May 10-12 | Vancouver, British Columbia + Virtual
View More Details & Registration

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for Linux Security Summit North America 2023 to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

Please note: This schedule is automatically displayed in Pacific Daylight Time (PDT), UTC-7. To see the schedule in your preferred timezone, select from the drop-down menu to the right, above "Filter by Date." 

The schedule is subject to change.

Back To Schedule
Thursday, May 11 • 2:00pm - 2:45pm
Building the Largest Working Set of Apparmor Profiles - Alexandre Pujol, The Collaboratory @TUDublin

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
This talk tells the story of how we build the largest working set of apparmor profiles. The default set of apparmor profiles in Linux is small. It makes Apparmor less useful to prevent thread. apparmor.d is a work in progress project that aims to provide a full set of profiles tailored for all major Linux distributions: Debian, Ubuntu, OpenSUSE, Archlinux and Ubuntu Core. It includes over 1400 profiles; together, they ensure that most Linux processes remain confined. In this talk, we will be going over the main challenges we faced while working on these profiles. The security architecture of the profiles. How did we select the program to confine and why? As there are over 50000 Linux packages, we need to carefully select the profiles to write. How we use integration testing that uses Go, some VM and hundreds of both manually created and automatically generated tests to ensure the profiles do not break your setup. The profiles, tooling and documentation for the project has been published at https://github.com/roddhjav/apparmor.d

avatar for Alexandre Pujol

Alexandre Pujol

Security Researcher, The Collaboratory @TUDublin
Alexandre Pujol is a French security researcher at The Collaboratory @TUDublin. He is is graduated from a PhD Student in computer security & privacy in University College Dublin, Ireland. His area of work includes user privacy, secret management, and system security. He is the author... Read More →

Thursday May 11, 2023 2:00pm - 2:45pm PDT
Room 212-214
  Refereed Presentations, Intermediate
  • Session Slides Attached Yes