|
|
Log in / Subscribe / Register

Security Microconf

Security Microconf

Posted Feb 13, 2009 23:55 UTC (Fri) by jamesmrh (guest, #31622)
Parent article: 2009 Linux Plumbers Conference Call For Topics

I think it'd be useful to hold a miniconf on the topic of Linux security integration.

We have a rapidly growing set of security features in Linux, including: Access control (SELinux, SMACK, Tomoyo etc.), Integrity, Crypto, FS Capabilities, Desktop (XACE), Storage (LNFS) and likely soon Anti-malware.

Developers in these areas, along with general developers (e.g. distro integration folk) could get together to discuss issues relating to how these components can be integrated and leveraged. Possible topics might include:

- Utilizing TPM with disk encryption
- Encouraging ISV adoption of security features (v. hard problem)
- Improving the end-user experience
- Best practices for integrating FS caps (etc.) into distros
- Securing the desktop
- WIP updates for major projects in development (e.g. anti-malware).

I wonder if 2.5 hours would be enough, though.

to post comments

Security Microconf

Posted Feb 14, 2009 17:48 UTC (Sat) by niv (guest, #8656) [Link] (1 responses)

If 2.5 hours are not enough - we can probably accommodate somehow (longer sessions? multiple?). Don't let that stop anyone from proposing ideas - our format isn't exactly carved in stone. If you have an suggestion or an estimate for how much time the session might take, feel free to provide that info too.

Security Microconf

Posted Feb 19, 2009 0:58 UTC (Thu) by jamesmrh (guest, #31622) [Link]

I've also had some interest expressed via private email -- it seems we'd easily fill a day for a security microconf. I'd be happy to volunteer as the runner.

Security Microconf

Posted Feb 17, 2009 23:18 UTC (Tue) by pcmoore (subscriber, #37989) [Link]

Let's not forget virtualization security, there are a few things going on in the libvirt space (ACLs, sVirt) that look interesting. I also think there is work to be done to help make the labeled networking bits in the kernel more appealing for non-hardcore users (some friendly tools?), but that may not be a very popular topic (although it remains dear to me <g>).

Regardless, I agree that 2.5 hours would likely be nowhere near long enough for all the topics that would likely fall into a "Security Microconf".

Security Microconf

Posted Apr 16, 2009 12:47 UTC (Thu) by pragmatine (guest, #39557) [Link]

Its interesting to see the focus on 'Securing the desktop', but none of the current access control LSMs in the kernel are really targeted to this - they focus on static, server oriented type policies, whereas the desktop is a much more dynamic environment, and providing a least authority implementation for desktop apps using these existing MAC frameworks seems far too cumbersome - and they do not provide the kind of flexibility that is really needed - perhaps a focus on more desktop oriented frameworks such as PULSE[1, 2] (yes I am pushing my own previous research work) would be good.

[1] http://crpit.com/abstracts/CRPITV81Murray.html
[2] http://sourceforge.net/projects/pulse-lsm/


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds