Loading…
Wednesday, August 21 • 4:50pm - 4:55pm
Subsystem Update: LSM Stacking - What You Can Do Now and What's Next - Casey Schaufler, Intel

Sign up or log in to save this to your schedule and see who's attending!

Feedback form is now closed.
Before the 5.1 Linux kernel it was only possible to combine Linux security modules (LSM) that don't use extended security "blobs". With the introduction of infrastructure blob management it is now possible for a limited set of extended system security data to be shared, allowing greater flexibility in security module combination. This talk will describe what data can currently be shared. It moves on to describe plans to expand the blobs that can be shared. Plans for achieving the ultimate goal of complete module stacking wrap up the presentation. Feedback on the plans, and suggestions for alternatives and improvements are solicited.

Speakers
avatar for Casey Schaufler

Casey Schaufler

Engineer, Intel
Casey Schaufler worked on Unix kernels in the 1970s-90s. He has implemented access control lists, mandatory access control, extended filesystem attributes, X11 access controls, network protocols and audit systems. His involvement in Linux began with the Linux Security Module work... Read More →


Wednesday August 21, 2019 4:50pm - 4:55pm
Sapphire D