Linux kernel v4.15 was released last week, and there’s a bunch of security things I think are interesting:[…]
https://outflux.net/blog/archives/2018/02/05/security-things-in-linux-v4-15/
Tag Archives: Kees Cook
Kees on Linux 4.14 security enhancements
Kees Cook has a new blog post, talking about new security features in Linux kernel 4.14.
vmapped kernel stack on arm64
set_fs() balance checking
SLUB freelist hardening
setuid-exec stack limitation
randstruct automatic struct selection
structleak passed-by-reference variable initialization
improved boot entropy
eBPF JIT for 32-bit ARM
seccomp improvements
https://outflux.net/blog/archives/2017/11/14/security-things-in-linux-v4-14/
Kees Cook on Linux 4.13 security features
Kees has a new blog post with a list of interesting new security features in the Linux kernel:
https://outflux.net/blog/archives/2017/09/05/security-things-in-linux-v4-13/
Kees on Linux kernel 4.11 security
Here’s a quick summary of some of the interesting security things in this week’s v4.11 release of the Linux kernel:[…]
https://outflux.net/blog/archives/2017/05/02/security-things-in-linux-v4-11/
Cook on status of Linux’s Kernel Self Protection Project
A few days ago at the Linux Security Summit (LSS), Kees Cook of the Chromium project gave a presentation about the current status of the Kernel Self-Protection Project. Slides are available, I’m not sure about any A/V archives.
Status of the Kernel Self Protection Project
Linux Security Summit 2016
https://outflux.net/slides/2016/lss/kspp.pdf
Kernel Self Protection Project
http://www.openwall.com/lists/kernel-hardening/
http://kernsec.org/wiki/index.php/Kernel_Self_Protection_Project
Linux Security Summit 2015 proceedings available
As part of LinuxCon North America, the Linux Security Summit recently finished, and presentations are now available (I omitted the few talks which had no presentations from below list):
* Keynote: Giant Bags of Mostly Water – Securing your IT Infrastructure by Securing your Team, Konstantin Ryabitsev, Linux Foundation
* CC3: An Identity Attested Linux Security Supervisor Architecture, Greg Wettstein, IDfusion
* SELinux in Android Lollipop and Android M, Stephen Smalley, NSA
* Discussion: Rethinking Audit, Paul Moore, Red Hat
* Assembling Secure OS Images, Elena Reshetova, Intel
* Linux and Mobile Device Encryption, Paul Lawrence, Mike Halcrow, Google
* Discussion: Core Infrastructure Initiative, Emily Ratliff, Linux Foundation
* Security Framework for Constraining Application Privileges, Lukasz Wojciechowski, Samsung
* IMA/EVM: Real Applications for Embedded Networking Systems, Petko Manolov, Konsulko Group, Mark Baushke, Juniper Networks
* Ioctl Command Whitelisting in SELinux, Jeffrey Vander Stoep, Google
* IMA/EVM on Android Device, Dmitry Kasatkin, Huawei Technologies
* Subsystem Update: Smack, Casey Schaufler, Intel
* Subsystem Update: AppArmor, John Johansen, Canonical
* Subsystem Update: Integrity, Mimi Zohar, IBM
* Subsystem Update: SELinux, Paul Moore, Red Hat
* Subsystem Update: Capabilities, Serge Hallyn, Canonical
* Subsystem Update: Seccomp, Kees Cook, Google
* Discussion: LSM Stacking Next Steps, Casey Schaufler, Intel
http://kernsec.org/wiki/index.php/Linux_Security_Summit_2015/Schedule
