Linux Plumbers Conference

Security Microconference (Draft, Subject to Change)

I well remember not needing to lock the door as a kid, as well as the anonymous/guest logins on the ARPANET and early Internet. Needless to say, those days are gone forever. Security is now critically important, even for the most obscure computer systems.

The Linux Plumbers Conference is fortunate to have James Morris and Paul Moore as runners for the Security microconference. James and Paul are quite prominent in the Linux security community, James in his role as Linux kernel security subsystem maintainer, and Paul in a number of roles, including leader of the NetLabel network-security subsystem. The Security microconference is a double-length microconference this year, as is fitting given the importance of security in today's world of spammers, botnet controllers, and many other black-hat threats. In the interest of brevity, only four of the ten selections are highlighted below, but please rest assured that the remainder are every bit as interesting and important.

The first two topics recognize the importance of usability, something that has all too often been neglected in the security field. After all, even the best security mechanisms are of no use if users prefer to disable them. To demonstrate how much progress SELinux has made in recent years, Caleb Case will be showing a demo of SELinux on Ubuntu while Dan Walsh showcases a bit of SELinux in Fedora that anyone can use, namely application sandboxes. These demos are important steps towards the goal of effective security measures designed for the typical Linux user. We hope that numerous Linux users will attend these demos so as to promote a vigorous and illuminating discussion.

The next topic takes a look at the Simplified Mandatory Access Control Kernel (Smack) through the eyes of it's author, Casey Schaufler. Casey presents a case study in Smack configuration by showing how Smack can be used to provide additional security for a well-known commercial database server. This should help both developers and users understand how to apply these new advanced security mechanisms to their own systems and applications, and will hopefully also start a productive collaboration between developers at all levels of the FOSS stack.

The fourth and final topic, at least for the moment, is the Linux Kernel Crypto API, presented by Herbert Xu. Given that Moore's Law is still providing transistors, but is no longer increasing clock frequencies, we can expect more hardware offload engines, including hardware encryption. The Linux Kernel Crypto API is critically important for timely support of such hardware. In addition, Herbert will describe user-space APIs and how this API might be generalized beyond cryptographic algorithms. Given the need to change cryptographic algorithms as they weaken, either due to newly discovered attacks or due to the inexorable increase in available computing power, we can expect the Linux Kernel Crypto API to have a key role to play in the security arena -- and to require continued refinement as security requirements change over time.

We hope to see you there!!!