Loading…
28 - 29 August | Amsterdam, Netherlands
View More Details & Registration
Note: The schedule is subject to change.

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for Linux Security Summit Europe 2025 to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

This schedule is automatically displayed in Central European Summer Time (CEST | UTC+2). To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date."
Thursday, August 28
 

09:00 CEST

Welcome + Opening Remarks - Elena Reshetova, Security Architect, Intel
Thursday August 28, 2025 09:00 - 09:05 CEST
Speakers
avatar for Elena Reshetova

Elena Reshetova

Security Architect, Intel
Elena Reshetova is a security architect and researcher at Intel working on various Linux security projects. Her current research interests evolve around Linux kernel hardening for the confidential cloud computing.
Thursday August 28, 2025 09:00 - 09:05 CEST
G102-103

09:05 CEST

Linux and CHERI: Back to the Future - Carl Shaw, Codasip
Thursday August 28, 2025 09:05 - 09:50 CEST
Speakers
avatar for Carl Shaw

Carl Shaw

Safety and Security Manager, Codasip
Prior to joining Codasip, Carl has provided security engineering and architecture consultancy to leading global electronics and semiconductor companies for more than 15 years. With a Physics Ph.D., and a career mixing electronics design in government defense, and OS and firmware development... Read More →
Thursday August 28, 2025 09:05 - 09:50 CEST
G102-103

09:55 CEST

Protecting the Protector : How LSMs Can Benefit From Linux Virtualization Based Security - Thara Gopinath & James Morris, Microsoft
Thursday August 28, 2025 09:55 - 10:25 CEST
Linux Security Module Framework provides a mechanism to extend kernel's security promises and enforce access control policies. In this talk we aim to examine how various pieces of LSM framework can benefit from an extra layer of protection through Linux Virtualization Based Security (LVBS) which is a security feature that implements kernel integrity via hardware virtualization features and hypervisors.
Speakers
avatar for Thara Gopinath

Thara Gopinath

Principal Software Eng Lead, Microsoft
Thara Gopinath is a Principal Software Engineering Lead at Microsoft. She has been working on various Linux kernel subsystems since 2009 and currently leads the team implementing Linux Virtualization Based Security (LVBS) at Microsoft.
avatar for James Morris

James Morris

Principal Software Engineering Manager, Microsoft
Software Engineering Manager
Thursday August 28, 2025 09:55 - 10:25 CEST
G102-103

10:25 CEST

Morning Break
Thursday August 28, 2025 10:25 - 10:55 CEST
Thursday August 28, 2025 10:25 - 10:55 CEST
G102-103

10:55 CEST

Supporting Kernel Memory Integrity Through LVBS - Thara Gopinath & Femi Adeyemi, Microsoft
Thursday August 28, 2025 10:55 - 11:40 CEST
Linux Virtualization based Security (LVBS) is a security feature that leverages hypervisors to a) harden the kernel and b) ensure that critical kernel resources remain untampered, even if the guest kernel gets compromised by creating an isolated environment that runs at a higher trust level than the normal operating environment. A key kernel integrity feature of LVBS is to ensure that kernel memory protections (read-only, W^X) are backed up by this trusted environment using Second Level Page Tables so that even if the guest kernel is compromised, the kernel memory cannot be tampered with.
One of the challenges in enabling hypervisor-enforced kernel memory protection is that the Linux kernel inherently supports features that either modify existing kernel code or inject code into the kernel memory space. In this talk, we aim to examine a comprehensive list of such kernel features (which are inherently easier exploit surfaces) and then discuss how these features can be hardened via LVBS to ensure that the integrity and authenticity of patched code, even if the kernel is compromised. Finally, we present the status of our work in implementing these hardenings.
Speakers
avatar for Thara Gopinath

Thara Gopinath

Principal Software Eng Lead, Microsoft
Thara Gopinath is a Principal Software Engineering Lead at Microsoft. She has been working on various Linux kernel subsystems since 2009 and currently leads the team implementing Linux Virtualization Based Security (LVBS) at Microsoft.
avatar for Femi Adeyemi

Femi Adeyemi

Senior Software Engineer @ Microsoft, working on Virtualization Based Security, Microsoft
Femi Adeyemi is a Senior Software Engineer at Microsoft, enhancing Linux kernel security using virtualization technologies
Thursday August 28, 2025 10:55 - 11:40 CEST
G102-103

11:45 CEST

Kernel Hardening With Protection Keys - Kevin Brodsky, Arm
Thursday August 28, 2025 11:45 - 12:15 CEST
Protecting the kernel from data-only attacks is a growing concern that is increasingly addressed through hypervisor-based solutions. A lightweight alternative may be found in protection keys (pkeys), a hardware mechanism that provides a per-thread and easily switchable view of memory. While pkeys are currently available to userspace on supported architectures, their potential for enhancing kernel security remains unused.

This talk demonstrates how pkeys can be leveraged within the kernel to protect critical data structures, such as page tables and credentials. We will show how this approach can be implemented and present an evaluation of its performance impact on arm64, illustrating its feasibility for real-world deployment.

Attendees will leave with a deeper understanding of how pkeys can enhance kernel security, the trade-offs involved, and the potential for adoption in future Linux hardening efforts.
Speakers
avatar for Kevin Brodsky

Kevin Brodsky

Staff Software Engineer, Arm
Kevin is a software engineer at Arm. He specialises in the deployment of hardware security features, currently in the Linux kernel and previously on the Android platform. Having spent many years working on tag-based technologies (CHERI/Morello and memory tagging - MTE), he now focuses... Read More →
Thursday August 28, 2025 11:45 - 12:15 CEST
G102-103

12:15 CEST

Lunch
Thursday August 28, 2025 12:15 - 13:45 CEST
Thursday August 28, 2025 12:15 - 13:45 CEST
G102-103

13:45 CEST

IMA Update: Lessons Learned from Re-implementing IMA-measurement in User Space - Roberto Sassu, Huawei Technologies Duesseldorf GmbH
Thursday August 28, 2025 13:45 - 14:15 CEST
Integrity Measurement Architecture (IMA) was originally designed and developed by IBM Research to extend the trusted
boot chain of measurements to the running system. Subsequently, support for extending secure boot up to the running system (IMA-appraisal) was added and, with it, support for writing audit messages in the system logs.

For good and for bad, IMA-measurement and IMA-appraisal needed to be flexible to work in different environments from embedded/IoT to large systems. The original concepts of extending both trusted and secure boot have not changed, but some of the methods/designs could be improved.

This talk proposes a few kernel improvements based on our work in user space. First, it proposes a new design change to serialize and store the measurement list in a memory area shared between primary and secondary kernel, so that nothing needs to be done on kexec, as opposed to carrying out measurements from one kernel to another.

Second, it proposes a new testing tool for verifying that IMA reported a violation when a file is opened for read and
subsequently opened as write or vice-versa. Building on that, the talk also discusses a few alternatives on how to detect
such violations.

Finally, it proposes a new debugging technique, allowing to run a large number of integration tests without rebooting the
kernel.

Speakers
avatar for Roberto Sassu

Roberto Sassu

Principal Engineer, Huawei Technologies Duesseldorf GmbH
Roberto Sassu received a MsC in Information Security in 2008 and worked as a research assistant until 2014. He published and presented papers on Trusted Computing at STC'11 and TrustCom 2014. He also participated to several European projects (OpenTC, TClouds, SECURED and FutureTPM... Read More →
Thursday August 28, 2025 13:45 - 14:15 CEST
G102-103

14:20 CEST

AppArmor Update - John Johansen, Canonical
Thursday August 28, 2025 14:20 - 14:40 CEST
Speakers
avatar for John Johansen

John Johansen

Security Engineer, Canonical
John Johansen began working with open source software in the late 80s and began playing with Linux in 93. He completed a masters in mathematics at the University of Waterloo and the began working for Immunix doing compiler hardening, and then AppArmor. After Immunix was acquired by... Read More →
Thursday August 28, 2025 14:20 - 14:40 CEST
G102-103

14:45 CEST

SELinux Update - Paul Moore, Microsoft
Thursday August 28, 2025 14:45 - 15:05 CEST
Speakers
avatar for Paul Moore

Paul Moore

Principal Software Engineer, Microsoft
Paul Moore has been involved in various Linux platform security efforts since 2004 at Hewlett-Packard, Red Hat, Cisco, and Microsoft. He currently maintains the Linux Security Module (LSM) layer as well as the SELinux, audit, and labeled networking subsystems in the Linux Kernel... Read More →
Thursday August 28, 2025 14:45 - 15:05 CEST
G102-103

15:05 CEST

Afternoon Break
Thursday August 28, 2025 15:05 - 15:20 CEST
Thursday August 28, 2025 15:05 - 15:20 CEST
G102-103

15:20 CEST

BoF Session - Topic TBD
Thursday August 28, 2025 15:20 - 16:20 CEST
Thursday August 28, 2025 15:20 - 16:20 CEST
G102-103
 
Friday, August 29
 

09:00 CEST

Welcome Back + Remarks - Elena Reshetova, Security Architect, Intel
Friday August 29, 2025 09:00 - 09:05 CEST
Speakers
avatar for Elena Reshetova

Elena Reshetova

Security Architect, Intel
Elena Reshetova is a security architect and researcher at Intel working on various Linux security projects. Her current research interests evolve around Linux kernel hardening for the confidential cloud computing.
Friday August 29, 2025 09:00 - 09:05 CEST
G102-103

09:05 CEST

FineIBT Enhanced: Hardening Linux’s Microarchitectural Security on X86 - Scott Constable, Intel Labs & Sebastian Österlund, Intel
Friday August 29, 2025 09:05 - 09:50 CEST
Microarchitectural attacks such as Branch History Injection (BHI) can expose kernel data when instructions at a mispredicted indirect call target are executed speculatively with malicious data crafted by the attacker.

FineIBT (Fine-grain Control-flow Enforcement with Indirect Branch Tracking) is a hardening technique adopted by the Linux kernel (first merged in 6.2) that performs a check at each indirect call target to ensure that the target’s type (e.g., void (*)(int)) matches the type of the function pointer that was used to make the call. Although FineIBT can provide substantial defense-in-depth against architectural attacks such as Call-Oriented Programming (COP), its current implementation does not address microarchitectural attacks.

This talk introduces a new enhancement to FineIBT that hardens the Linux kernel against a plethora of microarchitectural attacks—including BHI—by poisoning the contents of live registers whenever the FineIBT check fails, thus preventing an attacker from using those registers to pass malicious data to a mis-predicted call target. This enhancement has been merged into Linux 6.15.
Speakers
avatar for Scott Constable

Scott Constable

Defensive Security Researcher, Intel Labs
Scott Constable is a security researcher at Intel Labs. He received his PhD in computer science from Syracuse University in 2018. Scott has contributed: Load Value Injection mitigations to LLVM/clang (2021); malicious single-step mitigations to the Intel SGX SDK (2023); a transient... Read More →
avatar for Sebastian Österlund

Sebastian Österlund

Offensive Security Researcher, Intel
Sebastian is an Offensive Security Researcher at Intel IPAS STORM, working on Operating Systems security mitigations, microcode static analysis, confidential computing, fuzzing, and more. In the past Sebastian has worked extensively on speculative execution attacks, being one of the... Read More →
Friday August 29, 2025 09:05 - 09:50 CEST
G102-103

09:55 CEST

Script Integrity - Mickaël Salaün, Microsoft
Friday August 29, 2025 09:55 - 10:25 CEST
Starting with Linux 6.14, we will be able to securely control script execution using new execveat(2) and prctl(2) flags, successors to O_MAYEXEC. This marks a crucial step toward fully supporting code integrity on Linux.

The next steps involve enlighting script interpreters and providing users with straightforward ways to incrementally enforce such restrictions. Options include leveraging existing LSM policies and configuring user-space process management services (e.g., systemd).

In this talk, we will explore the kernel changes that were required (e.g., uAPI, IMA, IPE) and the ongoing complementary user-space updates, including script enlightenment. We will also explain the rationale behind the new securebits and how they facilitate a smooth migration, especially for generic Linux distributions.
Speakers
avatar for Mickaël Salaün

Mickaël Salaün

Senior Software Engineer, Microsoft
Mickaël Salaün is a kernel developer and open source enthusiast. He is mainly interested in Linux-based operating systems, especially from a security point of view. He has built security sandboxes before hacking into the kernel on a new LSM called Landlock, of which he is now the... Read More →
Friday August 29, 2025 09:55 - 10:25 CEST
G102-103

10:25 CEST

Morning Break
Friday August 29, 2025 10:25 - 10:55 CEST
Friday August 29, 2025 10:25 - 10:55 CEST
G102-103

10:55 CEST

Landlock Config - Mickaël Salaün, Microsoft
Friday August 29, 2025 10:55 - 11:40 CEST
One of Landlock's main goals is to empower Linux users to sandbox their programs. We've focused on building the foundation of a new unprivileged access control system, including an interface for developers to sandbox programs. While sandboxing tools already leverage Landlock, a well-defined way to describe security policies is still needed.

To address this, we're designing a user-friendly configuration format, marking a significant step toward making Landlock more accessible. This format enables users to describe a set of restrictions enforced on their programs and helps democratize Linux sandboxing. The new configuration format and related library simplify sandbox creation by allowing users to compose modular security policies. Linux distributions can also provide predefined policies that users can customize, reducing the maintenance burden.

In this talk, we’ll explain the design of this new configuration format, available to end users via TOML and to developers via JSON. We'll also demonstrate a new tool that makes Landlock sandboxing straightforward and accessible.
Speakers
avatar for Mickaël Salaün

Mickaël Salaün

Senior Software Engineer, Microsoft
Mickaël Salaün is a kernel developer and open source enthusiast. He is mainly interested in Linux-based operating systems, especially from a security point of view. He has built security sandboxes before hacking into the kernel on a new LSM called Landlock, of which he is now the... Read More →
Friday August 29, 2025 10:55 - 11:40 CEST
G102-103

11:45 CEST

Securing CI/CD Runners Through eBPF - Mert Coskuner, Yahoo & Cenk Kalpakoglu, Kondukto
Friday August 29, 2025 11:45 - 12:15 CEST
CI/CD pipelines are complex environments. This complexity requires methodical comprehensive reviews to secure the entire stack. Often a company may lack the time, specialist security knowledge, and people needed to secure their CI/CD pipelines. Realising these facts; cyberattacks targeting CI/CD pipelines has been gaining momentum, and attackers increasingly understand that build pipelines are highly-privileged targets with a substantial attack surface. In this presentation, we will share some of our observation through showing different flavours of attack on possible development pipelines, and introduce a tool to detect them.
Speakers
avatar for Cenk Kalpakoglu

Cenk Kalpakoglu

Co-Founder & CEO, Kondukto
Cenk is the Co-founder & CEO of Kondukto Inc. He is an experienced system developer and application security professional with over 15 years of experience. Cenk is a longtime Linux aficionado. He is active speaker in events and enjoys speaking about appsec automation, fuzzing, the... Read More →
avatar for Mert Coskuner

Mert Coskuner

Principal Product Security Engineer, Yahoo
Mert Coskuner is a Principal Product Security Engineer and maintains a blog at https://mcoskuner.medium.com as well as speaks about product security, and offensive security.
Friday August 29, 2025 11:45 - 12:15 CEST
G102-103

12:15 CEST

Lunch
Friday August 29, 2025 12:15 - 13:45 CEST
Friday August 29, 2025 12:15 - 13:45 CEST
G102-103

13:45 CEST

Recoverable, Tamper-resistant Full-disk Encryption at the Distributed Edge - Kobus van Schoor, DataProphet
Friday August 29, 2025 13:45 - 14:30 CEST
This talk presents a fully open-source framework to achieve secure full disk encryption (FDE) for TPM-equipped Edge devices (IoT), balancing strong security guarantees with practical maintainability at scale. We address key features including automated disk unlocking and recovery, monitoring and remote access. The talk will cover the following:

* A fully verified boot chain, from EFI firmware through the initramfs. We'll cover which system components to verify and common pitfalls to avoid when setting up a secure boot chain.
* A newly-developed, open-source TPM PCR prediction mechanism enabling seamless reboots after kernel or initramfs updates.
* Automated disk encryption key onboarding and recovery using Tang and Clevis.
* Secure remote access and fleet observability while disks remain locked - using WireGuard, SSH, and Prometheus.
* Guidance on how to extend the initramfs (dracut) with your own tooling.
* Discussion of shortfalls and potential security risks

Our aim with this talk is to help you make FDE convenient, recoverable and monitored to make large-scale rollouts possible.
Speakers
avatar for Kobus van Schoor

Kobus van Schoor

Tech Lead, DataProphet
I’m a senior software engineer in the Edge team at DataProphet, a South-African company building a real-time data collection and analytics platform for manufacturers. Edge devices are fully remotely managed Linux-based factory appliances that collect data from a variety of datasources.I’m... Read More →
Friday August 29, 2025 13:45 - 14:30 CEST
G102-103

14:35 CEST

Hardening the Barebox Bootloader - Ahmad Fatoum, Pengutronix
Friday August 29, 2025 14:35 - 15:05 CEST
Bootloaders are foundational to system security, yet their attack surface often remains under-scrutinized.
This talk presents ongoing efforts to harden the security posture of the barebox bootloader when used in verified boot chains.

Topics include defining the security-critical subset of the verified boot path, applying fuzzing to core logic, and highlighting the security implications of user configurations.
The session will also cover software hardening measures, mechanisms for secure runtime unlocking and the formalization of security issue handling.

Attendees will gain insight into both the technical challenges and the roadmap to help users deploy a verified boot chain into embedded products while minimizing potential risks.
Speakers
avatar for Ahmad Fatoum

Ahmad Fatoum

Embedded Linux Developer, Pengutronix
Ahmad joined the kernel team at Pengutronix in 2018 to work full-time on furthering Linux world domination. He does so by helping automotive and industrial customers build embedded Linux systems based on the mainline Linux kernel. Having a knack for digging in low-level guts, his... Read More →
Friday August 29, 2025 14:35 - 15:05 CEST
G102-103

15:10 CEST

Prioritizing the Linux OS Hardening and CVE Mitigation - Baoli Zhang, Intel
Friday August 29, 2025 15:10 - 15:40 CEST
There have been thousands security vulnerabilities in Linux OS community and also has new detected ones every day. The operating system vendors (OSVs) have to take big effort to mitigate CVEs and hardening the OS. To save the effort, we analyzed most of the history CVEs in Linux kernel, and understand the CVE distribution by CWE, kernel config, sysctl parameters and others key attribution. In this way, we expect to understand which OS hardening method is most useful and which is not so important. Furthermore, we also expect it can help us prioritize the CVEs, then we only need focus on the most critical one. Last, we also prefer to share how we handle the CVEs in the production Linux kernel and expect it can benefit more talent in Linux community.
Speakers
avatar for Baoli Zhang

Baoli Zhang

Linux OS Software Engineer, Security Technical Lead, Intel
• More than 10 years of product development and deployment experience including roles in full software development life cycle, international software liaison and project management. • About 10 years expertise in the Linux kernel domain as the OS kernel engineer in Intel, and... Read More →
Friday August 29, 2025 15:10 - 15:40 CEST
G102-103

15:40 CEST

Afternoon Break
Friday August 29, 2025 15:40 - 15:55 CEST
Friday August 29, 2025 15:40 - 15:55 CEST
G102-103

15:55 CEST

BoF Session - Topic TBD
Friday August 29, 2025 15:55 - 16:55 CEST
Friday August 29, 2025 15:55 - 16:55 CEST
G102-103
 
  • Filter By Date
  • Filter By Venue
  • Filter By Type
  • Timezone

Share Modal

Share this link via

Or copy link

Filter sessions
Apply filters to sessions.