The Linux Foundation

Security in Zephyr and Fuchsia - Stephen Smalley & James Carter, National Security Agency Zephyr and Fuchsia are two emerging open source operating systems with very different architectures and approaches to security compared to each other and to Linux. Zephyr is a real-time operating system (RTOS) targeting Internet of Things …

Opening Remarks - James Morris, Microsoft About James Morris Kernel Developer, Microsoft James is the maintainer of the Linux security subsystem, and kernel engineer at Microsoft.

Making C Less Dangerous - Kees Cook, Google With the kernel written in C, it comes with some worrisome baggage, "undefined" behaviors, and other weaknesses that lead to security flaws and vulnerable infrastructure. Some of these weaknesses related to the design of chipsets and how close C is to machine …

STACKLEAK: A Long Way to the Linux Kernel Mainline - Alexander Popov, Positive Technologies STACKLEAK is a Linux kernel security feature initially created by Grsecurity/PaX developers. In May of 2017 Alexander Popov took on the task of introducing STACKLEAK into the Linux kernel mainline. The way to the mainline turned …

Using the TPM NVRAM to Protect Secure Boot Keys in POWER9 OpenPOWER Systems - Claudio Siqueira de Carvalho, IBM In OpenPOWER systems, most firmware code used to boot the platform OS is stored in the processor flash memory (PNOR). Although PNOR is non-volatile memory, it is unprotected. In order to …

Sub-system Update: AppArmor Update 2018 - John Johansen, Canonical This talk provides an update of the current state of the AppArmor project. It will look at new features, and miscellaneous changes developed over the last year, as well as a look at the current work in progress. About John Johansen …

fs-verity: Native File-based Authenticity - Michael Halcrow & Eric Biggers, Google The Android platform uses dm-verity to protect its system image, but there are critical components in that image that require incremental updates. Michael Halcrow and Eric Biggers introduce fs-verity as a mechanism for file systems to validate the authenticity …

Life Behind the Tinfoil: A Look at Qubes and Copperhead - Konstantin Ryabitsev, The Linux Foundation Konstantin Ryabitsev shares his day-to-day experience using QubesOS on his primary workstation and CopperheadOS on his smartphone. What are the impacts of using products promising higher security and higher privacy? How well do Qubes …

How to Safely Restrict Access to Files in a Programmatic Way with Landlock? - Mickaël Salaün, ANSSI Mandatory Access Control is implemented in four major LSMs. They either identify a file with its inode attribute (SELinux and Smack) or with its path (AppArmor and Tomoyo). This techniques share a common …

Keynote: Spectre, Meltdown, & Linux - Greg Kroah-Hartman, Fellow, The Linux Foundation This talk will give a brief overview of the recently announced Meltdown and Spectre security problems that were announced early in 2018. It will cover how the Linux kernel security community addressed these problems, and how all Linux …

Keynote: Simplify Multimodal IT: Bridge Traditional and Software-defined Infrastructure - Alan Clark, Director, CTO Office, SUSE

Keynote: Shaping the Cloud Native Future - Abby Kearns, Executive Director, Cloud Foundry Foundation Cloud Foundry is an integral part of the movement creating interoperability among the open source, cloud-native ecosystem. Complementary, interlocking open source technologies like Cloud Foundry, Kubernetes, and the Open Service Broker API are shifting the way …

Keynote: Alibaba Cloud and Cloud Native - Tao Ma, Principal Engineer, Alibaba Cloud

Keynote: Deep Learning Panel Discussion - Peixin Hou, Huawei; Dr. Feng Junlan, China Mobile Research Institute; and Jim Zemlin, The Linux Foundation

Keynote Panel: Cloud Native - Dan Kohn, Cloud Native Computing Foundation; Junjie Cai, Alibaba Cloud; Anni Lai, Huawei; Todd Moore, IBM; Michelle Noorali, Microsoft; Haifeng Liu, JD.com; Liu Xin, Tencent