|| ||"Paul E. McKenney" <paulmck-AT-linux.vnet.ibm.com> |
|| ||news-AT-lwn.net |
|| ||LPC: Security Microconference |
|| ||Tue, 14 Jul 2009 01:04:38 -0700|
|| ||corbet-AT-lwn.net, jake-AT-lwn.net|
|| ||Article, Thread
I well remember not needing to lock the door as a kid, as well as the
anonymous/guest logins on the ARPANET and early Internet. Needless to
say, those days are gone forever. Security is now critically important,
even for the most obscure computer systems.
The Linux Plumbers Conference is fortunate to have James Morris and Paul
Moore as runners for the Security microconference. James and Paul are
quite prominent in the Linux security community, James in his role as
Linux kernel security subsystem maintainer, and Paul in a number of
roles, including leader of the NetLabel network-security subsystem.
The Security microconference is a double-length microconference this
year, as is fitting given the importance of security in today's world of
spammers, botnet controllers, and many other black-hat threats. In the
interest of brevity, only four of the ten selections are highlighted
below, but please rest assured that the remainder are every bit as
interesting and important, as can be seen at:
The first two topics recognize the importance of usability, something
that has all too often been neglected in the security field. After all,
even the best security mechanisms are of no use if users prefer to
disable them. To demonstrate how much progress SELinux has made in recent
years, Caleb Case will be showing a demo of SELinux on Ubuntu while Dan
Walsh showcases a bit of SELinux in Fedora that anyone can use, namely
application sandboxes. These demos are important steps towards the goal
of effective security measures designed for the typical Linux user.
We hope that numerous Linux users will attend these demos so as to
promote a vigorous and illuminating discussion.
The next topic takes a look at the Simplified Mandatory Access Control
Kernel (Smack) through the eyes of it's author, Casey Schaufler.
Casey presents a case study in Smack configuration by showing how Smack
can be used to provide additional security for a well-known commercial
database server. This should help both developers and users understand
how to apply these new advanced security mechanisms to their own systems
and applications, and will hopefully also start a productive collaboration
between developers at all levels of the FOSS stack.
The fourth and final topic, at least for the moment, is the Linux Kernel
Crypto API, presented by Herbert Xu. Given that Moore's Law is still
providing transistors, but is no longer increasing clock frequencies, we
can expect more hardware offload engines, including hardware encryption.
The Linux Kernel Crypto API is critically important for timely support
of such hardware. In addition, Herbert will describe user-space APIs
and how this API might be generalized beyond cryptographic algorithms.
Given the need to change cryptographic algorithms as they weaken, either
due to newly discovered attacks or due to the inexorable increase in
available computing power, we can expect the Linux Kernel Crypto API to
have a key role to play in the security arena -- and to require continued
refinement as security requirements change over time.
We hope to see you there!!!
to post comments)