Day 1 (Storage Protection and Virtualization):
Slot 1: Introduction and Filesystem Security
- Introduction and Recap of Linux Security Basics
- Lab: Demonstration and Explanation of an Exploit
- What is not covered and where can it be found?
- Filesystem Integrity/Encryption
- Lab: Setup special filesystems
Slot 2: Virtualization Methods
- Process (Group) Isolation and secure IPC with Virtualization Techniques
- Lab: Experiments with virtualization technologies
Day 2 (Kernel Security Mechanisms):
Slot 1: Capabilities, Cgroups, Seccomp
- Capabilities, Cgroups and Seccomp
- Lab: Configurations with Cgroups
- Lab: Applications of Seccomp and Capabilities
Slot 2: Linux Security Modules (LSM)
- LSM, Implementations and Policies
- Lab: LSM Setup
- Secure Virtualized System Construction Example
Day 3 (Hardware-Based Protection Mechanisms and Outlook):
Slot 1: Trusted Computing and Secure Hardware
- HSMs and Secure Elements
- Trusted Computing and (Remote) Attestation for Linux
- Lab: IMA/TPM Application and Remote Attestation
Slot 2: Hardware Virtualization and Security Extensions
- Intel-VT and AMD-V Virtualization Technologies
- TEEs (ARM Trustzone, Intel TXT/AMD SVM, Intel SGX, AMD SME/SEV)
- Lab: Applications with Trusted Hardware
Slot 3: Selected Topics and Research
- Kernel Information Leakages
- Coldboot Attacks
- Lab: Analysis of Main Memory
- RAM Encryption