Namespaces for Security - Jake Edge, LWN.net
Namespace support has been growing in the Linux kernel, so there are
now a number of ways that namespaces can be used to help protect
Linux systems (embedded or otherwise) from exploits. Using namespaces (in
particular, the mount, network, and user namespaces) can isolate processes
in ways that will prevent some types of vulnerabilities from
compromising more of the system. Namespaces can be used as part of a
"defense in depth" strategy to avoid the harm (or most of the harm) from
exploits of vulnerable user-space applications.
This talk will be for developers of embedded systems, particularly "system
level" developers. It will assume some knowledge of C and Linux, but not
require in-depth knowledge of either. Participants can expect to come away
with a good foundation on what namespaces are and can do, along with concrete
ideas of how to use namespaces in their projects.
After 20 years as a software engineer Jake Edge joined LWN.net as a full-time editor in 2007. Prior to LWN, he did development of system-level software, mostly on Linux after 1994 or so. Jake puts together the weekly LWN Security page as well as writing on other topics of interest to the Linux and free software development communities. Jake has spoken at multiple conferences including LinuxCon, Embedded Linux Conference, GUADEC, Akademy, and SCALE. He lives in western Colorado with his wife... Read More →
Attendance numbers do not account for private attendees. Get there early!
Remove this from your schedule?
This session is full and you may not be able to get back in.