Linux Security Summit Europe 2022: Full Schedule

September 15 - 16, 2022 | Dublin, Ireland + Virtual
View More Details & Registration Information
Note: The schedule is subject to change.

Please note all session times are listed in Irish Standard Time (IST), UTC +1.
To view the schedule at your preferred time, please choose your location on the right-hand navigation panel under ’Timezone.’

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for Linux Security Summit Europe 2022 to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

09:00 IST

Welcome & Opening Remarks - Elena Reshetova, Intel

Speakers

Elena Reshetova

Security architect, Intel

Elena Reshetova is a security architect and researcher at Intel working on various Linux security projects. Her current research interests evolve around Linux kernel hardening for the confidential cloud computing.

Thursday September 15, 2022 09:00 - 09:05 IST
Liffey A (Level 1)

Opening Remarks

Speaker Details In Person

09:10 IST

io_uring: So Fast. It's Scary. - Paul Moore, Microsoft

The io_uring subsystem was introduced in Linux v5.1 and provided a new way to do asynchronous I/O on Linux, improving on the existing AIO subsystem. Since then io_uring has been a source of active development, gaining the ability to delegate credentials across process boundaries in Linux v5.6. Unfortunately, all of this happened without engaging the LSM community, and as a result LSM access controls were not added to io_uring until Linux v5.16. This talk will discuss the challenges in adding LSM controls to the io_uring subsystem, thoughts on why the controls lagged the functional development, and what the LSM community might do to help reduce the changes of similar problems in the future.

Speakers

Paul Moore

Principal Software Engineer, Microsoft Corporation

Paul Moore has been involved in various Linux platform security efforts since 2004 at Hewlett-Packard, Red Hat, Cisco, and Microsoft. He currently maintains the Linux Security Module (LSM) layer as well as the SELinux, audit, and labeled networking subsystems in the Linux Kernel... Read More →

2022 lss eu iouring lsm pcmoore r3 pdf

Thursday September 15, 2022 09:10 - 09:55 IST
Liffey A (Level 1)

Refereed Presentations

Speaker Details In Person
Presentation Slides Attached Yes

09:55 IST

Morning Break ☕

Thursday September 15, 2022 09:55 - 10:25 IST
Liffey A (Level 1)

Breaks / Networking / Registration

10:25 IST

Flexible Array Transformations and Array-bounds Checking - Gustavo A. R. Silva, The Linux Foundation

Having a dynamically-sized trailing array at the end of a structure is a useful code construct in the Linux kernel. However, the lack of proper bounds-checking on such objects is concerning and worth making an effort to remediate it. This presentation is about the different strategies we, in the Kernel Self-Protection Project, have been following along the last couple of years to transform trailing zero-length and one-element arrays into modern C99 flexible-array members, and the problems we have run into in the process. We will touch on how this work is closely related and helpful to the most recent efforts to hardening key APIs like memcpy() and globally enabling options like -Warray-bounds. We will explain how we've been addressing the particularly challenging one-element array into flexible-array member transformations in UAPI. Also, we'll see how the fact that compilers like GCC have historically treated all trailing arrays, no matter what their size, as flexible-sized arrays, is problematic and causes trouble when it comes to perform proper array-bounds checking on such objects, and how the introduction of a new option like -fstrict-flex-arrays could help.

Speakers

Gustavo A. R. Silva

Upstream Linux Kernel Engineer, The Linux Foundation

Gustavo works full-time as an upstream Linux kernel Engineer, focused on security. Over the last years, he’s been hunting and fixing all sorts of bugs and issues all over the kernel tree. He is an active contributor to the Kernel Self-Protection Project and his work is supported... Read More →

lsseu2022 flex array transformations pdf

Thursday September 15, 2022 10:25 - 11:10 IST
Liffey A (Level 1)

Refereed Presentations

Speaker Details In Person
Presentation Slides Attached Yes

11:15 IST

HotBPF - An On-demand and On-the-fly Memory Protection for the Linux Kernel - Yueqi Chen, University of Colorado Boulder & Zhenpeng Li, Northwestern University

Oftentimes there can be a large window between a kernel vulnerability disclosure and its remediation, leaving the system open for exploitation. In this talk, we will present the design of a mechanism that can protect the Linux kernel from memory exploitation during this time window. In addition to this, this protection has the following extra advantages: 1) enabled on-the-fly without recompiling/rebooting the system. 2) independent of hardware features and hypervisor - can be widely deployed in various scenarios (e.g., embedded systems and cloud servers). 3) lightweight - overall 2% - 3% performance overhead. In this talk, we will describe the design and evaluation of this protection. We will start from its static analysis part which identifies vulnerable structures (i.e., where corruption happens) that need separation. Then, we will describe how we extend the eBPF mechanism and virtual memory allocator to isolate vulnerable structures on-the-fly and thus avoid overwriting/overreading sensitive kernel data. Finally, we will systematically evaluate the protection's performance at different levels of granularity and measure its security improvement using a set of real-world attacks.

Speakers

Yueqi Chen

Assistant Professor, University of Colorado Boulder

Yueqi Chen is an Assistant Professor in the Department of Computer Science at the University of Colorado Boulder. He was awarded the IBM Ph.D. Fellowship 2020-2022. In general, his research focuses on system security and software security. He is particularly interested in developing... Read More →

Zhenpeng Li

Ph.D. Student, Northwestern University

Zhenpeng Lin is a Ph.D. student at Northwestern University, advised by Dr. Xinyu Xing. His research focuses on OS exploitation and defense. He loves hacking in the real world. As an exploiter, He has demonstrated many Linux kernel exploitation on Google's products (COS) on KCTF VRP... Read More →

Thursday September 15, 2022 11:15 - 12:00 IST
Liffey A (Level 1)

Refereed Presentations

Speaker Details Virtual

13:30 IST

Device Attestation in Hardware TEE based Confidential Computing - Jiewen Yao & Jun Nakajima, Intel

Confidential computing protects data in use by performing computation in a hardware-based Trusted Execution Environment (TEE). One use case is that a TEE virtual machine (VM) may want to transfer the workload to a device for acceleration. In order to maintain the confidentiality of the workload, the VM should perform the device attestation to ensure that the VM is communicating with an authentic device with expected status, such as secure version number and mutable firmware measurement version. This presentation will discuss the device attestation model and how to apply the model to support the device attestation in the TEE VM, including how the VM collects the device identity and evidence information and how the VM verifies the information before accepting the device for offloading the workload.

Speakers

Jiewen Yao

Principal Engineer, Intel

Jiewen Yao is a principal engineer in the Intel Software and Advanced Technology Group. He has been engaged as a firmware developer for over 18 years and working on Intel confidential computing solution. In the industry, he is chairing DMTF SPDM code task force, and being member of... Read More →

Jun Nakajima

Sr. Principal Engineer, Intel Corporation

Jun Nakajima is a Senior Principal Engineer at the Intel Open Source Technology Center, leading virtualization and security for open source projects. Jun presented a number of times at technical conferences, including LSS, KVM Forum, Xen Summit, LinuxCon, OpenStack Summit, and USENIX... Read More →

lss eu22 Device Attestation in Hardware TEE based Confidential Computing pdf

Thursday September 15, 2022 13:30 - 14:15 IST
Liffey A (Level 1)

Refereed Presentations

Speaker Details Virtual
Presentation Slides Attached Yes

14:20 IST

AMD SEV-SNP Attestation: Establishing Trust in Guests - Jeremy Powell, Advanced Micro Devices

In a confidential compute environment, the untrusted hypervisor controls the configuration of the platform and the launch of the secure guest. Guests VMs that run in the confidential compute environment constructed by AMD SEV Secure Nested Paging (AMD SEV-SNP) can retrieve a signed document, called an attestation report, that contains measurements and configuration information of both the platform and the guest. Relying parties can use the attestation report to establish trust with the guest before granting access to secrets and sensitive resources to a guest. This talk will explain how attestation works in SEV-SNP, how attestation reports can be securely verified, and how attestation can fit into the Linux guest boot flow.

Speakers

Jeremy Powell

Security Architect, Advanced Micro Devices

Jeremy Powell is a security architect at Advanced Micro Devices working on confidential compute technology where he is responsible for the design of the SNP firmware interface and the lifecycle management of SNP guests. He has worked in security for 12 years with 7 years of focus... Read More →

Thursday September 15, 2022 14:20 - 15:05 IST
Liffey A (Level 1)

Refereed Presentations

Speaker Details In Person

15:05 IST

Afternoon Break ☕

Thursday September 15, 2022 15:05 - 15:35 IST
Liffey A (Level 1)

Breaks / Networking / Registration

15:35 IST

Secure and Dynamic Hardware Partitioning Management on Heterogeneous SoC - Zahra Tarkhani, Microsoft Corporation

Heterogeneous SoC architectures enable a wide range of functionalities, notably for modern IoT/edge platforms. Modern SoCs contain heterogeneous CPUs (e.g., a combination of ARM and RISC-V architectures) and peripherals. As a result, the systems stack on such devices includes multiple OSs (e.g., Linux and FreeRTOS), hypervisors, or TEEs (trusted execution environments). Hence secure partitioning and sharing hardware resources within such complex system layers is challenging. Static hardware partitioning at boot time can not satisfy most use cases' security, performance, or compatibility requirements. This talk describes a hardware-assisted dynamic partitioning framework for Linux- and TEE-based heterogeneous architectures. We first summerise state-of-the-art hardware features for fine-grained privilege separation. Then we discuss how our solution modifies the Linux kernel, trusted firmware, and TEE kernel to achieve this goal while resolving various security and functionality challenges.

Speakers

Zahra Tarkhani

Microsoft

Zahra works at Microsoft and her work is focused on systems, security and IoT. Recently, she finished her PhD at the University of Cambridge, where she worked on enhancing hardware-assisted mechanisms in privilege separation, compartmentalization, threat analysis, and attack inve... Read More →

lss eu talk pptx

Thursday September 15, 2022 15:35 - 16:20 IST
Liffey A (Level 1)

Refereed Presentations

Speaker Details Virtual
Presentation Slides Attached Yes

16:25 IST

In-Person Attendee BoF Session: To Be Announced

Thursday September 15, 2022 16:25 - 17:10 IST
Liffey A (Level 1)

BoF Sessions

09:00 IST

Welcome Back & Remarks - Elena Reshetova, Intel

Speakers

Elena Reshetova

Security architect, Intel

Friday September 16, 2022 09:00 - 09:05 IST
Liffey A (Level 1)

Opening Remarks

Speaker Details In Person

09:10 IST

Sanitizing the Linux Kernel — On KASAN and other Dynamic Bug-finding Tools - Andrey Konovalov, xairy.io

The go-to tools for detecting bugs in the Linux kernel are the Sanitizers. Most notably — Kernel Address Sanitizer (KASAN). KASAN detects memory safety issues: out-of-bounds and use-after-free bugs in slab, page_alloc, vmalloc, stack, and global memory. The speaker will talk about KASAN's implementation and practical usage and will also briefly cover other Sanitizers.

Speakers

Andrey Konovalov

Security Engineer, xairy.io

Andrey Konovalov is a security engineer focusing on the Linux kernel. Andrey is a contributor to several security-related Linux kernel subsystems and tools: KASAN — a bug detector and a security mitigation, KCOV — a coverage collection subsystem, and syzkaller — a production-grade... Read More →

2022, LSS Europe Sanitizing the Linux Kernel pdf

Friday September 16, 2022 09:10 - 09:55 IST
Liffey A (Level 1)

Refereed Presentations

Speaker Details In Person

09:55 IST

Morning Break ☕

Friday September 16, 2022 09:55 - 10:25 IST
Liffey A (Level 1)

Breaks / Networking / Registration

10:25 IST

Finally, a Smack Reference Policy - Casey Schaufler, The Smack Project

The Simplified Mandatory Access Control Kernel (Smack) Linux security module was introduced in 2008 and is currently used in millions of devices. Unlike SELinux and AppArmor, Smack has never been supported by a major Linux distribution. The greatest barriers to distribution support have been that only one "major" security module can be used at a time and that there has been no example of a Smack rule set to use as a basis for a distribution's policy. In this talk Casey Schaufler, the author of Smack, will describe a new effort to create a reference set of Smack rules and apply it to a major Linux distribution. The talk starts with a description of how Smack rules work and how they differ from SELinux and AppArmor policy. It moves on to cover the threats being addressed and how a "three domain" approach provides the required protection. How a distribution to target was chosen is revealed and what steps are taken to keep the scheme flexible enough to be useful elsewhere. The current state of the effort and the identified challenges are presented. Finally, there will be an invitation for additional participation in the project.

Speakers

Casey Schaufler

Founder, The Smack Project

Casey Schaufler founded the Smack project in 2006 after an especially heated debate with the SELinux developers on a topic now long forgotten. He has been developing secure operating systems since the late 1980's, starting the system that became Trusted Solaris and architecting Trusted... Read More →

2022 LSSEU SmackReferencePolicy pdf

Friday September 16, 2022 10:25 - 11:10 IST
Liffey A (Level 1)

Refereed Presentations

Speaker Details Virtual
Presentation Slides Attached Yes

11:15 IST

What's New in the User Namespace - Stephane Graber, Canonical Ltd. & Christian Brauner, Microsoft Corp.

The user namespace has grown a lot since its introduction some 9 years ago. However, it is still very far from ubiquitous, even in the modern container space. In this talk, we'll be exploring the current state of things and delve into some of the exciting developments that have recently landed or will be landing very soon. This will cover the very exciting work done on the new VFS API and VFS idmap shifting, now making it very easy to setup containers without having to first mangle their root filesystem. More importantly, also allowing containers relying on shared filesystem layers to be easily run unprivileged. On the security front, we'll be covering the work to better mediate the use of the user namespace, allowing LSMs to decide who can or cannot create a user namespace. As well as the recent addition of IMA namespacing now makes it possible to have an entire system measured and checked, containers included. We'll wrap things up looking ahead for any other major blocker to the adoption of user namespace and the deprecation of much less safe container options.

Speakers

Stephane Graber

Project leader for LXD, Canonical Ltd.

Stéphane Graber is the upstream project leader for LXC and LXD at Canonical and a frequent speaker and track leader at events related to containers and Linux. Stéphane is a longtime contributor to the Ubuntu Linux distribution as an Ubuntu core developer and previous Ubuntu technical... Read More →

Christian Brauner

Principal Software Engineer, Microsoft Corp.

Christian Brauner is a kernel developer and maintainer of the LXD and LXC projects currently working at Microsoft. He works mostly upstream on the Linux Kernel maintaining various bits and pieces. He is strongly committed to working in the open, and an avid proponent of Free Software... Read More →

LSSEU 2022 User namespace pdf

Friday September 16, 2022 11:15 - 12:00 IST
Liffey A (Level 1)

Refereed Presentations

Speaker Details In Person
Presentation Slides Attached Yes

13:30 IST

State of Intel SGX in Linux - Jarkko Sakkinen & Roman Volosatovs, Profian Inc

We go through the current state of the Intel SGX support in the Linux kernel and userland. The topics covered include the kernel interface and its features, and available confidential computing run-times supporting SGX. Since getting into the mainline kernel late 2020, the SGX software ecosystem has started to get mature enough for production, and is the only cloud-scale confidential computing technology fully in the mainline kernel so far.

Speakers

Roman Volosatovs

Senior Software Engineer, Profian

Jarkko Sakkinen

Software Engineer, Profian Inc

Linux kernel hacker and software engineer, employed currently by confidential computing company Profian Inc. Co-maintainer in Linux keyring, trusted keys, TPM driver and Intel SGX. Contributor to the Enarx condifential computing platform of which custodian Profian is.

LSS 2022 SGX pdf

Friday September 16, 2022 13:30 - 14:15 IST
Liffey A (Level 1)

Refereed Presentations

Speaker Details In Person
Presentation Slides Attached Yes

14:20 IST

Introducing IO Devices into Trusted Execution Environments - Jun Nakajima, Intel Corporation

Confidential computing protects data in use by performing computation in a hardware-based Trusted Execution Environment (TEE) such as Intel SGX or Intel’s upcoming Trust Domain Extensions (Intel TDX). Today, PCIe-attached devices are outside the TEE’s trust boundary and not allowed to read/write confidential memory. This limitation requires TEE VMs to stage the data sent or received from devices in a shared memory buffer accessible to the TEE, IO device and VMM. Further, to protect the confidentiality and integrity of data in the buffer, the data must be encrypted by the sender (either the IO device or TEE VM), transferred to the shared buffer, then decrypted by the receiving entity using software-based encryption/decryption. This process results in additional latency and overhead that negatively impacts application performance. This presentation will focus on security and software changes required to support IO in trusted execution environments. The software requirements for TEE VMs to securely use a device in the Trusted Computing Base with DMA operations against confidential memory using encryption/decryption will be discussed.

Speakers

Jun Nakajima

Sr. Principal Engineer, Intel Corporation

LSS 2022 nakajima pdf

Friday September 16, 2022 14:20 - 15:05 IST
Liffey A (Level 1)

Refereed Presentations

Speaker Details Virtual
Presentation Slides Attached Yes

15:05 IST

Afternoon Break ☕

Friday September 16, 2022 15:05 - 15:35 IST
Liffey A (Level 1)

Breaks / Networking / Registration

15:35 IST

Improving Unmodified Classic Application Confinement - John Johansen & Georgia Garcia, Canonical

Canonical uses snap application sand boxing to improve application security. While applications can be rewritten or modified to use portals and other privilege separation there are many applications that need to be run from confinement without modification. This presentation will cover the set of techniques being used and/or experimented with to improve application confinement without over burdening the user. This includes a variety of different techniques from notifying notifying userspace to allow it to provide policy updates and a more nuanced response, application and file tagging, to providing better control over environment variables and dynamic policy composition.

Speakers

John Johansen

Security Engineer, Canonical

John Johansen began working with open source software in the late 80s and began playing with Linux in 93. He completed a masters in mathematics at the University of Waterloo and the began working for Immunix doing compiler hardening, and then AppArmor. After Immunix was acquired by... Read More →

Georgia Garcia

Software Engineer, Canonical

Georgia is a software engineer working doing proactive security at Canonical.

lss eu 2022 pdf

Friday September 16, 2022 15:35 - 16:20 IST
Liffey A (Level 1)

Refereed Presentations

Speaker Details In Person
Presentation Slides Attached Yes

16:25 IST

In-Person Attendee BoF Session: To Be Announced

Friday September 16, 2022 16:25 - 17:10 IST
Liffey A (Level 1)

BoF Sessions