Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Date: Thu, 2 Nov 2017 14:47:35 +1100 (AEDT)
From: James Morris <>
Subject: Linux Security Summit 2017 Summary

The 2017 Linux Security Summit (LSS) [1] was held on Sept 14th and 15th in 
Los Angeles, USA.  It was co-located with Open Source Summit North America 
[2] (previously/including LinuxCon) and the Linux Plumbers Conference 
(LPC) [3].

LSS is unique as a security conference as it's dedicated to Linux and Open 
Source, and tends to be focused on defensive security engineering.

This year we had refereed presentations, Linux kernel security subsystem 
updates, and BoF topics.

The schedule is here:

Slides may be found here:
(and in some cases by clicking on the session topics).

There was no video this year, unfortunately, and we'll work on making that 
happen for next year.

Also, due to the LPC co-location and schedule overlap, we had no LWN 
coverage of the event.

You can find attendee coverage here:

There was also a shared day with LPC (on the 13th), where the TPMs and 
containers microconfs were held. See:

It was certainly useful to have so many security-interested Linux folk 
there across both conferences, although we will avoid co-locating with LPC 
in the future.  It's also useful to have some time between LPC and LSS for 
ideas raised at one to be developed further and discussed at the other.

For 2018, there will be a new European version of LSS, which will be held 
in addition to the main event in North America.  This will be led by Elena 
Reshetova, a member of the LSS program committee, who proposed the idea as 
there are a lot of Linux and Open Source security folk in Europe who may 
not be able to make it to the US event.  Stay tuned for an official 
announcement soon (all such announcements can be found at @LinuxSecSummit 
on twitter).

In terms of trends, over the past year, we've seen a lot of activity again 
in kernel hardening via the kernel self protection project, and you can 
see where things are at by looking at Kees' slides:

This work is primarily focused on forward-porting grsecurity/PaX to 
mainline, and I gather this will continue to be the case over the next 1-2 
years.  One of the most significant effects of the project is more 
mainline kernel developers gaining knowledge and skills in security via 
involvement in KSPP.  And culturally, there is also now much greater 
awareness of contemporary security threats and acceptance of the need to 
mitigate them.  Kernel security is hopefully becoming less of a 
specialized niche area, and more open to general kernel developers.

We're also seeing continued activity in TPMs (v2.0 stack developoment), 
integrity/boot verification, hardware-based mitigations, mobile/device, 
and containers.  There are lots of challenges across these areas, and the 
materials I've linked from LSS and LPC are a good place to start if you're 
interested in where things are at currently.



James Morris

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.