Linux Security Summit North America 2022: Full Schedule

June 23 - 24, 2022 | Austin, Texas + Virtual
View More Details & Registration Information

Please note all session times are listed in Central Daylight Time (CDT), UTC -5.
To view the schedule at your preferred time, please choose your location on the right-hand navigation panel under ’Timezone’.

8:00am CDT

Registration & Badge Pick-up

Thursday June 23, 2022 8:00am - 6:00pm CDT
JW Grand Ballroom Foyer - Level 4

Breaks / Networking / Registration

9:00am CDT

Welcome & Opening Remarks - James Morris

Speakers

James Morris

Linux Kernel & Security Manager, Microsoft

James is the maintainer of the Linux security subsystem, and engineering manager at Microsoft.

Thursday June 23, 2022 9:00am - 9:05am CDT
402/403

Opening Remarks

Session Type In Person

9:05am CDT

Meaningful Bounds Checking in the Linux Kernel - Kees Cook, Google

Like all C code, the Linux Kernel regularly suffers from buffer overflow flaws. While stack overflows have been largely addressed, heap overflows remain common. Especially frustrating is that the compiler usually has enough context to have been able to stop the overflow but C APIs are so terrible that it doesn't happen. We'll take a quick look through the last 3 years of heap buffer overflow CVEs in the kernel, which shows that all 11 memcpy overflows from this timespan (which includes the BleedingTooth exploit), could have been detected and mitigated by the compiler. The limitations of C language standards, APIs, kernel coding conventions, and compiler bugs make this a difficult problem. We will explore the path to solutions being developed in the Linux kernel for dealing with array index overflows, string manipulation overflows, and especially memcpy overflows. We will cover the history of C flexible arrays, the unexpected places where the "-Warray-bounds" and "-fsanitize=bounds" compiler options don't work, the limits of "__builtin_object_size" (the work-horse of FORTIFY_SOURCE), and how memcpy is being effectively replaced to stop overflows from ever happening again.

Speakers

Kees Cook

Kernel Security Software Engineer, Google

Kees Cook has been working with Free Software since 1994, has been a Debian Developer since 2007, and has been a member of the Linux Kernel Technical Advisory Board since 2019. He is currently employed as a Linux kernel security engineer by Google, focusing on upstream kernel security... Read More →

Thursday June 23, 2022 9:05am - 9:50am CDT
402/403

Refereed Presentations

Session Type Virtual

9:50am CDT

Improving Container Security with System Call Interception - Stephane Graber, Canonical Ltd. & Christian Brauner, Microsoft

Seccomp system call interception (notify target) has been around since Linux 5.9 and allows for a seccomp policy to stop the execution of a system call, notify userspace about the call and finally return the response provided by the userspace process. It can be tricky to use properly due to potential time of check / time of use issues as well as the need to resolve pointers on some system calls. But when used properly, it allows for very selective interception of actions from a very restricted/unprivileged container by a more privileged monitoring process which can then selectively decide to re-run the call with elevated privileges. This allows for far more workloads to be run in unprivileged containers while retaining the ability to do some of their more privileged tasks. In this talk, we'll be going over the basics of how all of this works as well as the work we've done with system call interception in LXD. LXD currently uses the mechanism to allow some uses of a variety of system calls including "setxattr", "bpf", "mount" and "mknod". One highlight use case is how LXD can intercept some "mount" system calls and transparently replace them with an equivalent FUSE mount.

Speakers

Stephane Graber

Project leader for LXD, Canonical Ltd.

Stéphane Graber is the upstream project leader for LXC and LXD at Canonical and a frequent speaker and track leader at events related to containers and Linux. Stéphane is a longtime contributor to the Ubuntu Linux distribution as an Ubuntu core developer and previous Ubuntu technical... Read More →

Christian Brauner

Principal Software Engineer, Microsoft

Christian Brauner is a kernel developer and maintainer of the LXD and LXC projects currently working at Microsoft. He works mostly upstream on the Linux Kernel maintaining various bits and pieces. He is strongly committed to working in the open, and an avid proponent of Free Software... Read More →

LSSNA 2022 Syscall interception pdf

Thursday June 23, 2022 9:50am - 10:35am CDT
402/403

Refereed Presentations

Session Type In Person

10:35am CDT

Morning Break

Thursday June 23, 2022 10:35am - 11:05am CDT
Hallway 402/403

Breaks / Networking / Registration

11:05am CDT

Hardening the Linux Guest for the Confidential Cloud Computing: Deep Dive and Results - Elena Reshetova, Intel

Confidential Cloud Computing is a powerful security model where the cloud tenants are not required to trust the SW stack provided by Cloud Service Providers (CSPs). This includes the Virtual Machine Monitor (VMM) that has been an internal part of VM guests' TCB for decades. In recent years CPU vendors are coming forward with the technologies that make it possible to support this changed threat model (AMD SEV, Intel TDX, etc.), but a lot of work also needs to be done on the VM guest SW stack to truly make this setup secure. This talk continues the last year’s LSS presentation to give a more technical deep dive on our efforts for hardening the mainline Linux kernel that can be used as a secure VM guest kernel. We will go into details on how we treat individual kernel subsystems and communication mechanisms, how our implemented hardening security mechanisms work, as well as share results from our fuzzing and manual code audit activities. The open source tools and documentation for the project has been published at https://github.com/intel/ccc-linux-guest-hardening

Speakers

Elena Reshetova

Security architect, Intel

Elena Reshetova is a security architect and researcher at Intel working on various Linux security projects. Her current research interests evolve around Linux kernel hardening for the confidential cloud computing.

LSS HardeningLinuxGuestForCCC 2022 pdf

Thursday June 23, 2022 11:05am - 11:50am CDT
402/403

Refereed Presentations

Session Type In Person

11:50am CDT

Namespacing the Linux Integrity Measurement Architecture - Stefan Berger, IBM Corporation & Christian Brauner, Microsoft

This presentation will discuss our work on namespacing the Linux Integrity Measurement (IMA) Architecture. We will talk about the use cases and benefits of IMA namespacing support for the Linux containers and explore the details of the proposed architecture, its current implementation, and staging requirements for upstreaming the code. Further, we will go into details of the challenges of this work as well as the extensions of other parts of Linux that it requires. We will also touch upon the implementation of a specialized test suite providing testing-coverage of the various stages of IMA namespacing support. If time permits, we will show a demo of how IMA inside a Linux container works.

Speakers

Stefan Berger

Senior Technical Staff Member, IBM Corporation

Stefan Berger works at IBM Research. His focus is on cloud security, virtualization security, trusted computing and more recently on security for containers. He is actively involved in several open source projects related to Linux virtualization, Linux containers, as well as the Linux... Read More →

Christian Brauner

Principal Software Engineer, Microsoft

LSS 2022 IMA Namespacing pdf

Thursday June 23, 2022 11:50am - 12:35pm CDT
402/403

Refereed Presentations

Session Type In Person

12:35pm CDT

Lunch (Attendees on Own)

Thursday June 23, 2022 12:35pm - 2:00pm CDT

Breaks / Networking / Registration

2:00pm CDT

How Can We Effectively Test Transient Execution Mitigations? - Russell Currey, IBM

Since the bombshell of Spectre and Meltdown dropped on the public in January 2018, there's been a steady trickle of new transient execution vulnerabilities over the years - with the recent BHI/Spectre-BHB (CVE-2022-0001 & CVE-2022-0002) as a timely reminder that this exploit class is the gift that keeps on giving. Hardware mitigations have been introduced with new CPU generations, but plenty of mitigations still exist in software, typically flushing various bits of state when switching between privilege boundaries. In the ongoing conflict between security and performance, how can we reliably know that are mitigations are working? We can write tests, but mitigation testing is tricky. Exploits that abuse microarchitectural details are inherently finicky, so making a functional test that you can run everywhere isn't easy. You can instead only test if a mitigation is correctly applied, but that doesn't tell you if it actually works against an attack. In this talk, Russell will discuss pros and cons of different testing methods, detail what's currently being used by the community, and look at how we could potentially do better in the future.

Speakers

Russell Currey

Software Engineer, IBM

Russell Currey is a software engineer at IBM, leading the kernel hardening effort for Linux on Power Systems. Russell primarily works on kernel memory protection features and automated testing of vulnerability mitigations. He also runs the public continuous integration services for... Read More →

Russell Currey LSSNA2022 pdf

Thursday June 23, 2022 2:00pm - 2:30pm CDT
402/403

Short Topics

Session Type Virtual

2:30pm CDT

Wide-Block Cipher Support and HCTR2 - Nathan Huckleberry, Google

For storage encryption, narrow-block ciphers such as AES-XTS are not ideal. They are used anyway because more theoretically sound constructions traditionally had problems that prevented their widespread use. However, if designed and implemented well, wide-block ciphers are better suited for the use case; not only are they more secure; they are also harder to accidentally misuse and are cryptographically cleaner. HCTR2 is a new wide-block encryption mode that is being added to the Linux Crypto API. It is the first such mode supported by Linux that takes advantage of existing cryptography instructions such as AES-NI, and it will allow for more secure storage encryption with minimal performance loss. This talk will cover background on wide-block cipher modes, limitations of narrow-block modes, wide-block cipher support in Linux, the design of HCTR2, and applying HCTR2 to filenames encryption in the ext4 and f2fs filesystems.

Speakers

Nathan Huckleberry

Software Engineer, Google

Nathan is a software engineer at Google working on storage encryption for Android. He previously worked on improving clang support in the kernel (compilation speed profiling, clang-tidy, and clang-analyzer in the kernel).

Thursday June 23, 2022 2:30pm - 3:00pm CDT
402/403

Short Topics

Session Type In Person

3:00pm CDT

Afternoon Break

Thursday June 23, 2022 3:00pm - 3:30pm CDT
Hallway 402/403

Breaks / Networking / Registration

3:30pm CDT

Preparing for Zero-Day: Vulnerability Disclosure in Open Source Software - Christopher Robinson, Intel; Anne Bertucio, Google & Art Manion, Carnegie Mellon University Software Engineer Institute

Open source software (OSS) is incredibly powerful - and while that power is often used for good, it can be weaponized when OSS projects contain software security flaws that attackers can use to compromise those systems, or even the entire software supply chains that those systems are a part of. The Open Source Security Foundation is an open, cross-industry group aimed at improving the security of the open source ecosystem. In this presentation, members of the OpenSSF Vulnerability Disclosure working group will be sharing with open-source maintainers advice on how to handle when researchers disclose vulnerabilities in your project’s codebase - and we’ll also take any questions you have about this often mysterious topic!

Speakers

Art Manion

Vulnerability Analysis Technical Manager, CERT/CC

Art Manion is a Principal Engineer and the Vulnerability Analysis Technical Manager at the CERT Coordination Center (CERT/CC), part of the Software Engineering Institute at Carnegie Mellon University. He and his team coordinate complex vulnerability disclosures, perform in-depth technical... Read More →

Anne Bertucio

Open Source Programs Office, Sr Manager, Google

Anne leads program development in Google’s Open Source Programs Office (OSPO). The Program Development Team helps teams at Alphabet develop, contribute to, and release open source software with an eye towards strategy, sustainability, and the spirit of the Open Source Definition... Read More →

Christopher (CRob) Robinson

Director of Security Communications, Intel

Christopher Robinson (aka CRob) is Director of Security Communications at Intel Product Assurance and Security CRob is a 42nd level Dungeon Master and a 25th level Securityologist. CRob has been involved in upstream open source security for a decade, and spent 6 years helping lead... Read More →

Thursday June 23, 2022 3:30pm - 4:30pm CDT
402/403

Refereed Presentations

Session Type In Person

4:30pm CDT

In-Person Attendee BoF Session: To Be Announced

This evening's BoF sessions are for in-person attendees.

Thursday June 23, 2022 4:30pm - 5:15pm CDT
402/403

BoF Sessions

8:00am CDT

Registration & Badge Pick-up

Friday June 24, 2022 8:00am - 1:00pm CDT
JW Grand Ballroom Foyer - Level 4

Breaks / Networking / Registration

9:00am CDT

Welcome Back & Remarks - James Morris

Speakers

James Morris

Linux Kernel & Security Manager, Microsoft

James is the maintainer of the Linux security subsystem, and engineering manager at Microsoft.

Friday June 24, 2022 9:00am - 9:05am CDT
402/403

Opening Remarks

Session Type In Person

9:05am CDT

Code Aware Services in the Service of Vulnerability Detection - Bartosz Zator, Samsung R&D Institute Poland

Modern software products have multiple configurations, hundreds of modules and various custom build steps, which makes it difficult to grasp the detailed subset of source code that gets shipped. Ensuring reliability and security of a complex product is even more difficult. We need tools that help engineers navigate through the growing complexity. In this talk we present Code Aware Services (CAS) developed while working on Android Linux kernel. CAS is a set of tools for extracting information from the build process and the source code. This includes data such as how a particular software image is created or information on functions, types and dependencies across them. CAS makes this data easily accessible to external applications. First, we present CAS components: our low-overhead build tracer kernel module and a clang-based source code processor. We then present examples of real tools built on top of CAS, such as web-based security code review system, support for structure-aware fuzzing of kernel components or an automated generator of off-target fuzzing harness code. Finally, we discuss possible directions of using CAS for general source code operations, e.g. smart indexing.

Speakers

Bartosz Zator

Head of Mobile Security, Samsung Poland Research Institute

Bartosz Zator is a mobile security manager at Samsung Electronics Poland R&D where he leads a team responsible for security assessment of mobile products software stack. Bartosz spent the last 16 years working on various aspects of mobile development, including Linux kernel development... Read More →

Bartosz Zator CAS LSS2022 pdf

Friday June 24, 2022 9:05am - 9:50am CDT
402/403

Refereed Presentations

Session Type Virtual
Speaker slides attached Yes

9:50am CDT

Cascade - A New High Level SELinux Policy Language - Daniel Burgener, Microsoft

Cascade is a work in progress new language for writing SELinux policy. It aims to improve usability, particularly targeting a model where core policy abstractions are written by experienced policy developers while application policy is written by application developers with minimal SELinux experience. This talk will describe the goals and design of Cascade, the progress so far, and our plans and goals to move the progress forward in the future.

Speakers

Daniel Burgener

Senior Software Engineer, Microsoft

Daniel has been working with SELinux for the past 10 years, the past 2 at Microsoft. He maintains SELint, a linter for refpolicy style SELinux policy, as well as Cascade, an early proof of concept for a new high level SELinux policy language. He spoke on SELint at LSS 2020.

Cascade LSS 2022 pdf

Friday June 24, 2022 9:50am - 10:35am CDT
402/403

Refereed Presentations

10:35am CDT

Morning Break

Friday June 24, 2022 10:35am - 11:05am CDT
Hallway 402/403

Breaks / Networking / Registration

11:05am CDT

PowerVM Platform Keystore - Securing Linux Credentials Locally - Nayna Jain, IBM

Security features like secure boot, disk encryption, and self-encrypting drives require access to asymmetric or symmetric keys at early boot. This implies a need for locally storing keys safely that later can be used by firmware, the bootloader, and the kernel during boot. PowerVM provides an isolated Platform Keystore(PKS) storage mechanism for each virtual machine, with individually managed access controls to store sensitive information securely. We are proposing a new Linux kernel interface to read, write, and modify security-sensitive objects in the PKS. The Linux kernel currently supports platform-specific keystore interfaces like EFI variables and PowerNV secure variables. With growing new requirements to support additional platform-specific interfaces, there is a concern regarding usability because of potentially multiple interfaces for different usecases. However, each platform and feature comes with its own underlying semantics, which have differences. This makes developing unified interface challenging. This talk discusses PowerVM PKS, Linux kernel driver for PKS, proposed user interface along with challenges and possibilities of developing a unified interface.

Speakers

Nayna Jain

Software Engineer, IBM

Nayna Jain is currently employed at IBM in Linux Technology Center. Currently, she is driving cryptography optimization and developing key management feature for Linux on POWER. She is also an active Linux kernel developer. Her past experience includes secure and trusted boot development... Read More →

NaynaJain PowerVM PlatformKeyStore SecuringLinuxCredentialsLocally pdf

Friday June 24, 2022 11:05am - 11:50am CDT
402/403

Refereed Presentations

Session Type Virtual

11:50am CDT

IMA Policy Support for fs-verity: A Win-win for IMA & fs-verity - Mimi Zohar, IBM

The original goals of the Linux Integrity subsystem - detect if files have been accidentally or maliciously altered, both remotely and locally, appraise a file's measurement against a "good" value stored as an extended attribute, and enforce local file integrity - based on a system wide policy have not changed, though new features have been added. One such feature is to verify "good" values stored as appended signatures. IMA support for including fs-verity file digests and signatures in the IMA measurement list, as well as verifying the fs-verity file digest based signatures, provides fs-verity with system wide policy support; and fs-verity closes an existing IMA integrity gap. This is a win-win scenario for fs-verity and IMA. This talk will describe the new fs-verity support, the IMA integrity gap closed by fs-verity, and if time permits other open integrity gaps.

Speakers

Mimi Zohar

Software Engineer, IBM

Mimi Zohar is a member of the Cloud and Systems Security Research group at the IBM T.J. Watson Research Center. Her current interests are in the areas of system security and integrity, a natural progression from prior work in firewall design for perimeter security. She is the linux-integrity... Read More →

LSS2022 NA IMA support for fsverity pdf

Friday June 24, 2022 11:50am - 12:20pm CDT
402/403

Short Topics

Session Type In Person

12:20pm CDT

Lunch (Attendees on Own)

Friday June 24, 2022 12:20pm - 2:00pm CDT

Breaks / Networking / Registration

2:00pm CDT

Establishing Trust in Linux Keyrings - Is Trust Built-in, Imputed, or Transitive? - Elaine Palmer, IBM Research & George Wilson, IBM Linux Technology Center

Keys are used in firmware, in the Linux kernel, and in user space. They are used to sign, verify, and encrypt other keys, code, and data. They come from multiple authorities, and those used in the kernel are typically embedded in the kernel image at kernel build time. Problems arise, however, when authorities and trust relationships are unknown at build time, because it is difficult to dynamically establish trust later. Dynamically loaded keys can derive their trust from firmware (imputed trust) or from a chain of certificates linked back to a trusted root (transitive trust). In Linux, keys are loaded onto keyrings. These keyrings define trust domains (e.g., I trust keys built-in by the distro, but not others), scope (e.g., OK in user space, but not in the kernel), and key usage constraints (e.g., OK for verifying keys, but not code). Additionally, keyrings can support different threat models (e.g., OK in laptops, but not in locked down servers). This talk will review some of the kernel keyrings currently in use, how they are used, restrictions and constraints placed upon them, and how trust can be evaluated.

Speakers

Elaine Palmer

Senior Technical Staff Member, IBM Research

Elaine Palmer is a Senior Technical Staff Member at the Thomas J. Watson Research Center, Yorktown Heights, NY, and a member of the IBM Academy of Technology. Her current interests are in extending principles of secure boot, measured boot, and attestation to subsystems of high availability... Read More →

George Wilson

Security Architect and Development Team Lead, IBM's Linux Technology Center

George Wilson is a security architect and development team lead in IBM's Linux Technology Center. Since joining the LTC in 2004, he has led IBM's Linux security certification activities and development of open source security technology including key management, Trusted Computing... Read More →

LSS 2022 trust and keyrings pdf

Friday June 24, 2022 2:00pm - 2:30pm CDT
402/403

Short Topics

Session Type In Person

2:35pm CDT

Update on Landlock: Lifting the File Reparenting Limits and Supporting Network Rules - Mickaël Salaün, Microsoft

Landlock is available in mainline since 2021, but with some limitations due to to incremental development. One of the most annoying limitations, especially for generic containers, is the inability to change the parent directory of a file, e.g. with rename(2) or link(2). In a first part, I'll explain what was the related challenges and how we can now use the new LANDLOCK_ACCESS_FS_REFER right to allow renaming and linking without risking bypassing the security policy. File system access control is required to protect data, but network access control is also very important. In a second part, I'll talk about the upcoming network access control support that will enable to create simple app-centric or container firewalls.

Speakers

Mickaël Salaün

Senior Software Engineer, Microsoft

Mickaël Salaün is a security researcher and open source enthusiast. He is mostly interested in Linux-based operating systems, especially from a security point of view. He has built security sandboxes before hacking into the kernel on a new LSM called Landlock, of which he is now... Read More →

2022 06 24 LSS Update on Landlock pdf

Friday June 24, 2022 2:35pm - 3:05pm CDT
402/403

Short Topics

Session Type In Person

3:10pm CDT

BPF LSM - Updates and What next? - KP Singh, Google

* Provide an update on the BPF LSM and how's it being used (at Google and in the broader community). Some examples and case studies of the telemetry and policies that can be built with the BPF LSM. * Share some of the new features that have been built since BPF LSM was introduced and how they are being used. (e.g. BPF atomics, local storage blobs). * Discuss what are the next things that need to happen for the BPF LSM and some ideas of new BPF helpers to help build even more advanced security policies. * What are some of the challenges and ideate on addressing them.

Speakers

KP Singh

Staff Software Engineer, Google

KP Singh is the author and maintainer of the mainline eBPF LSM (a.k.a KRSI) for flexible security audit and policy enforcement on Linux. At Google, he leads the effort to build telemetry and detection software deployed on Google's corp, prod and cloud endpoints spanning different... Read More →

Friday June 24, 2022 3:10pm - 3:40pm CDT
402/403

Short Topics

Session Type In Person

3:40pm CDT

Afternoon Break

Friday June 24, 2022 3:40pm - 4:10pm CDT
Hallway 402/403

Breaks / Networking / Registration

4:10pm CDT

BoF Session: To Be Announced

Friday June 24, 2022 4:10pm - 4:55pm CDT
402/403

BoF Sessions