Verification - Deven Bowers, Microsoft
- Panel Discussion: What is Lacking in Linux Security and What Are or Should We be Doing about This
- Panel Discussion: What is Lacking in Linux Security and What Are or Should We be Doing about This
- SELint - An SELinux Policy Static Analysis Tool - Daniel Burgener, Microsoft
LSS 2020 EU
Playlist
Index
- Architectural Extensions for Hardware VM Isolation to Advance Confidential Computing in Public Cloud
- Block Me if You Can: Subverting IMA - Tobias Mueller, University of Hamburg
- Bypassing Many Kernel Protections Using Elastic Objects - Yueqi Chen & Zhepeng Lin, Ph.D. Students
- Container Runtime Support for SGX and TEE Environment - Isaku Yamahata, Intel Corporation
- Introducing TPM NV Storage with E/A Policies and TSS-FAPI - Andreas Fuchs, Fraunhofer SIT
- Kernel Integrity Enforcement with HLAT In a Virtual Machine - Chao Gao, Intel Corporation
- Network File System Security Overview: Securing SMB3 - Steven French, Microsoft
- Opening Remarks - Elena Reshetova, Security Engineer, Intel Corporation
- Overview of the Crypto-engine Improvements - Iuliana Prodan, NXP Semiconductors
- State of the User Namespace - Stephane Graber & Christian Brauner, Canonical
- TBOOT and Secure Boot coexistence to launch OS even more securely. - Łukasz Hawryłko, Intel
LSS 2019 NA
Playlist
Index
- Infoflow LSM - Roberto Sassu, Cyber Security and Privacy Lab (CSPL)
- Subsystem Update: The 2019 Smack Update - Casey Schaufler, Intel
- Subsystem Update: LSM Stacking - What You Can Do Now and What's Next - Casey Schaufler, Intel
- Tutorial: The Why and How of libseccomp - Tom Hromatka, Oracle & Paul Moore, Cisco
- Subsystem Update: Linux Integrity Status Update - Mimi Zohar, IBM
- Subsystem Update: Seccomp, Yama, and LoadPin - Kees Cook, Google
- Tutorial: Complete Platform Attestation: Remotely Verifying the... Monty Wiseman & Avani Dave
- Subsystem Update: tpm2-Software Update and Highlights - Philip Tricca, Intel
- Subsystem Update: AppArmor Update 2019 - John Johansen, Canonical
- Securing TPM Secrets with TXT and Kernel Signatures - Paul Moore, Cisco
- Subsystem Update: State of SELinux, 2019 - Paul Moore, Cisco
- Integrity Measurements and the Cruel World - Janne Karhunen, Dark Matter LLC
- Binary Policy with IMA and AppArmor - Eric Chiang, Google
- Breaking and Protecting Linux Kernel Stack - Elena Reshetova, Intel
- Using and Implementing Keyring Restrictions for Userspace - Mat Martineau, Intel
- Writing Linux Kernel Modules in Safe Rust - Geoffrey Thomas & Alex Gaynor
- It's Coming From Inside the House: Kernelspace Fault Injection with KRF - William Woodruff
- Kernel Runtime Security Instrumentation - KP Singh, Google
- Rich Authorization in a Resource Constrained Device - Kenneth Goldman, IBM
- Making Remote Attestation Useful on Linux - Brandon Weeks & Matthew Garrett, Google
- Making Containers Safer - Stéphane Graber & Christian Brauner, Canonical Ltd.
- Kernel Self-Protection Project - Kees Cook, Google
- Application Whitelisting - Steven Grubb, Red Hat
- NFS Support for the Linux Integrity Measurement Architecture - Chuck Lever, Oracle Corporation
- TrenchBoot - How to Nicely Boot System with Intel TXT and AMD SVM - Daniel Kiper & Daniel Smith
- Tutorial: How to Write a Linux Security Module - Casey Schaufler, Intel
- Keynote: Retrospective: 26 Years of Flexible MAC - Stephen Smalley, National Security Agency
- Enarx - Attested, Secured Execution with AMD’s SEV - Nathaniel McCallum & David Kaplan
- Welcome & Opening Remarks - James Morris, Microsoft
LSS 2019 EU
Playlist
Index
- Deep Analysis of Exploitable Linux Kernel Vulnerabilities 2017-2019 - Tong Lin & Luhai Chen, Intel
- Exploiting Race Conditions Using the Scheduler - Jann Horn, Google
- Dealing with Uninitialized Memory in the Kernel - Alexander Potapenko, Google
- A New Proposal for Protecting Kernel Data Memory - Igor Stoppa, Huawei
- Tracing: The Bane of You Security Folks - Steven Rostedt, VMware Inc
- Kernel Runtime Security Instrumentation - KP Singh, Google
- CRIU and SELinux - Adrian Reber, Red Hat
- Using a Different LSM from the Host in a Container - John Johansen, Canonical
- Tutorial: Using Linux Primitives to Build Your Own Containers - Stéphane Graber & Christian Brauner
- The Linux Crypto API - Ard Biesheuvel, ARM Ltd.
- OpenPOWER: Host OS (Linux Kernel) Secure Boot Key Management - Nayna Jain, IBM
- Keylime - An Open Source TPM Project for Remote Trust. - Luke Hinds, Red Hat
- Securing TPM Secrets with TXT and Kernel Signatures - Paul Moore, Cisco
- LSM Stacking - What You Can Do Now and What's Next - Casey Schaufler, Intel
- Upcoming x86 Technologies for Malicious Hypervisor Protection - David Kaplan, AMD
- Zephyr Project Security Status - David Brown, Linaro
- Address Spaces for Namespaces - Mike Rapoport, IBM
- BoF: Simple Remote Attestation with Secure & Attested Communication Channels - Roberto Sassu, Huawei
LSS 2018 NA
Playlist
Index
- Making C Less Dangerous - Kees Cook, Google
- Security in Zephyr and Fuchsia - Stephen Smalley & James Carter, National Security Agency
- Life Behind the Tinfoil: A Look at Qubes and Copperhead - Konstantin Ryabitsev, The Linux Foundation
- STACKLEAK: A Long Way to the Linux Kernel Mainline - Alexander Popov, Positive Technologies
- Syzbot and the Tale of Thousand Kernel Bugs - Dmitry Vyukov, Google
- Azure Sphere: Fitting Linux Security in 4 MiB of RAM - Ryan Fairfax, Microsoft
- The Future of Security is in Open Silicon - Joel Wittenauer, Rambus Security, Cryptography Research
- Opening Remarks - James Morris, Microsoft
- Sub-system Update: State of SELinux - Paul Moore, Red Hat
- fs-verity: Native File-based Authenticity - Michael Halcrow & Eric Biggers, Google
- Sub-system Update: Kernel Self-Protection Project - Kees Cook, Google
- Open System Firmware Projects - Elaine Palmer, IBM Research
- Getting Started with the TPM2 Software Stack (TSS2) - Philip Tricca, Intel
- Year in Review: Android Kernel Security - Jeff Vander Stoep & Sami Tolvanen, Google
- Updating Linux with TUX: Trust Update for Linux Kernel - Suhho Lee & Hyunik Kim, Dankook University
- Project Cerberus - Bryan Kelly, Microsoft
- Using the TPM NVRAM to Protect Secure Boot Keys in POWER9 OpenPOWER Systems - Claudio de Carvalho
- Sub-system Update: AppArmor Update 2018 - John Johansen, Canonical
- Linux Audit: Moving Beyond Kernel Namespaces to Audit Container IDs - Richard Guy Briggs, Red Hat
- How to Safely Restrict Access to Files in a Programmatic Way with Landlock? - Mickaël Salaün, ANSSI
- Sub-system Update: Linux Integrity Status Update - Mimi Zohar, IBM
- Proactive Software Defense against Side Channel Attacks - Kristen Accardi, Intel
- Security Module Stacks that Don't Fall Over - Casey Schaufler, Intel
- Protected Execution Facility - Guerney D. H. Hunt, IBM Research
- Sub-system Update: Smack Update 2018 - Casey Schaufler, Intel
- Extending OpenPOWER Boot Security to Guests - George Wilson, IBM
- A Canonical Event Log Structure for IMA - David Safford & Monty Wiseman, GE
LSS 2018 EU
Playlist
Index
- Overview and Recent Developments of Keyrings Subsystem - David Howells, Red Hat
- AMD Encrypted Virtualization Update - David Kaplan, AMD
- Overview and Recent Developments: TPM - Jarkko Sakkinen, Intel
- TPM Software Stack - Enabling the TPM2.0 Ecosystem in Linux - Peter Hüwe & Joshua Lock
- Linux Kernel Security Contributions by ANSSI - Yves-Alexis Perez, ANSSI
- Overview and Recent Developments: Kernel Self-Protection Project - Kees Cook, Google
- Does Making the Kernel Harder Make Making the Kernel Harder? - Casey Schaufler, The Smack Project
- Overview and Recent Developments: Namespaces and Capabilities - Christian Brauner, Canonical Ltd.
- Overview of the Linux Kernel Security Subsystem - James Morris, Microsoft
- Kernel Hardening: Protecting the Protection Mechanisms - Igor Stoppa, Huawei
- Overview and Recent Developments: Linux Integrity - Mimi Zohar, IBM
- Tying EVM into LSM Policy - Matthew Garrett, Google
- A Simple Protocol for Remote Attestation of System Integrity - Roberto Sassu
- Using Linux as a Secure Boot Loader for OpenPOWER Servers - Nayna Jain, IBM & Thiago Jung Bauermann
- Overview and Recent Developments: AppArmor - John Johansen, Canonical
- Overview and Recent Developments: Smack - Casey Schaufler, Intel
- Overview and Recent Developments: SELinux - Paul Moore, Cisco
- Security Module Stacks That Don't Fall Over - Casey Schaufler, The Smack Project
- Protected Execution Facility - Guerney D. H. Hunt, IBM Research
- Overview and Recent Developments: seccomp and Small Linux Security Modules - Kees Cook, Google
- Implement Android Tamper-Resistant Secure Storage and Secure it in Virtualization - Bing Zhu, Intel
LSS 2016
Playlist
Index
- Keynote: Inside the Mind of a Coccinelle Programmer by Julia Lawall, Developer of Coccinelle
- The State of Kernel Self Protection Project by Kees Cook, Google
- Towards Measured Boot Out of the Box by Matthew Garrett, CoreOS
- Current State of Kernel Audit and Linux Namespaces, Looking Ahead to Containers
- AMD x86 Memory Encryption Technologies by David Kaplan, AMD
- Securing Filesystem Images for Unprivileged Containers by James Bottomley, IBM
- Minijail: Running Untrusted Programs Safely by Jorge Lucangeli Obes, Google
- On the Way to Safe Containers by Stephane Graber, Canonical
- Smack in 2016 by Casey Schaufler, The Smack Project
- Integrity by Mimi Zohar
- TPM by Jarkko Sakkinen, Intel
- SELinux by Paul Moore
- AppArmor by John Johansen
- Seecomp by Kees Cook, Google
- Design and Implementation of a Security Architecture for Critical Infrastructure
- Android: Protecting the Kernel by Jeffrey Vander Stoep, Google
- Opportunistic Encryption Using IPsec by Paul Wouters, Libreswan IPsec VPN Project
- (Ab)using Linux as a Trusted Bootloader by Eric Richter, IBM
- Integrity Protection and Access Control - Who Do You Trust? by Glenn Wurster, BlackBerry