YoVDO

Deep Dive into Landlock Internals

Offered By: Linux Foundation via YouTube

Tags

Linux Security Courses Access Control Courses Security Policies Courses Sandboxing Courses Landlock Courses

Course Description

Overview

Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!
Explore the intricacies of Landlock, a security sandboxing mechanism, in this 29-minute conference talk by Mickaël Salaün from Microsoft. Delve into the fundamentals of security sandboxing, understand Landlock's purpose and functionality, and learn how to implement it effectively. Discover current access-control features for filesystems, the process of creating rulesets, adding rules, and enforcing them. Gain insights into Landlock's development history, design priorities, and guiding principles, including unprivileged access control and composed security policies. Examine the concept of LSM stacking, sandbox policy composition, and the importance of user space testing and kernel fuzzing. Understand the Minimum Viable Product approach, design limitations, and get a glimpse of the kernel-side roadmap for Landlock's future development.

Syllabus

SECURITY SUMMIT
User data
What is (security) sandboxing?
What is Landlock?
How to use Landlock?
Current access-control features: filesystem
Create a ruleset
Add rules
Enforce the ruleset
Landlock, a bit of history
Why no more eBPF?
Priorities and guiding principles
Unprivileged access control
Composed security policies
LSM stacking
Sandbox policies composition
User space testing
Kernel fuzzing with syzkaller
Minimum Viable Product
Design limitations
Kernel-side roadmap


Taught by

Linux Foundation

Tags

Related Courses

Secure Networked System with Firewall and IDS
University of Colorado System via Coursera
Introduction to Cyber Security
Uttarakhand Open University, Haldwani via Swayam
Preparing for the Google Cloud Professional Data Engineer Exam 日本語版
Google Cloud via Coursera
Jump Start: Maestro Hyperscale Network Security
Checkpoint via edX
Information Security - Introduction to Information Security
New York University (NYU) via edX