Date: Thu, 2 Nov 2017 14:47:35 +1100 (AEDT) From: James Morris <jmorris@...ei.org> To: oss-security@...ts.openwall.com Subject: Linux Security Summit 2017 Summary The 2017 Linux Security Summit (LSS)  was held on Sept 14th and 15th in Los Angeles, USA. It was co-located with Open Source Summit North America  (previously/including LinuxCon) and the Linux Plumbers Conference (LPC) . LSS is unique as a security conference as it's dedicated to Linux and Open Source, and tends to be focused on defensive security engineering. This year we had refereed presentations, Linux kernel security subsystem updates, and BoF topics. The schedule is here: http://events.linuxfoundation.org/events/archive/2017/linux-security-summit/program/schedule Slides may be found here: http://events.linuxfoundation.org/events/archive/2017/linux-security-summit/program/slides (and in some cases by clicking on the session topics). There was no video this year, unfortunately, and we'll work on making that happen for next year. Also, due to the LPC co-location and schedule overlap, we had no LWN coverage of the event. You can find attendee coverage here: http://blog.namei.org/2017/10/02/linux-security-summit-2017-roundup/ http://www.paul-moore.com/blog/d/2017/09/linux-security-summit.html https://tyhicks.com/2017/09/22/2017-Linux-Security-Summit-Day-1/ https://tyhicks.com/2017/09/25/2017-Linux-Security-Summit-Day-2/ There was also a shared day with LPC (on the 13th), where the TPMs and containers microconfs were held. See: https://etherpad.openstack.org/p/LPC2017_TPM https://etherpad.openstack.org/p/LPC2017_Containers It was certainly useful to have so many security-interested Linux folk there across both conferences, although we will avoid co-locating with LPC in the future. It's also useful to have some time between LPC and LSS for ideas raised at one to be developed further and discussed at the other. For 2018, there will be a new European version of LSS, which will be held in addition to the main event in North America. This will be led by Elena Reshetova, a member of the LSS program committee, who proposed the idea as there are a lot of Linux and Open Source security folk in Europe who may not be able to make it to the US event. Stay tuned for an official announcement soon (all such announcements can be found at @LinuxSecSummit on twitter). In terms of trends, over the past year, we've seen a lot of activity again in kernel hardening via the kernel self protection project, and you can see where things are at by looking at Kees' slides: http://schd.ws/hosted_files/lss2017/aa/LSS-2017-Kernel-Self-Protection-Project.pdf This work is primarily focused on forward-porting grsecurity/PaX to mainline, and I gather this will continue to be the case over the next 1-2 years. One of the most significant effects of the project is more mainline kernel developers gaining knowledge and skills in security via involvement in KSPP. And culturally, there is also now much greater awareness of contemporary security threats and acceptance of the need to mitigate them. Kernel security is hopefully becoming less of a specialized niche area, and more open to general kernel developers. We're also seeing continued activity in TPMs (v2.0 stack developoment), integrity/boot verification, hardware-based mitigations, mobile/device, and containers. There are lots of challenges across these areas, and the materials I've linked from LSS and LPC are a good place to start if you're interested in where things are at currently. References:  http://events.linuxfoundation.org/events/archive/2017/linux-security-summit  http://events.linuxfoundation.org/events/open-source-summit-north-america  http://www.linuxplumbersconf.org/2017/ -- James Morris <jmorris@...ei.org>
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.