By user9159837 on Mar 15, 2011
This Blog is moving soon to a blogspot hosted on Oracle.com.
See you there!
The Eleventh International Conference on Information and Communications Security (ICICS) 2009 was held December 14-17, 2009, Beijing, China. My paper entitled Using the (Open)Solaris Service Management Facility as a Building Block for System Security was accepted for publication. You can download the paper (pdf) as well as the presentation slides (pdf) I used for the talk.
The 25th Annual Computer Security Applications Conference (ACSAC) was held in Honolulu, HI from Dec. 7-11, 2009. As many of you know I have been contributing for many years in various different organizing functions for the conference. As proceedings chair in 2009 I was responsible for producing the paper proceedings jointly with the IEEE CPS.In addition, I gave a presentation ACSAC's Cloud Security Workshop on Dec. 8, 2009, entitled Securing Cloud-based Services with OpenSolaris Security Features. You can download the presentation in pdf format. The talk basically explored to what extent you can lock down a Solaris-based golden image you may want to host in a cloud environment.[Read More]
Glenn Faden and I put together a presentation and elaborate demonstration system where we show off how the Solaris Security features can be used to really lock down an Oracle Database installation. It is entitled Protecting Applications with Built-In Solaris Security Features (pdf) (Session S312612).
I am co-organizing the (Open)Solaris Security Summit, a free, one day event on November 3, 2009 co-located with the Usenix LISA 2009 conference in the Baltimore Marriott Waterfront, Baltimore, MD. It is an all-day event and free to attend (Register Here). We have a very exciting program lined up with Bill Cheswick
from AT&T as our keynote speaker, followed by technical talks on
various Solaris security technologies, such as Solaris Trusted
Extensions, Encrypted Storage, and a case study how to really lock down
networked services with the wealth of Solaris security mechanisms.
OSOSOS - Offering Security in OpenSource Operating Systems
Location: San Jose Convention Center. Ballroom A3/A6
Date/Time: Thu. July 23, 2009 - 8pm
Moderated by: Christoph Schuba
Many operating system security mechanisms are necessary for developers to build secure software. While this session presents a few such mechanisms available and under development in OpenSolaris, it primarily seeks the dialogue and discussion how important these features are and how they compare to those of other OSes.
Speakers will do short talks on the Cryptographic Framework (Valerie Fenwick), Priveleges (Scott Rotondo) and Zones/TX (Glenn Faden), followed by a panel from all presenters, plus Christoph Schuba and Glenn Barry (Kerberos Guru).
BoFs are free, you just need to register for the expo pass (also free!) On-site registration is also possible, should you decide last minute to join us!
It's time to post an update for the scripting tools some of us have been using for automating OpenSolaris technology demonstrations. The latest code drop is here. The tar files contains everything that was posted previously, including a bug fix and a new crypto framework demo script that shows how to use soft tokens for persistent key storage across reboots. Scott Rotondo also contributed a python script called makedemo that automates the creation of demo scripts from a shell script. For detailed instructions how to use these tools, please refer to my earlier blog entry.
The presentation I gave at the CommunityOne 2009 conference is now available online. I presented a talk enitled "(Open)Solaris Operating System Secure Deployment" in the system administration track on Monday, June 1, 2009. This slide deck was used for the presentation. I also presented the demonstration of RBAC and the demonstration of the Cryptographic Framework that I posted previously as recordings during the talk.
In previous posts, I presented a few tools that can be used to generate technology demonstrations to a broader audience. By popular demand, I am posting now the three demonstrations I have developed and have been giving to various audiences around the world at Sun's Technology Developer Conferences (TechDays.)
You can access these flash-based demonstrations here:
The talk entitled "Developing and Deploying Securely" that I gave at the Sun Technology Days in St. Petersburg on April 9, 2009 was recorded and posted to the Russian equivalent of Youtube. Click on the image and you can watch it. The audio track is my voice - I was wondering if they would play the translator's voices over it. I am also posting the slides here again, so if you are interested, you can follow along. Most of the time it is impossible to see anything on the video screen in the background.
Monday 5/11/09 I gave a short presentation and demonstration at our Solaris Security Staff meeting showing how simple it is to create flash-based demos of the technology we are working on in OpenSolaris. Obviously, the same process could be used for creating flash files of lots of other things. Check out the presentation slides if you are interested. I'll post a few of the flash files in this blog entry soon.[Read More]
On March 24, 2009 I gave a presentation (pdf) on Cloud Security at the 10th Annual CERIAS Symposium. CERIAS is located at Purdue University and stands for Center for Education and Research in Information Assurance and Security. A nicely written summary of the presentations and Q&A was posted by the folks at Purdue.
Paper accepted at IWMSE'09, entitled Transparent Multi-core Cryptographic Support on Niagara CMT Processors (pdf).
James Hughes, Gary Morton, Jan Pechanec, Lawrence Spracklen, Bhargava Yenduri, and I co-authored a paper that explores how the Solaris Cryptographic Framework takes transparently advantage of our Niagara multi-core CPU processor line. The paper was accepted for publication and presentation at the Second International Workshop on Multicore Software Engineering (IWMSE09) on May 18, 2009, co-located with the 31st International Conference on Software Engineering (ICSE), May 16-24, 2009 in Vancouver, Canada.[Read More]
Check out my new Sun Blueprint (pdf) entitled Security Advantages of the Solaris Zones Software. It provides a hands-on introduction to the Solaris Zones architecture and discusses in details some of the security advantages of OS virtualization in the context of Solaris zones.
Schuba, Christoph. Security Advantages of the Solaris Zones Software. Sun BluePrints Online, Part No 820-7136-10. December 2008.[Read More]
This blog entry represents an update to my earlier blog on "Scripting technology demonstrations in (Open)Solaris". I created this entry, because I rewrote the software to include new functionality and to no longer require a C compiler. Everything's in Perl now. Some of the text below is duplicated from my original blog entry, but I figured it's easier on readers to find all information in a single blog entry rather than having to jump back and forth. For the impatient readers, here's what's new:
I just finished putting together the presentation that will be given at the 2009 Sun Technology Developer Days,
short TechDays, events across the globe. I'll be giving the
presentation in a few weeks in São Paulo, Brazil, others will deliver
it in Cities such as Seoul, Beijing, and London. If you've never been
to TechDays, check out the web site
- these (usually free) events are a great opportunity to learn the
latest and hottest Sun technologies. You can download the slides in PDF as well as their OpenOffice source format ODP.
The latter version includes extensive sets of notes that help to
understand the slides. The presentation includes a lot of code and
If you want to learn about (Open)Solaris RBAC, Privileges, the Cryptographic Framework, as well as a number of ongoing OpenSolaris security projects, this presentation is for you!
This blog entry is related to the one that Glenn Faden published recently, entitled "Running Trusted Extensions with opensolaris.2008.05". I updated Glenn's posting to describe how to get Trusted Extensions running on the OpenSolaris 2008.11 distribution. The release 2008.11 is scheduled for November this year, hence the name...
Jan Pechanec, Mark Phalan and I published a paper together entitled "New Security Features in OpenSolaris and Beyond" (pdf) at the OpenSolaris Developer Conference in Prague.