Download as PDF, PPTX
More Related Content
Similar to Linux Security Status on 2017
![Governance, Deployment & Methodologies for Agentic Automation [2/3]](https://cdn.slidesharecdn.com/ss_thumbnails/agenticcommunityseries-day2-251112135038-a386476d-thumbnail.jpg?width=640&height=640&fit=bounds)
Linux Security Status on 2017
- 1. Linux Security 2017status and AppArmor info. Kazuki Omo( 面 和毅 ): [email protected] Secure OSS Sig. : http://www.secureoss.jp
- 2. 2 Who am I? - Security Researcher/Engineer (17 years) - SELinux/MAC Evangelist (12 years) - Antivirus Engineer (3 years) - SIEM Engineer (3 years) - Linux Engineer (17 years)
- 3. 3 Agenda - Current LinuxSecurity Trend - Update for AppArmor
- 4. Current Linux SecurityStatus
- 5. 5 Current Linux SecurityStatus No one is talking about these Anymore!! In Japan OSS env... - How to enforce user to enable SELinux/AppArmor. - Why SELinux is better than AppArmor. - Why you need to enable SELinux/AppArmor….
- 6. 6 Current Typical LinuxSecurity Projects. - Kernel hardening - Working with ChipSet - MAC, Capability, SecComp. - Userland (Container)
- 7.
- 8. 8 ARM Protect against illicitmodification of pointers
- 9.
- 10. 10 AMD Encrypt for trulyseparate each VMs.
- 11. 11 AMD Performance degrade isnegligible.
- 12. 12 AMD Separate HostOS andGuestOS
- 13. 13 TPM2 Support Trusted Boot/ Integrity Mgmt / Log for analyze
- 14. 14 Current Typical LinuxSecurity Projects. - Kernel hardening - Working with ChipSet - MAC, Capability, SecComp. - Userland (Container)
- 15.
- 16.
- 17.
- 18.
- 19. 19 Kernel Self Protection Discussionfor Stack Clash jump Stack Stack guard
- 20. 20 Current Typical LinuxSecurity Projects. - Kernel hardening - Working with ChipSet - MAC, Capability, SecComp. - Userland (Container)
- 21.
- 22. 22 ARM Use Secure bootfor integrity check.
- 23. 23 Google Android: default(hash forintegrity check.)
- 24.
- 25. 25 SE-Android SELinux is “alreadyworking” on Android. Mitigating
- 26. 26 SE-Android Now they arefocusing how to easy to maintain.
- 27. 27 SE-Android Now they arefocusing how to easy to maintain.
- 28. 28 Current Typical LinuxSecurity Projects. - Kernel hardening - Working with ChipSet - MAC, Capability, SecComp. - Userland (Container)
- 29. MAC, Attack SurfaceReducing, etc.
- 30. 30 Access Control Pre: Docker(CentOS) →SELinux Enabled Docker(AppArmor) → AppArmor Enabled Disable SELinux? Disable AppArmor?
- 31. 31 Container A Host OS AccessControl (Stackable LSM) Container B Container C How to Mix them. → Stackable Container/Cloud: Host Env is given by Host-Admin.
- 32. 32 Attack Surface Reducing seccomp Systemcall filtering
- 33.
- 34. 34 AppArmor Updates Stacking LSM/ containers
- 35. 35 AppArmor Updates Policy Namespaces& Stacking
- 36.
- 37. 37 Conclusion - Linux Securityis still growthing. - Not so much information in Japan. - We will keep to watching/spreading/contributing.
- 38.
- 39.