Tuesday Mar 15, 2011

Blog is moving!

This Blog is moving soon to a blogspot hosted on Oracle.com

See you there!


Thursday Jan 07, 2010

Using the (Open)Solaris Service Management Facility as a Building Block for System Security

The Eleventh International Conference on Information and Communications Security (ICICS) 2009 was held December 14-17, 2009, Beijing, China. My paper entitled Using the (Open)Solaris Service Management Facility as a Building Block for System Security was accepted for publication. You can download the paper (pdf) as well as the presentation slides (pdf) I used for the talk.

Securing Cloud-based Services with OpenSolaris Security Features

Securing Cloud-based Services with OpenSolaris Security FeaturesThe 25th Annual Computer Security Applications Conference (ACSAC) was held in Honolulu, HI from Dec. 7-11, 2009. As many of you know I have been contributing for many years in various different organizing functions for the conference. As proceedings chair in 2009 I was responsible for producing the paper proceedings jointly with the IEEE CPS.

In addition, I gave a presentation ACSAC's Cloud Security Workshop on Dec. 8, 2009, entitled Securing Cloud-based Services with OpenSolaris Security Features.  You can download the presentation in pdf format. The talk basically explored to what extent you can lock down a Solaris-based golden image you may want to host in a cloud environment.[Read More]

Friday Oct 09, 2009

Oracle OpenWorld - Protecting Oracle with Solaris Security - Talk and Demonstration

Oracle OpenWorld 2009Glenn Faden and I put together a presentation and elaborate demonstration system where we show off how the Solaris Security features can be used to really lock down an Oracle Database installation. It is entitled Protecting Applications with Built-In Solaris Security Features (pdf) (Session S312612).

Glenn presented the talk at Oracle OpenWorld in San Francisco on Monday October 12, 2009 14:30-15:30 in the Marriott Hotel adjacent to Moscone Center in Salon 6. Together with additional demo booth staff we also presented the demonstration on a live, Niagara II-based server (Sun SPARC Enterprise T5220) in the Sun demo booth #1101, Moscone South Hall.

(Open)Solaris Security Summit - Nov. 3, 2009 - Co-located with Usenix LISA

(Open)Solaris Security SummitI am co-organizing the (Open)Solaris Security Summit, a free, one day event on November 3, 2009 co-located with the Usenix LISA 2009 conference in the Baltimore Marriott Waterfront, Baltimore, MD.  It is an all-day event and free to attend (Register Here). We have a very exciting program lined up with Bill Cheswick from AT&T as our keynote speaker, followed by technical talks on various Solaris security technologies, such as Solaris Trusted Extensions, Encrypted Storage, and a case study how to really lock down networked services with the wealth of Solaris security mechanisms.

[Read More]

Wednesday Jul 22, 2009

OpenSolaris Security BoF on 23 July 2009 8PM at OSCON, San Jose, CA.

OSCON 2009 July 23, San Jose, CA

OSOSOS - Offering Security in OpenSource Operating Systems

Location: San Jose Convention Center. Ballroom A3/A6
Date/Time: Thu. July 23, 2009 - 8pm

Moderated by: Christoph Schuba

Many operating system security mechanisms are necessary for developers to build secure software. While this session presents a few such mechanisms available and under development in OpenSolaris, it primarily seeks the dialogue and discussion how important these features are and how they compare to those of other OSes.

Speakers will do short talks on the Cryptographic Framework (Valerie Fenwick), Priveleges (Scott Rotondo) and Zones/TX (Glenn Faden), followed by a panel from all presenters, plus Christoph Schuba and Glenn Barry (Kerberos Guru).

BoFs are free, you just need to register for the expo pass (also free!) On-site registration is also possible, should you decide last minute to join us!

Friday Jul 10, 2009

Scripting technology demonstrations in (Open)Solaris - V.3

OS 2009.06 - Security Demo screenshoptIt's time to post an update for the scripting tools some of us have been using for automating OpenSolaris technology demonstrations. The latest code drop is here.  The tar files contains everything that was posted previously, including a bug fix and a new crypto framework demo script that shows how to use soft tokens for persistent key storage across reboots. Scott Rotondo also contributed a python script called makedemo that automates the creation of demo scripts from a shell script. For detailed instructions how to use these tools, please refer to my earlier blog entry.

Monday Jun 15, 2009

Streaming Video of CommunityOne talk entitled (Open)Solaris Operating System Secure Deployment

CommunityOne Talk June 1, 2009 The presentation I gave at the CommunityOne 2009 conference is now available online. I presented a talk enitled "(Open)Solaris Operating System Secure Deployment" in the system administration track on Monday, June 1, 2009. This slide deck was used for the presentation. I also presented the demonstration of RBAC and the demonstration of the Cryptographic Framework that I posted previously as recordings during the talk.

Wednesday May 27, 2009

Solaris Security Demonstrations

In previous posts, I presented a few tools that can be used to generate technology demonstrations to a broader audience. By popular demand, I am posting now the three demonstrations I have developed and have been giving to various audiences around the world at Sun's Technology Developer Conferences (TechDays.)

You can access these flash-based demonstrations here:

[Read More]

Monday May 18, 2009

Transparent Multi-core Cryptographic Support on Niagara CMT Processors

I just presented a paper I co-authored at the second Internation Workshop on Multicore Software Engineering (IWMSE09) in Vancouver, Canada. I posted a blog entry a few weeks ago when the paper was accepted, but now I can also post the pdf slides.

[Read More]

Friday May 15, 2009

Highway 84

Highway 84
© 2005 by Christoph Schuba

[Read More]

Video Recording of my Sun TechDays Talk in St. Petersburg (April 9, 2009)

Russian Youtube video of Christoph Schuba's Sun TechDays talk: Developing and Deploying Securely The talk entitled "Developing and Deploying Securely" that I gave at the Sun Technology Days in St. Petersburg on April 9, 2009 was recorded and posted to the Russian equivalent of Youtube. Click on the image and you can watch it. The audio track is my voice - I was wondering if they would play the translator's voices over it. I am also posting the slides here again, so if you are interested, you can follow along. Most of the time it is impossible to see anything on the video screen in the background.


[Read More]

Creating Flash-based Technology Demos

Simple Tools and Process for Creating Flash-DemosMonday 5/11/09 I gave a short presentation and demonstration at our Solaris Security Staff meeting showing how simple it is to create flash-based demos of the technology we are working on in OpenSolaris. Obviously, the same process could be used for creating flash files of lots of other things. Check out the presentation slides if you are interested. I'll post a few of the flash files in this blog entry soon.

[Read More]

Speaking at CommunityOne West in San Francisco on June 1, 2009

CommunityOne West San FranciscoMy talk submission entitled "OpenSolaris Secure Deployment: Role-Based Access Control and the Cryptographic Framework" was accepted for presentation at the CommunityOne West Conference in San Francisco. The first day (which includes my talk) of CommunityOne is free to attend. My talk scheduled for the "Managing OpenSolaris" track, rooms ESP 304/306 in the Moscone Center in San Francisco on Monday, June 1, 4-4:50pm. See you there!
[Read More]

Wednesday Apr 01, 2009

Presentation on Cloud Security at CERIAS/Purdue University

CERIAS LogoOn March 24, 2009 I gave a presentation (pdf) on Cloud Security at the 10th Annual CERIAS SymposiumCERIAS is located at Purdue University and stands for Center for Education and Research in Information Assurance and Security.  A nicely written summary of the presentations and Q&A was posted by the folks at Purdue.

[Read More]

Thursday Feb 19, 2009

Paper accepted at IWMSE'09, entitled "Transparent Multi-core Cryptographic Support on Niagara CMT Processors."

ICSE09Paper accepted at IWMSE'09, entitled Transparent Multi-core Cryptographic Support on Niagara CMT Processors (pdf).

James Hughes, Gary Morton, Jan Pechanec, Lawrence Spracklen, Bhargava Yenduri, and I co-authored a paper that explores how the Solaris Cryptographic Framework takes transparently advantage of our Niagara multi-core CPU processor line. The paper was accepted for publication and presentation at the Second International Workshop on Multicore Software Engineering (IWMSE09) on May 18, 2009, co-located with the 31st International Conference on Software Engineering (ICSE), May 16-24, 2009 in Vancouver, Canada.

[Read More]

Monday Dec 15, 2008

Any Day now... Solaris Security Essentials Book on Safari Books Online

Solaris Security Essentials A couple of us in the Solaris Security engineering organization at Sun Microsystems have contributed to a book on Solaris Security. It covers the state of the art as of the Solaris Enterprise release, Solaris 10, Update 5.
A copy was alread released on Safari Books Online

Click HERE for early access!

[Read More]

Thursday Dec 11, 2008

New Sun BluePrint entitled Security Advantages of the Solaris Zones Software

Security Advantages of the Solaris Zones SoftwareCheck out my new Sun Blueprint (pdf) entitled Security Advantages of the Solaris Zones Software. It provides a hands-on introduction to the Solaris Zones architecture and discusses in details some of the security advantages of OS virtualization in the context of Solaris zones.

Schuba, Christoph. Security Advantages of the Solaris Zones Software. Sun BluePrints Online, Part No 820-7136-10. December 2008.

[Read More]

Friday Oct 31, 2008

Scripting technology demonstrations in (Open)Solaris - V.2

This blog entry represents an update to my earlier blog on "Scripting technology demonstrations in (Open)Solaris". I created this entry, because I rewrote the software to include new functionality and to no longer require a C compiler. Everything's in Perl now. Some of the text below is duplicated from my original blog entry, but I figured it's easier on readers to find all information in a single blog entry rather than having to jump back and forth. For the impatient readers, here's what's new:

  • Ease of portability: demotools are now completely written in Perl - no more C programs that require compilation
  • The demo tools routines are a Perl module now, easily integrated into your program

[Read More]

Thursday Oct 30, 2008

New Book Chapter on Solaris Trusted Extensions

Glenn Faden and I recently contributed a book chapter on Solaris Trusted Extensions (pdf version)  to Trent Jaeger's new book on Operating System Security, published by Morgan & Claypool Publishers. This book is part of the Synthesis Lectures on Information Security, Privacy and Trust. Check it out!
  • Jaeger, Trent. Operating System Security. Synthesis Lectures on Information Security, Privacy and Trust. Morgan & Claypool Publishers. 2008.

[Read More]

Thursday Oct 09, 2008

Scripting technology demonstrations in (Open)Solaris

Several folks have asked me to post the demo scripts and tools I use when presenting (Open)Solaris talks that contain live demonstrations. Initially I hesitated, primarily because these scripts and tools are embarassingly simple. Yet, because I was asked by several of folks, I decided to post them here. If you make improvements to these tools or scripts, please send me the code as I am planning on continuing to use (and document improvements of) this approach until I find something better.[Read More]

Wednesday Sep 24, 2008

New Virtualization Presentation for TechDays 2009

And I am involved with another presentation that will be given at the 2009 Sun Technology Developer Days, short TechDays, events across the globe. Nicolas Droux and I co-authored it, borrowing heavily from older presentations. It is entitled "Virtualization from the Desktop to the Enterprise". I will be delivering this talk in São Paulo, Brazil next week, back to back with the "Developing and Deploying Securely" presentation. (Read more about that presentation in my blog entry New Solaris Security Presentation for TechDays 2009.)

[Read More]

Wednesday Sep 17, 2008

New Solaris Security Presentation for TechDays 2009

I just finished putting together the presentation that will be given at the 2009 Sun Technology Developer Days, short TechDays, events across the globe. I'll be giving the presentation in a few weeks in São Paulo, Brazil, others will deliver it in Cities such as Seoul, Beijing, and London. If you've never been to TechDays, check out the web site - these (usually free) events are a great opportunity to learn the latest and hottest Sun technologies.  You can download the slides in PDF as well as their OpenOffice source format ODP. The latter version includes extensive sets of notes that help to understand the slides. The presentation includes a lot of code and administration examples.

If you want to learn about (Open)Solaris RBAC, Privileges, the Cryptographic Framework, as well as a number of ongoing OpenSolaris security projects, this presentation is for you!

[Read More]

Tuesday Sep 16, 2008

Towards Running Trusted Extension with OpenSolaris 2008.11

This blog entry is related to the one that Glenn Faden published recently, entitled "Running Trusted Extensions with opensolaris.2008.05". I updated Glenn's posting to describe how to get Trusted Extensions running on the OpenSolaris 2008.11 distribution.
The release 2008.11 is scheduled for  November this year, hence the name...

Now, since that's not actually out yet, I am starting with the OpenSolaris 2008.05 distribution and am moving to the OpenSolaris development build 97. I will update this blog as newer builds integrate some of the work-arounds described below, to keep the instructions minimal and as simple as possible. Whenever I know the build number for which the fix is expected, I will add them to the text below.

[Read More]

Wednesday Jul 09, 2008

Who am I? My biography.

Hello World!

My first blog entry should probably be about myself, so here is my professional biography - as time goes on, I am sure you'll get to read more about my hobbies and family, but for now I'll concentrate on my professional development.


[Read More]



« August 2016