Linux Security Summit 2015/Abstracts/Reshetova

From Linux Kernel Security Subsystem
Jump to: navigation, search


Assembling Secure OS Images


Elena Reshetova, Intel


With the ongoing explosion of different embedded and mobile devices, both big vendors and small companies are attempting to create their flavour of Linux-based operating system that these devices will be running. Typically these OSes consist from a set of separate packages that have been put together and configured by different scripts running during the image build process. The question that can be raised in this environment is "How much can we tell about the security of the OS image just by analysing its parts at different stages of build process in an automated fashion?"

There are many existing guides and tutorials for Linux-based systems that attempts to create some checklist of things that a system administrator needs to verify to ensure that OS has certain hardening mechanisms in place, as well as there are commercial solutions that attempt to analyse the running OS image and determine its security. However, to the author's knowledge there are no mechanisms available in open source that can provide analyse the security during the image build process and at the same time be easily integrated to build systems, easily extendable and configurable to reflect the security needs of the organization.

The goal of the talk is to present a new project and initial prototype that attempts to address the gap described above, as well as to get a community feedback in order to determine the future direction of the project.