Loading…
July 17-19 | Tokyo, Japan
View More Details  & Register Here

Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

Safety & Security [clear filter]
Wednesday, July 17
 

13:30

Trade-off Between Linux Security and Serviceability - Takao Indoh, Fujitsu
A security is one of hot topic around Linux ecosystem since Heartbleed in 2014. Many security features were introduced into Linux kernel, for example, KASLR (Kernel Address Space Location Randomization), KPTI (Kernel Page Table Isolation), and so on. On the other hand, these feature makes it difficult to investigate trouble when problem happens to the system. Basically security feature hides kernel information from the attacker for the security, while it also hides the information from those who are trying to find out a root cause of problems. In this presentation, I'll explain kernel security feature and an effort to overcome the problem of Linux kernel crash dump mechanism, caused by such a security feature. Also explain hardware encryption feature (AMD SME, Intel MKTME) and how to enable dump feature with them.

Speakers
TI

Takao Indoh

Senior Professional Engineer, Fujitsu
Takao Indoh has been working for support service of Linux system in Fujitsu since 2001, especially working for crash dump for mission critical server, and has also committed several open source communities relevant to crash dump framework, LKCD(Linux Kernel Crash Dump), diskdump... Read More →


Wednesday July 17, 2019 13:30 - 14:10
Meeting Room 1 (Floor 5F)

14:20

Developing Open-Source Software RTOS with Functional Safety in Mind - Anas Nashif, Intel
Open-source software development and how open-source projects are run is often
seen as incompatible with functional safety requirements and established
processes and standards. Open-source has been used on a
regular basis in applications with safety requirements however in most cases
the open-source software is forked and developed behind closed doors to comply
with safety standards and processes and using existing infrastructure and tools
not common or not available in public and in open-source.

This talk will show how the Zephyr project is moving to a new development
model and methodology that uses existing and public tools to address many of
the requirements and foundations that would help with using Zephyr in
applications with functional safety requirements.

Speakers
avatar for Anas Nashif

Anas Nashif

Software Engineer, Intel
Anas Nashif works at Intel's Open Source Technology Centre. Anas is the acting TSC chair of the Zephyr project.



Wednesday July 17, 2019 14:20 - 15:00
Meeting Room 1 (Floor 5F)

15:10

A Memory Safe and OpenSSL-Compatible TLS Library in Rust - Yiming Jing, Baidu USA
TLS is a cornerstone of Internet security. But most existing TLS libraries are implemented with C/C++, which make them particularly susceptible to memory safety issues. Heartbleed, for example, is a buffer over-read vulnerability in OpenSSL that caused detrimental loss across the globe.

In 2018, Baidu open sourced MesaLink, a memory safe and OpenSSL-compatible TLS library implemented in the Rust programming language. Rust provides strong memory safety guarantees; most vulnerabilities can be detected and eliminated at compile-time. Rust also brings in unique new challenges, especially when we integrate Rust code with existing C code.

MesaLink has been in production at Baidu with >10M monthly active users. This talk covers an introduction to Rust, design decisions, memory safe system principles, and how Baidu replaced OpenSSL with MesaLink in production.

Speakers
avatar for Yiming Jing

Yiming Jing

Security Scientist, Baidu USA
Dr. Yiming Jing is a security scientist at Baidu X-Lab. He has been working on Android security research and building secure software systems. He is the author and maintainer of MesaLink, a memory safe and OpenSSL-compatible TLS library. https://yimingjing.com


Wednesday July 17, 2019 15:10 - 15:50
Meeting Room 1 (Floor 5F)

16:20

The Road to Safety Certification: How the Xen Project is Making Progress within the Auto Industry and Beyond - Lars Kurth, Citrix Systems UK Ltd.
Safety certification is one of the essential requirements for software to be used in highly regulated industries. The Xen Project, a secure and stable hypervisor that is used in many different markets, has been exploring the feasibility of building safety certified products on top of Xen for a year, looking at key aspects of its code base and development practices.

In this session, we will lay out the motivation and challenges of making safety certification achievable in open source and the Xen Project. We will outline the process the project has followed thus far and highlight lessons learned along the way. The talk will cover technical enablers, necessary process and tooling changes and community challenges offering an in-depth review of how Xen Project is approaching this exciting and and challenging goal.

Speakers
avatar for Lars Kurth

Lars Kurth

Director Open Source / Project Chairperson The Xen Project , Citrix Systems UK Ltd.
Lars Kurth is a highly effective, passionate community manager with strong experience of working with open source communities (Symbian, Symbian DevCo, Eclipse, GNU) and currently is the community manager for the Xen Project. Lars has 12 years of experience building and leading engineering... Read More →



Wednesday July 17, 2019 16:20 - 17:00
Meeting Room 1 (Floor 5F)