Overview
Join a LinuxKit Security SIG meeting featuring an introduction to Memorizer, an automatic privilege separation and policy derivation tool. Learn about Nathan Dautenhahn's efforts to integrate Memorizer into LinuxKit as a new project. Explore topics such as operating on an untrustworthy base, strategies for replacing or hardening and separating systems, limitations of existing approaches, and challenges in complexity, transformation, and protection. Discover the concept of opportunistic privilege separation and how information and interactions can be represented at a low level. Examine the Slice Separation Model through ambient authority and understand Memorizer Linux's role in kernel object lifetime access pattern maps. Analyze SSH Debian cumulative number of external reads and writes, and gain practical insights into enhancing system security.
Syllabus
Introduction
But Security... Operating on an Untrustworthy Base
Some Strategies: Replace or Harden and Separate
Limitations of Existing Approaches
Challenges: Complexity, Transformation, and Protection
Opportunistic Privilege Separation
Information and Interactions as a Unified Low Level Representation
Slice Separation Model through Ambient Authority
Memorizer Linux: for kernel object lifetime access pattern maps
SSH Debian Cumulative Number of External Reads and Writes
Practical Help
Taught by
Docker