Back To Schedule
Wednesday, August 29 • 11:40am - 12:25pm
Security hardening for distribution kernels - Corey Henderson

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

I will talk about hooking into pre-compiled distribution linux kernels to add security hardening. This allows for certain security frameworks to be used on kernels that are either 1) too old, 2) don't have certain config flags set, or 3) don't use non-mainline security patches. The primary example I'll be discussing is my implementation of "Trusted Path Execution" as a linux kernel module, the source code of which is here: https://github.com/cormander/tpe-lkm . I may also demo installing AppArmor on a RHEL6 system via a kernel module, if I get the module stable before July.

The audience would be system administrators and developers who manage systems that they can not change the kernel on, or don't want to manage custom kernel builds. This is important because it allows access to kernel hardening to a lot of people who have their hands tied either by policy or lack of experience.


Corey Henderson

Corey has worked with Linux professionally for 10 years, most of which have been focused on security. He writes code mostly in perl, but also knos C pretty well and has been playing in kernel land for the past two years.On-going projects include a TPE linux kernel module, toying with... Read More →

Wednesday August 29, 2012 11:40am - 12:25pm PDT
Harbor Island 3