Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

Linux Foundation

Binary Policy with IMA and AppArmor for Linux Workstations

Linux Foundation via YouTube

Overview

Explore a comprehensive conference talk on binary policy implementation using IMA and AppArmor at Google. Dive into the technical aspects of Google's approach to platform security for their vast fleet of developer machines. Learn about novel techniques for providence-based policy on Linux workstations, including targeting IMA signatures and restricting executables from non-Google repositories. Discover the operational challenges of rolling out restrictive policies at scale, and gain insights into binary signing, execution control, and security domain transitions. Examine topics such as Santa, auditing, IMA EVM, extended attributes, keyring restrictions, and process tree complexities. Understand how Google addresses various security concerns, including untrusted vs. trusted executions, script handling, and log event management.

Syllabus

Introduction
Platform Security
Devices at Google
Execution Control
Santa
Upload
Linux
Experiment
Auditing
Protecting
Appraisal
IMA EVM
Extended Attributes
Signatures
Derivation
Demo
Keyring Restrictions
TLDR
Reboots
Keybinding Restrictions
Using Information
Triggering Appraisal
Untrusted vs Trusted
Trust Chapters
Scripts
Shebangs
NoNewPrince
SECMark
IP Table
Roulette
Log Event
Log Pipeline
Process Trees are Messy
Whats Next
Security Domain Transition
Binary Signing
Swift Signatures
Working with David Sanford
D Package

Taught by

Linux Foundation

Reviews

Start your review of Binary Policy with IMA and AppArmor for Linux Workstations

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.