This event has ended. View the official site or create your own event → Check it out
This event has ended. Create your own
October 4-6 in Berlin, Germany
Register Now for LinuxCon+ContainerCon Europe
View analytic
Tuesday, October 4 • 16:50 - 17:40
How To Write A Linux Security Module That Makes Sense For You - Casey Schaufler, The Smack Project

Sign up or log in to save this to your schedule and see who's attending!

The traditional Linux security model traces it's fundamentals to the mini-computers of the 1970's. It makes a lot of sense for a machine without a network connection, shared by a handful of friendly collaborators. Linux security modules (LSM) were introduced to address the needs of high security environments. This talk will teach you what you can do with a Linux security module, and what you can't, the difference between a major module and a minor one. Techniques for implementing access controls on files, IPC and sockets will be covered, as will the underlying mechanisms required to maintain the data needed. The difference between inode based schemes and path name based ones will be made clear. In the end you'll have the tools you need to create a module that protects what you care about instead of what seemed like a good idea to a government researcher during the Cold War.


Casey Schaufler

Engineer, The Smack Project
Casey Schaufler started programming Unix kernels at the end of the 1970's, when megabytes were for disc drives and C was still written in K&R style. He started working on system security in the Orange Book era, contributing to SunOS/MLS, Trusted Irix and the POSIX P1003.1e/2c drafts. During this time he implemented access control lists, mandatory access control, extended filesystem attributes, X11 access controls, network protocols and more audit... Read More →

Tuesday October 4, 2016 16:50 - 17:40
Hugos South

Attendees (19)