Internals of Landlock: a new kind of Linux Security Module leveraging eBPF
Key | Action |
---|---|
K or space | Play / Pause |
M | Mute / Unmute |
C | Select next subtitles |
A | Select next audio track |
V | Show slide in full page or toggle automatic source change |
left arrow | Seek 5s backward |
right arrow | Seek 5s forward |
shift + left arrow or J | Seek 10s backward |
shift + right arrow or L | Seek 10s forward |
control + left arrow | Seek 60s backward |
control + right arrow | Seek 60s forward |
shift + down arrow | Decrease volume |
shift + up arrow | Increase volume |
shift + comma | Decrease playback rate |
shift + dot or shift + semicolon | Increase playback rate |
end | Seek to end |
beginning | Seek to beginning |
Share this media
Download links
HLS video stream
You can use an external player to play this stream (like VLC).
HLS video streamWhen subscribed to notifications, an email will be sent to you for all added annotations.
Your user account has no email address.
Information on this media
Links:
Number of views:
50Creation date:
July 4, 2018Speakers:
Mickaël SalaünLicense:
CC BY-SA v4Description
In this talk we explain the constraints and choices that led to the design of Landlock, a new Linux Security Module (LSM) proposal designed to let unprivileged users enforce their own security policy. Landlock has multiple new properties that can complete those of the current major LSMs (e.g. SELinux). Leveraging the eBPF engine, Landlock can apply multiple access controls and make them evolve over time, enabling developers to manage security policy per application instead of dealing with access-control rules defined for the whole system. We answer some questions such as: What are the constraints and good practices to properly extend the Linux kernel? How Landlock uses eBPF with the LSM framework? What are the required restrictions to express a security policy, with a bytecode like eBPF, in a safe way? We also show a new demo highlighting the dynamic aspect of Landlock.
This talk is intended to be a deep dive into some internals of Landlock. For a more general introduction to Landlock, you can get a look at https://landlock.io (FOSDEM 2018).
Mickaël Salaün
Mickaël is a security researcher, software developer and open source enthusiast. He is mostly interested in Linux-based operating systems, especially from a security point of view. He has built security sandboxes (e.g. StemJail) before hacking into the kernel on a new LSM called Landlock. He is currently employed by the French Network and Information Security Agency (ANSSI).
Other media in the channel "2018"
- 110 views, 8 this year, 1 this monthGlassfish from (IN)Secure adminJuly 6th, 2018
- 160 views, 3 this yearShadow on the Wall - Risks and Flaws with ShadowsocksJuly 6th, 2018
- 57 views, 3 this yearOpen Hardware for (software) offensive securityJuly 6th, 2018
- 48 views, 4 this yearFreedom Fighting Mode - Open Source Hacking HarnessJuly 6th, 2018
- 76 views, 1 this yearExpl-iot: IoT Security Testing FrameworkJuly 6th, 2018
- 23 viewsIo(M)T Security: A year in reviewJuly 6th, 2018