Application Whitelisting: Preventing Unknown Software Execution

Explore application whitelisting as an effective method for preventing unknown software execution in this 47-minute Linux Foundation conference talk by Steven Grubb from Red Hat. Delve into an open-source implementation, examining various application execution methods and policy design. Learn how to leverage application whitelisting daemon information in real-time to maintain system integrity. Discover the broader security context and strategy, including Common Criteria Requirements, ATTACK to Kill Chain Mapping, and mobile code examples. Examine attack points, file access monitoring techniques, and access control policies. Gain insights into fapolicyd design, safety measures, and sources of trust. Watch a demo, analyze statistics reports, and understand fapolicyd coverage. Explore short-term improvements and the IDS Ensemble Model for a comprehensive understanding of application whitelisting in system security.

SECURITY
Whitelisting Basics
Common Criteria Requirements
Brief Comparison
ATTACK to Kill Chain Mapping
How programs execute
Mobile Code example
Attack points
How to monitor file access?
Fanotify Event
Access Control Policy
Subject statements
Sample Policy
Shipped policy design goals
Fapolicyd Design
Safety Measures
Sources of Trust
Top level SWID tag example
Demo
Statistics report
Fapolicyd coverage
Refinements
Short term improvements
Unifying the pieces
IDS Ensemble Model