LinuxCon Europe + CloudOpen Europe has ended
Back To Schedule
Monday, October 21 • 4:50pm - 5:40pm
Integrity Protection Solutions in Linux - Dmitry Kasatkin, Samsung Electronics

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Runtime system integrity is protected by access control mechanisms. The Linux kernel provides Discretionary Access Control (DAC) and several Mandatory Access Control modules, such as SELinux, SMACK, Tomoyo, AppArmor. All of these assume trustworthiness of the access control related data. Integrity protection is required to ensure that offline modification of such data will not remain undetected. This presentation will summarize and compare the different methods, at the different layers, for achieving integrity protection, highlight the benefits and limitations of each method, and show how to use them to build integrity protected system. In particular, it will compare the VFS level Linux kernel Integrity Subsystem, with block-level integrity protection modules, such as dm-integrity and dm-verity.The rest of the talk will focus on recent and future directions of the Integrity Subsystem.


Dmitry Kasatkin

Principal SW Engineer, Huawei
Dmitry Kasatkin has been a Linux user since 1996 and a developer since 2000. His first major open source project was the Affix Bluetooth stack for Linux, which includes kernel space and user space components and was the first Nokia GPL Open Source project. In 2008 Dmitry's focus shifted... Read More →

Monday October 21, 2013 4:50pm - 5:40pm BST

Attendees (0)