This event has ended. Visit the official site or create your own event on Sched.
September 11-14, 2017 - Los Angeles, CA
Click Here For Information & Registration
Back To Schedule
Monday, September 11 • 11:00am - 11:40am
Signing Linux Executables for Fun and Security - Matthew Garrett, Google

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
Linux is not free from malware or the threat of targeted attacks, and so there are many circumstances where being able to control which executables may be run on a system is a benefit. But simply restricting a system to run only whitelisted binaries isn't practical - there are multiple legitimate reasons to run custom binaries locally, and the existence of interpreted languages makes things even more complicated.

This presentation will describe the use of Linux's Integrity Measurement Architecture and its support for providing and enforcing binary signatures. It will then describe how this may be integrated with existing security modules to provide a cryptographically enforced policy that allows for fine-grained executable permission levels allowing the creation of a secure Linux environment that still allows local customisation.


Matthew Garrett

Staff Security Developer, Google
Matthew Garrett is a security developer at Google, working on infrastructural security for Linux desktop and mobile platforms.

Monday September 11, 2017 11:00am - 11:40am PDT
Gold 1
  LinuxCon Tracks