Thursday Jan 07, 2010

Using the (Open)Solaris Service Management Facility as a Building Block for System Security

The Eleventh International Conference on Information and Communications Security (ICICS) 2009 was held December 14-17, 2009, Beijing, China. My paper entitled Using the (Open)Solaris Service Management Facility as a Building Block for System Security was accepted for publication. You can download the paper (pdf) as well as the presentation slides (pdf) I used for the talk.

Securing Cloud-based Services with OpenSolaris Security Features

Securing Cloud-based Services with OpenSolaris Security FeaturesThe 25th Annual Computer Security Applications Conference (ACSAC) was held in Honolulu, HI from Dec. 7-11, 2009. As many of you know I have been contributing for many years in various different organizing functions for the conference. As proceedings chair in 2009 I was responsible for producing the paper proceedings jointly with the IEEE CPS.

In addition, I gave a presentation ACSAC's Cloud Security Workshop on Dec. 8, 2009, entitled Securing Cloud-based Services with OpenSolaris Security Features.  You can download the presentation in pdf format. The talk basically explored to what extent you can lock down a Solaris-based golden image you may want to host in a cloud environment.[Read More]

Friday Oct 09, 2009

Oracle OpenWorld - Protecting Oracle with Solaris Security - Talk and Demonstration

Oracle OpenWorld 2009Glenn Faden and I put together a presentation and elaborate demonstration system where we show off how the Solaris Security features can be used to really lock down an Oracle Database installation. It is entitled Protecting Applications with Built-In Solaris Security Features (pdf) (Session S312612).

Glenn presented the talk at Oracle OpenWorld in San Francisco on Monday October 12, 2009 14:30-15:30 in the Marriott Hotel adjacent to Moscone Center in Salon 6. Together with additional demo booth staff we also presented the demonstration on a live, Niagara II-based server (Sun SPARC Enterprise T5220) in the Sun demo booth #1101, Moscone South Hall.

(Open)Solaris Security Summit - Nov. 3, 2009 - Co-located with Usenix LISA

(Open)Solaris Security SummitI am co-organizing the (Open)Solaris Security Summit, a free, one day event on November 3, 2009 co-located with the Usenix LISA 2009 conference in the Baltimore Marriott Waterfront, Baltimore, MD.  It is an all-day event and free to attend (Register Here). We have a very exciting program lined up with Bill Cheswick from AT&T as our keynote speaker, followed by technical talks on various Solaris security technologies, such as Solaris Trusted Extensions, Encrypted Storage, and a case study how to really lock down networked services with the wealth of Solaris security mechanisms.

[Read More]

Wednesday Jul 22, 2009

OpenSolaris Security BoF on 23 July 2009 8PM at OSCON, San Jose, CA.

OSCON 2009 July 23, San Jose, CA

OSOSOS - Offering Security in OpenSource Operating Systems

Location: San Jose Convention Center. Ballroom A3/A6
Date/Time: Thu. July 23, 2009 - 8pm

Moderated by: Christoph Schuba

Many operating system security mechanisms are necessary for developers to build secure software. While this session presents a few such mechanisms available and under development in OpenSolaris, it primarily seeks the dialogue and discussion how important these features are and how they compare to those of other OSes.

Speakers will do short talks on the Cryptographic Framework (Valerie Fenwick), Priveleges (Scott Rotondo) and Zones/TX (Glenn Faden), followed by a panel from all presenters, plus Christoph Schuba and Glenn Barry (Kerberos Guru).

BoFs are free, you just need to register for the expo pass (also free!) On-site registration is also possible, should you decide last minute to join us!

Wednesday May 27, 2009

Solaris Security Demonstrations

In previous posts, I presented a few tools that can be used to generate technology demonstrations to a broader audience. By popular demand, I am posting now the three demonstrations I have developed and have been giving to various audiences around the world at Sun's Technology Developer Conferences (TechDays.)

You can access these flash-based demonstrations here:

[Read More]

Friday May 15, 2009

Video Recording of my Sun TechDays Talk in St. Petersburg (April 9, 2009)

Russian Youtube video of Christoph Schuba's Sun TechDays talk: Developing and Deploying Securely The talk entitled "Developing and Deploying Securely" that I gave at the Sun Technology Days in St. Petersburg on April 9, 2009 was recorded and posted to the Russian equivalent of Youtube. Click on the image and you can watch it. The audio track is my voice - I was wondering if they would play the translator's voices over it. I am also posting the slides here again, so if you are interested, you can follow along. Most of the time it is impossible to see anything on the video screen in the background.


[Read More]

Wednesday Apr 01, 2009

Presentation on Cloud Security at CERIAS/Purdue University

CERIAS LogoOn March 24, 2009 I gave a presentation (pdf) on Cloud Security at the 10th Annual CERIAS SymposiumCERIAS is located at Purdue University and stands for Center for Education and Research in Information Assurance and Security.  A nicely written summary of the presentations and Q&A was posted by the folks at Purdue.

[Read More]

Monday Dec 15, 2008

Any Day now... Solaris Security Essentials Book on Safari Books Online

Solaris Security Essentials A couple of us in the Solaris Security engineering organization at Sun Microsystems have contributed to a book on Solaris Security. It covers the state of the art as of the Solaris Enterprise release, Solaris 10, Update 5.
A copy was alread released on Safari Books Online

Click HERE for early access!

[Read More]

Thursday Dec 11, 2008

New Sun BluePrint entitled Security Advantages of the Solaris Zones Software

Security Advantages of the Solaris Zones SoftwareCheck out my new Sun Blueprint (pdf) entitled Security Advantages of the Solaris Zones Software. It provides a hands-on introduction to the Solaris Zones architecture and discusses in details some of the security advantages of OS virtualization in the context of Solaris zones.

Schuba, Christoph. Security Advantages of the Solaris Zones Software. Sun BluePrints Online, Part No 820-7136-10. December 2008.

[Read More]

Wednesday Sep 17, 2008

New Solaris Security Presentation for TechDays 2009

I just finished putting together the presentation that will be given at the 2009 Sun Technology Developer Days, short TechDays, events across the globe. I'll be giving the presentation in a few weeks in São Paulo, Brazil, others will deliver it in Cities such as Seoul, Beijing, and London. If you've never been to TechDays, check out the web site - these (usually free) events are a great opportunity to learn the latest and hottest Sun technologies.  You can download the slides in PDF as well as their OpenOffice source format ODP. The latter version includes extensive sets of notes that help to understand the slides. The presentation includes a lot of code and administration examples.

If you want to learn about (Open)Solaris RBAC, Privileges, the Cryptographic Framework, as well as a number of ongoing OpenSolaris security projects, this presentation is for you!

[Read More]

Tuesday Sep 16, 2008

Towards Running Trusted Extension with OpenSolaris 2008.11

This blog entry is related to the one that Glenn Faden published recently, entitled "Running Trusted Extensions with opensolaris.2008.05". I updated Glenn's posting to describe how to get Trusted Extensions running on the OpenSolaris 2008.11 distribution.
The release 2008.11 is scheduled for  November this year, hence the name...

Now, since that's not actually out yet, I am starting with the OpenSolaris 2008.05 distribution and am moving to the OpenSolaris development build 97. I will update this blog as newer builds integrate some of the work-arounds described below, to keep the instructions minimal and as simple as possible. Whenever I know the build number for which the fix is expected, I will add them to the text below.

[Read More]



« July 2016