http://kernsec.org/wiki/index.php?action=history&feed=atom&title=Linux_Security_Summit_2015%2FAbstracts%2FReshetovaLinux Security Summit 2015/Abstracts/Reshetova - Revision history2026-05-07T12:03:55ZRevision history for this page on the wikiMediaWiki 1.36.1http://kernsec.org/wiki/index.php?title=Linux_Security_Summit_2015/Abstracts/Reshetova&diff=3569&oldid=prevJamesMorris: Created page with "== Title == Assembling Secure OS Images == Presenter == Elena Reshetova, Intel == Abstract == With the ongoing explosion of different embedded and mobile devices, both bi..."2015-07-01T13:26:37Z<p>Created page with "== Title == Assembling Secure OS Images == Presenter == Elena Reshetova, Intel == Abstract == With the ongoing explosion of different embedded and mobile devices, both bi..."</p>
<p><b>New page</b></p><div>== Title ==<br />
<br />
Assembling Secure OS Images<br />
<br />
== Presenter ==<br />
<br />
Elena Reshetova, Intel<br />
<br />
== Abstract ==<br />
<br />
With the ongoing explosion of different embedded and mobile devices, both<br />
big vendors and small companies are attempting to create their flavour of<br />
Linux-based operating system that these devices will be running. Typically<br />
these OSes consist from a set of separate packages that have been put<br />
together and configured by different scripts running during the image build<br />
process. The question that can be raised in this environment is "How much<br />
can we tell about the security of the OS image just by analysing its parts<br />
at different stages of build process in an automated fashion?" <br />
<br />
There are many existing guides and tutorials for Linux-based systems that<br />
attempts to create some checklist of things that a system administrator<br />
needs to verify to ensure that OS has certain hardening mechanisms in place,<br />
as well as there are commercial solutions that attempt to analyse the<br />
running OS image and determine its security. However, to the author's<br />
knowledge there are no mechanisms available in open source that can provide<br />
analyse the security during the image build process and at the same time be<br />
easily integrated to build systems, easily extendable and configurable to<br />
reflect the security needs of the organization. <br />
<br />
The goal of the talk is to present a new project and initial prototype that<br />
attempts to address the gap described above, as well as to get a community<br />
feedback in order to determine the future direction of the project.</div>JamesMorris