Your browser doesn't support the features required by impress.js, so you are presented with a simplified version of this presentation.

For the best experience please use the latest Chrome, Safari or Firefox browser.

Security Summit Keynote
Security and Boundaries


James Bottomley
CTO of Server Virtualization
About Me

 

Kernel Developer

  • SCSI Subsystem Maintainer
  • PA-RISC architecture Maintainer

Linux Foundation TAB

 

Not a
Security Person

 

 

 

 

 

 

 

 

 

 

 

UEFI Secure Boot

UEFI Secure Boot

Would love to give a detailed talk on this

Unfortunately, Matthew Garret got there before me

Instead, lets talk about some of the general problems raised by UEFI Secure boot

Key problem is security boundary

Also known as who trusts what

UEFI gives absolute control to platform owner. No trust to OS

But OS wants to make use of UEFI root of trust

Linux solves this by using SHIM to transition to OS root of trust

Basically, we subvert the UEFI root of trust

So, how should we do this properly?

Boundaries of Trust
First problem is "Should trust be absolute?"
That is the UEFI Model ... OS is subservient to UEFI root of trust
Problem also exists in modern Operating Systems
Consider networking
In the old days, OS controlled the network
Today, thanks to untrusted hypervisors, Users can access entire network L2 layer
Users could only create sockets with ports > 1024
Boundary of trust has shifted
Aside about Containers
Containers are no less nor more secure than hypervisors
Arguing over which is "more secure" is like arguing where the holes in a colendar should be
The only thing you can bet on is that containers shift the security boundary
Coping with a shifting security boundary means changing the way we trust things
Prediction vs Trust vs Verification
In Law enforcement, Predictive is considered Orwellian
Can't bang someone up just becuase you think they're going to commit a crime
In computing too, predictive models are currently too flawed.
Still get my email blocked because my netblock contains machines bought by spammers.
So if prediction doesn't work, where is the boundary between trust and verification?
Prevention works
Locks prevent theft
Atmospheric sedation would largely prevent crimes of violence
One is prudent, one damages utility.
Security is about finding the balance between utility and prevention
Also: Consider whom you're serving
I want security to serve me, not some admin in the IT dungeon
Password rotation policies biggest source of security problems in IT.
It's like the IT department is pushing it's problem (logging and verification) on to me (password rotation)
Ironically, this is one we can blame Microsoft for
Password rotation is a recommended part of Active Directory security policies
Need to make security more easily useful to the average person
Firefox password manager is a brillant example
I can actually remember strings of random numbers digits and punctuation
Well, about five of them, anyway
But this doesn't scale to hundreds
Which is the number of web accounts I have
2 Factor Authentication, help or hindrance?
Main problem is lack of interoperability across authentication domains
2 Factor vs security recovery
Recovery has to be simple (or at least possible)
Linux Security
In April, no Significant Vulnerability Problem
In May, not so much
Linux TTY
privilege escalation
Big Oops
Buffer overflows again
is C to blame?
Always have a plan B
The entire security of the internet depends on two unsolved mathematical problems
On the day either of these is solved, our internet security systems: SSL, TSL, go up in smoke
So what's our plan B?

Conclusions

If the boundary moves, embrace it
Security Systems always need to consider the consequences of implementation
Who are you serving (user, administrator, site ...)
And who should you be serving
Assisting the enterprise (or the administrator) can lead to loss of security
Best security helps the willing consumer do something they want to do
Strong verification is essential
But easy recovery in case of verification failure is also essential
Presented using impress.js by Bartek Szopka


Web Developer!
Thank You!
Questions?