October 4-6 in Berlin, Germany
Register Now for LinuxCon+ContainerCon Europe
Back To Schedule
Tuesday, October 4 • 16:50 - 17:40
How To Write A Linux Security Module That Makes Sense For You - Casey Schaufler, The Smack Project

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

The traditional Linux security model traces it's fundamentals to the mini-computers of the 1970's. It makes a lot of sense for a machine without a network connection, shared by a handful of friendly collaborators. Linux security modules (LSM) were introduced to address the needs of high security environments. This talk will teach you what you can do with a Linux security module, and what you can't, the difference between a major module and a minor one. Techniques for implementing access controls on files, IPC and sockets will be covered, as will the underlying mechanisms required to maintain the data needed. The difference between inode based schemes and path name based ones will be made clear. In the end you'll have the tools you need to create a module that protects what you care about instead of what seemed like a good idea to a government researcher during the Cold War.

avatar for Casey Schaufler

Casey Schaufler

Engineer, Intel
Casey Schaufler worked on Unix kernels in the 1970s-90s. He has implemented access control lists, mandatory access control, extended filesystem attributes, X11 access controls, network protocols and audit systems. His involvement in Linux began with the Linux Security Module work... Read More →

Tuesday October 4, 2016 16:50 - 17:40 CEST
Hugos South