kernel security for 2.8 - kernel summit 2004
DESCRIPTION
"Kernel Security for 2.8", presentation given at the Linux Kernel Summit in Ottawa in 2004. Note that this was when we were still expecting to have versions 2.7/2.8.TRANSCRIPT
Kernel Security for 2.8
Linux Kernel SummitOttawa 2004
James Morris, Red Hat
Current StatusSeveral security features in 2.6:
● LSM● Crypto API (software)● Cryptoloop● dm-crypt● IPSec● SELinux (MAC, RBAC)● NX● Audit Framework● Syscall Auditing
Discussion?
Potential Future Directions (2.7+)● SELinux:
● MLS (multilevel security)● Labeled networking● Integration with resource management● NFSv4 integration
● Virtualization:● Increased isolation● Polyinstantiation
● Hardware Crypto API● Kernel keyring management● More LSM applications?● Continued refinement of Netfilter● Signed modules (2.6?)● Signed binaries● Exec-shield (2.6?)● TPM● LT● Better capabilities (Chris Wright)● Separate out DAC (Chris Wright)