Linux Security Summit 2015/Abstracts/Wettstein

From Linux Kernel Security Subsystem
Revision as of 13:47, 1 July 2015 by JamesMorris (talk | contribs) (Created page with "== Title == CC3: An Identity Attested Linux Security Supervisor Architecture == Presenter == Greg Wettstein, IDfusion == Abstract == Ubiquitous global networking and the ...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Title

CC3: An Identity Attested Linux Security Supervisor Architecture

Presenter

Greg Wettstein, IDfusion

Abstract

Ubiquitous global networking and the economic incentives of commodity hardware and operating systems have conspired to produce a crisis of unprecedented status in information security. Of particular concern is security for systems controlling infrastructure or containing data, such as healthcare information, where no ex-post-facto redress is available for information disclosure.

Recent compromises suggest classic defensive systems based on intrusion protection and detection technologies are failing, by leaving systems compromised for months before detection. Emerging technologies such as containerization address isolation, but do not address intrinsic system compromise detection.

Integrity measurement architectures (IMA), in combination with dynamic root of trust offer the means to implement compromise detection. The challenge is implementing IMA determinism and platform management, particularly in environments involving thousands of system deployments.

This presentation and paper discuss a Linux security supervisor architecture, under active development and deployment, based on a device identity mutual attestation model which addresses these issues.