Loading…
28 - 29 August | Amsterdam, Netherlands
View More Details & Registration
Note: The schedule is subject to change.

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for Linux Security Summit Europe 2025 to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

This schedule is automatically displayed in Central European Summer Time (CEST | UTC+2). To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date."
Type: Short Topics clear filter
Thursday, August 28
 

09:55 CEST

Protecting the Protector : How LSMs Can Benefit From Linux Virtualization Based Security - Thara Gopinath & James Morris, Microsoft
Thursday August 28, 2025 09:55 - 10:25 CEST
Linux Security Module Framework provides a mechanism to extend kernel's security promises and enforce access control policies. In this talk we aim to examine how various pieces of LSM framework can benefit from an extra layer of protection through Linux Virtualization Based Security (LVBS) which is a security feature that implements kernel integrity via hardware virtualization features and hypervisors.
Speakers
avatar for Thara Gopinath

Thara Gopinath

Principal Software Eng Lead, Microsoft
Thara Gopinath is a Principal Software Engineering Lead at Microsoft. She has been working on various Linux kernel subsystems since 2009 and currently leads the team implementing Linux Virtualization Based Security (LVBS) at Microsoft.
avatar for James Morris

James Morris

Principal Software Engineering Manager, Microsoft
Software Engineering Manager
Thursday August 28, 2025 09:55 - 10:25 CEST
G102-103

11:45 CEST

Kernel Hardening With Protection Keys - Kevin Brodsky, Arm
Thursday August 28, 2025 11:45 - 12:15 CEST
Protecting the kernel from data-only attacks is a growing concern that is increasingly addressed through hypervisor-based solutions. A lightweight alternative may be found in protection keys (pkeys), a hardware mechanism that provides a per-thread and easily switchable view of memory. While pkeys are currently available to userspace on supported architectures, their potential for enhancing kernel security remains unused.

This talk demonstrates how pkeys can be leveraged within the kernel to protect critical data structures, such as page tables and credentials. We will show how this approach can be implemented and present an evaluation of its performance impact on arm64, illustrating its feasibility for real-world deployment.

Attendees will leave with a deeper understanding of how pkeys can enhance kernel security, the trade-offs involved, and the potential for adoption in future Linux hardening efforts.
Speakers
avatar for Kevin Brodsky

Kevin Brodsky

Staff Software Engineer, Arm
Kevin is a software engineer at Arm. He specialises in the deployment of hardware security features, currently in the Linux kernel and previously on the Android platform. Having spent many years working on tag-based technologies (CHERI/Morello and memory tagging - MTE), he now focuses... Read More →
Thursday August 28, 2025 11:45 - 12:15 CEST
G102-103

13:45 CEST

IMA Update: Lessons Learned from Re-implementing IMA-measurement in User Space - Roberto Sassu, Huawei Technologies Duesseldorf GmbH
Thursday August 28, 2025 13:45 - 14:15 CEST
Integrity Measurement Architecture (IMA) was originally designed and developed by IBM Research to extend the trusted
boot chain of measurements to the running system. Subsequently, support for extending secure boot up to the running system (IMA-appraisal) was added and, with it, support for writing audit messages in the system logs.

For good and for bad, IMA-measurement and IMA-appraisal needed to be flexible to work in different environments from embedded/IoT to large systems. The original concepts of extending both trusted and secure boot have not changed, but some of the methods/designs could be improved.

This talk proposes a few kernel improvements based on our work in user space. First, it proposes a new design change to serialize and store the measurement list in a memory area shared between primary and secondary kernel, so that nothing needs to be done on kexec, as opposed to carrying out measurements from one kernel to another.

Second, it proposes a new testing tool for verifying that IMA reported a violation when a file is opened for read and
subsequently opened as write or vice-versa. Building on that, the talk also discusses a few alternatives on how to detect
such violations.

Finally, it proposes a new debugging technique, allowing to run a large number of integration tests without rebooting the
kernel.

Speakers
avatar for Roberto Sassu

Roberto Sassu

Principal Engineer, Huawei Technologies Duesseldorf GmbH
Roberto Sassu received a MsC in Information Security in 2008 and worked as a research assistant until 2014. He published and presented papers on Trusted Computing at STC'11 and TrustCom 2014. He also participated to several European projects (OpenTC, TClouds, SECURED and FutureTPM... Read More →
Thursday August 28, 2025 13:45 - 14:15 CEST
G102-103

14:20 CEST

AppArmor Update - John Johansen, Canonical
Thursday August 28, 2025 14:20 - 14:40 CEST
Speakers
avatar for John Johansen

John Johansen

Security Engineer, Canonical
John Johansen began working with open source software in the late 80s and began playing with Linux in 93. He completed a masters in mathematics at the University of Waterloo and the began working for Immunix doing compiler hardening, and then AppArmor. After Immunix was acquired by... Read More →
Thursday August 28, 2025 14:20 - 14:40 CEST
G102-103

14:45 CEST

SELinux Update - Paul Moore, Microsoft
Thursday August 28, 2025 14:45 - 15:05 CEST
Speakers
avatar for Paul Moore

Paul Moore

Principal Software Engineer, Microsoft
Paul Moore has been involved in various Linux platform security efforts since 2004 at Hewlett-Packard, Red Hat, Cisco, and Microsoft. He currently maintains the Linux Security Module (LSM) layer as well as the SELinux, audit, and labeled networking subsystems in the Linux Kernel... Read More →
Thursday August 28, 2025 14:45 - 15:05 CEST
G102-103
 
Friday, August 29
 

09:55 CEST

Script Integrity - Mickaël Salaün, Microsoft
Friday August 29, 2025 09:55 - 10:25 CEST
Starting with Linux 6.14, we will be able to securely control script execution using new execveat(2) and prctl(2) flags, successors to O_MAYEXEC. This marks a crucial step toward fully supporting code integrity on Linux.

The next steps involve enlighting script interpreters and providing users with straightforward ways to incrementally enforce such restrictions. Options include leveraging existing LSM policies and configuring user-space process management services (e.g., systemd).

In this talk, we will explore the kernel changes that were required (e.g., uAPI, IMA, IPE) and the ongoing complementary user-space updates, including script enlightenment. We will also explain the rationale behind the new securebits and how they facilitate a smooth migration, especially for generic Linux distributions.
Speakers
avatar for Mickaël Salaün

Mickaël Salaün

Senior Software Engineer, Microsoft
Mickaël Salaün is a kernel developer and open source enthusiast. He is mainly interested in Linux-based operating systems, especially from a security point of view. He has built security sandboxes before hacking into the kernel on a new LSM called Landlock, of which he is now the... Read More →
Friday August 29, 2025 09:55 - 10:25 CEST
G102-103

11:45 CEST

Securing CI/CD Runners Through eBPF - Mert Coskuner, Yahoo & Cenk Kalpakoglu, Kondukto
Friday August 29, 2025 11:45 - 12:15 CEST
CI/CD pipelines are complex environments. This complexity requires methodical comprehensive reviews to secure the entire stack. Often a company may lack the time, specialist security knowledge, and people needed to secure their CI/CD pipelines. Realising these facts; cyberattacks targeting CI/CD pipelines has been gaining momentum, and attackers increasingly understand that build pipelines are highly-privileged targets with a substantial attack surface. In this presentation, we will share some of our observation through showing different flavours of attack on possible development pipelines, and introduce a tool to detect them.
Speakers
avatar for Cenk Kalpakoglu

Cenk Kalpakoglu

Co-Founder & CEO, Kondukto
Cenk is the Co-founder & CEO of Kondukto Inc. He is an experienced system developer and application security professional with over 15 years of experience. Cenk is a longtime Linux aficionado. He is active speaker in events and enjoys speaking about appsec automation, fuzzing, the... Read More →
avatar for Mert Coskuner

Mert Coskuner

Principal Product Security Engineer, Yahoo
Mert Coskuner is a Principal Product Security Engineer and maintains a blog at https://mcoskuner.medium.com as well as speaks about product security, and offensive security.
Friday August 29, 2025 11:45 - 12:15 CEST
G102-103

14:35 CEST

Hardening the Barebox Bootloader - Ahmad Fatoum, Pengutronix
Friday August 29, 2025 14:35 - 15:05 CEST
Bootloaders are foundational to system security, yet their attack surface often remains under-scrutinized.
This talk presents ongoing efforts to harden the security posture of the barebox bootloader when used in verified boot chains.

Topics include defining the security-critical subset of the verified boot path, applying fuzzing to core logic, and highlighting the security implications of user configurations.
The session will also cover software hardening measures, mechanisms for secure runtime unlocking and the formalization of security issue handling.

Attendees will gain insight into both the technical challenges and the roadmap to help users deploy a verified boot chain into embedded products while minimizing potential risks.
Speakers
avatar for Ahmad Fatoum

Ahmad Fatoum

Embedded Linux Developer, Pengutronix
Ahmad joined the kernel team at Pengutronix in 2018 to work full-time on furthering Linux world domination. He does so by helping automotive and industrial customers build embedded Linux systems based on the mainline Linux kernel. Having a knack for digging in low-level guts, his... Read More →
Friday August 29, 2025 14:35 - 15:05 CEST
G102-103

15:10 CEST

Prioritizing the Linux OS Hardening and CVE Mitigation - Baoli Zhang, Intel
Friday August 29, 2025 15:10 - 15:40 CEST
There have been thousands security vulnerabilities in Linux OS community and also has new detected ones every day. The operating system vendors (OSVs) have to take big effort to mitigate CVEs and hardening the OS. To save the effort, we analyzed most of the history CVEs in Linux kernel, and understand the CVE distribution by CWE, kernel config, sysctl parameters and others key attribution. In this way, we expect to understand which OS hardening method is most useful and which is not so important. Furthermore, we also expect it can help us prioritize the CVEs, then we only need focus on the most critical one. Last, we also prefer to share how we handle the CVEs in the production Linux kernel and expect it can benefit more talent in Linux community.
Speakers
avatar for Baoli Zhang

Baoli Zhang

Linux OS Software Engineer, Security Technical Lead, Intel
• More than 10 years of product development and deployment experience including roles in full software development life cycle, international software liaison and project management. • About 10 years expertise in the Linux kernel domain as the OS kernel engineer in Intel, and... Read More →
Friday August 29, 2025 15:10 - 15:40 CEST
G102-103
 
  • Filter By Date
  • Filter By Venue
  • Filter By Type
  • Timezone

Share Modal

Share this link via

Or copy link

Filter sessions
Apply filters to sessions.