Loading…
28 - 29 August | Amsterdam, Netherlands
View More Details & Registration
Note: The schedule is subject to change.

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for Linux Security Summit Europe 2025 to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

This schedule is automatically displayed in Central European Summer Time (CEST | UTC+2). To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date."
arrow_back View All Dates
Friday, August 29
 

09:00 CEST

Welcome Back + Remarks - Elena Reshetova, Security Architect, Intel
Friday August 29, 2025 09:00 - 09:05 CEST
Speakers
avatar for Elena Reshetova

Elena Reshetova

Security Architect, Intel
Elena Reshetova is a security architect and researcher at Intel working on various Linux security projects. Her current research interests evolve around Linux kernel hardening for the confidential cloud computing.
Friday August 29, 2025 09:00 - 09:05 CEST
G102-103

09:05 CEST

FineIBT Enhanced: Hardening Linux’s Microarchitectural Security on X86 - Scott Constable, Intel Labs & Sebastian Österlund, Intel
Friday August 29, 2025 09:05 - 09:50 CEST
Microarchitectural attacks such as Branch History Injection (BHI) can expose kernel data when instructions at a mispredicted indirect call target are executed speculatively with malicious data crafted by the attacker.

FineIBT (Fine-grain Control-flow Enforcement with Indirect Branch Tracking) is a hardening technique adopted by the Linux kernel (first merged in 6.2) that performs a check at each indirect call target to ensure that the target’s type (e.g., void (*)(int)) matches the type of the function pointer that was used to make the call. Although FineIBT can provide substantial defense-in-depth against architectural attacks such as Call-Oriented Programming (COP), its current implementation does not address microarchitectural attacks.

This talk introduces a new enhancement to FineIBT that hardens the Linux kernel against a plethora of microarchitectural attacks—including BHI—by poisoning the contents of live registers whenever the FineIBT check fails, thus preventing an attacker from using those registers to pass malicious data to a mis-predicted call target. This enhancement has been merged into Linux 6.15.
Speakers
avatar for Scott Constable

Scott Constable

Defensive Security Researcher, Intel Labs
Scott Constable is a security researcher at Intel Labs. He received his PhD in computer science from Syracuse University in 2018. Scott has contributed: Load Value Injection mitigations to LLVM/clang (2021); malicious single-step mitigations to the Intel SGX SDK (2023); a transient... Read More →
avatar for Sebastian Österlund

Sebastian Österlund

Offensive Security Researcher, Intel
Sebastian is an Offensive Security Researcher at Intel IPAS STORM, working on Operating Systems security mitigations, microcode static analysis, confidential computing, fuzzing, and more. In the past Sebastian has worked extensively on speculative execution attacks, being one of the... Read More →
Friday August 29, 2025 09:05 - 09:50 CEST
G102-103

09:55 CEST

Script Integrity - Mickaël Salaün, Microsoft
Friday August 29, 2025 09:55 - 10:25 CEST
Starting with Linux 6.14, we will be able to securely control script execution using new execveat(2) and prctl(2) flags, successors to O_MAYEXEC. This marks a crucial step toward fully supporting code integrity on Linux.

The next steps involve enlighting script interpreters and providing users with straightforward ways to incrementally enforce such restrictions. Options include leveraging existing LSM policies and configuring user-space process management services (e.g., systemd).

In this talk, we will explore the kernel changes that were required (e.g., uAPI, IMA, IPE) and the ongoing complementary user-space updates, including script enlightenment. We will also explain the rationale behind the new securebits and how they facilitate a smooth migration, especially for generic Linux distributions.
Speakers
avatar for Mickaël Salaün

Mickaël Salaün

Senior Software Engineer, Microsoft
Mickaël Salaün is a kernel developer and open source enthusiast. He is mainly interested in Linux-based operating systems, especially from a security point of view. He has built security sandboxes before hacking into the kernel on a new LSM called Landlock, of which he is now the... Read More →
Friday August 29, 2025 09:55 - 10:25 CEST
G102-103

10:25 CEST

Morning Break
Friday August 29, 2025 10:25 - 10:55 CEST
Friday August 29, 2025 10:25 - 10:55 CEST
G102-103

10:55 CEST

Landlock Config - Mickaël Salaün, Microsoft
Friday August 29, 2025 10:55 - 11:40 CEST
One of Landlock's main goals is to empower Linux users to sandbox their programs. We've focused on building the foundation of a new unprivileged access control system, including an interface for developers to sandbox programs. While sandboxing tools already leverage Landlock, a well-defined way to describe security policies is still needed.

To address this, we're designing a user-friendly configuration format, marking a significant step toward making Landlock more accessible. This format enables users to describe a set of restrictions enforced on their programs and helps democratize Linux sandboxing. The new configuration format and related library simplify sandbox creation by allowing users to compose modular security policies. Linux distributions can also provide predefined policies that users can customize, reducing the maintenance burden.

In this talk, we’ll explain the design of this new configuration format, available to end users via TOML and to developers via JSON. We'll also demonstrate a new tool that makes Landlock sandboxing straightforward and accessible.
Speakers
avatar for Mickaël Salaün

Mickaël Salaün

Senior Software Engineer, Microsoft
Mickaël Salaün is a kernel developer and open source enthusiast. He is mainly interested in Linux-based operating systems, especially from a security point of view. He has built security sandboxes before hacking into the kernel on a new LSM called Landlock, of which he is now the... Read More →
Friday August 29, 2025 10:55 - 11:40 CEST
G102-103

11:45 CEST

Securing CI/CD Runners Through eBPF - Mert Coskuner, Yahoo & Cenk Kalpakoglu, Kondukto
Friday August 29, 2025 11:45 - 12:15 CEST
CI/CD pipelines are complex environments. This complexity requires methodical comprehensive reviews to secure the entire stack. Often a company may lack the time, specialist security knowledge, and people needed to secure their CI/CD pipelines. Realising these facts; cyberattacks targeting CI/CD pipelines has been gaining momentum, and attackers increasingly understand that build pipelines are highly-privileged targets with a substantial attack surface. In this presentation, we will share some of our observation through showing different flavours of attack on possible development pipelines, and introduce a tool to detect them.
Speakers
avatar for Cenk Kalpakoglu

Cenk Kalpakoglu

Co-Founder & CEO, Kondukto
Cenk is the Co-founder & CEO of Kondukto Inc. He is an experienced system developer and application security professional with over 15 years of experience. Cenk is a longtime Linux aficionado. He is active speaker in events and enjoys speaking about appsec automation, fuzzing, the... Read More →
avatar for Mert Coskuner

Mert Coskuner

Principal Product Security Engineer, Yahoo
Mert Coskuner is a Principal Product Security Engineer and maintains a blog at https://mcoskuner.medium.com as well as speaks about product security, and offensive security.
Friday August 29, 2025 11:45 - 12:15 CEST
G102-103

12:15 CEST

Lunch
Friday August 29, 2025 12:15 - 13:45 CEST
Friday August 29, 2025 12:15 - 13:45 CEST
G102-103

13:45 CEST

Recoverable, Tamper-resistant Full-disk Encryption at the Distributed Edge - Kobus van Schoor, DataProphet
Friday August 29, 2025 13:45 - 14:30 CEST
This talk presents a fully open-source framework to achieve secure full disk encryption (FDE) for TPM-equipped Edge devices (IoT), balancing strong security guarantees with practical maintainability at scale. We address key features including automated disk unlocking and recovery, monitoring and remote access. The talk will cover the following:

* A fully verified boot chain, from EFI firmware through the initramfs. We'll cover which system components to verify and common pitfalls to avoid when setting up a secure boot chain.
* A newly-developed, open-source TPM PCR prediction mechanism enabling seamless reboots after kernel or initramfs updates.
* Automated disk encryption key onboarding and recovery using Tang and Clevis.
* Secure remote access and fleet observability while disks remain locked - using WireGuard, SSH, and Prometheus.
* Guidance on how to extend the initramfs (dracut) with your own tooling.
* Discussion of shortfalls and potential security risks

Our aim with this talk is to help you make FDE convenient, recoverable and monitored to make large-scale rollouts possible.
Speakers
avatar for Kobus van Schoor

Kobus van Schoor

Tech Lead, DataProphet
I’m a senior software engineer in the Edge team at DataProphet, a South-African company building a real-time data collection and analytics platform for manufacturers. Edge devices are fully remotely managed Linux-based factory appliances that collect data from a variety of datasources.I’m... Read More →
Friday August 29, 2025 13:45 - 14:30 CEST
G102-103

14:35 CEST

Hardening the Barebox Bootloader - Ahmad Fatoum, Pengutronix
Friday August 29, 2025 14:35 - 15:05 CEST
Bootloaders are foundational to system security, yet their attack surface often remains under-scrutinized.
This talk presents ongoing efforts to harden the security posture of the barebox bootloader when used in verified boot chains.

Topics include defining the security-critical subset of the verified boot path, applying fuzzing to core logic, and highlighting the security implications of user configurations.
The session will also cover software hardening measures, mechanisms for secure runtime unlocking and the formalization of security issue handling.

Attendees will gain insight into both the technical challenges and the roadmap to help users deploy a verified boot chain into embedded products while minimizing potential risks.
Speakers
avatar for Ahmad Fatoum

Ahmad Fatoum

Embedded Linux Developer, Pengutronix
Ahmad joined the kernel team at Pengutronix in 2018 to work full-time on furthering Linux world domination. He does so by helping automotive and industrial customers build embedded Linux systems based on the mainline Linux kernel. Having a knack for digging in low-level guts, his... Read More →
Friday August 29, 2025 14:35 - 15:05 CEST
G102-103

15:10 CEST

Prioritizing the Linux OS Hardening and CVE Mitigation - Baoli Zhang, Intel
Friday August 29, 2025 15:10 - 15:40 CEST
There have been thousands security vulnerabilities in Linux OS community and also has new detected ones every day. The operating system vendors (OSVs) have to take big effort to mitigate CVEs and hardening the OS. To save the effort, we analyzed most of the history CVEs in Linux kernel, and understand the CVE distribution by CWE, kernel config, sysctl parameters and others key attribution. In this way, we expect to understand which OS hardening method is most useful and which is not so important. Furthermore, we also expect it can help us prioritize the CVEs, then we only need focus on the most critical one. Last, we also prefer to share how we handle the CVEs in the production Linux kernel and expect it can benefit more talent in Linux community.
Speakers
avatar for Baoli Zhang

Baoli Zhang

Linux OS Software Engineer, Security Technical Lead, Intel
• More than 10 years of product development and deployment experience including roles in full software development life cycle, international software liaison and project management. • About 10 years expertise in the Linux kernel domain as the OS kernel engineer in Intel, and... Read More →
Friday August 29, 2025 15:10 - 15:40 CEST
G102-103

15:40 CEST

Afternoon Break
Friday August 29, 2025 15:40 - 15:55 CEST
Friday August 29, 2025 15:40 - 15:55 CEST
G102-103

15:55 CEST

BoF Session - Topic TBD
Friday August 29, 2025 15:55 - 16:55 CEST
Friday August 29, 2025 15:55 - 16:55 CEST
G102-103
 
  • Filter By Date
  • Filter By Venue
  • Filter By Type
  • Timezone

Share Modal

Share this link via

Or copy link

Filter sessions
Apply filters to sessions.
Filtered by Date -