This instructor-led course provides an understanding of the Linux kernel security model and the mechanisms used to secure the operating system.
INSTRUCTOR-LED COURSE
Security and the Linux Kernel (LFD441)
Who Is It For
This course is designed for systems level programmers or kernel engineers who want to learn more about the security options provided by the Linux kernel, as well as userspace developers who want to learn more about Linux kernel security mitigations. Learners should know how to build a Linux kernel, write and use Linux kernel modules, as well as have basic Linux command line and system administration skills.
read less
read more
What You’ll Learn
The course covers the fundamentals of Linux kernel security, including memory protection, process management, system calls, and filesystem security. Students will learn about various security mechanisms in the Linux kernel, such as Mandatory Access Control (MAC), Linux Security Modules (LSM), and secureboot. Throughout the course, students will gain hands-on experience in securing both userspace and the Linux kernel through various security mechanisms.
read less
read more
What It Prepares You For
This course prepares students to be able to secure a system using the various mechanisms and systems available as part of the Linux kernel and operating system. These skills can be used to secure anything from embedded systems, to mobile computers, desktop systems, servers or virtual machines.
read less
read more
Introduction
- Who You Are
- The Linux Foundation{
- Copyright and No Confidential Information
- The Linux Foundation{ Training
- Certification Programs and Digital Badging
- Linux Distributions
- Platforms
- Things Change in Linux and Open Source Projects
Preliminaries
- Kernel Sources and Use of git
Lab environment
- Why proxmox {?
- Our Lab Environment
- Labs
How to Work in OSS Projects **
- Know Where the Code is Coming From: DCO and CLA
- Stay Close to Mainline for Security and Quality
- Study and Understand the Project DNA
- Figure Out What Itch You Want to Scratch
- Identify Maintainers and Their Work Flows and Methods
- Get Early Input and Work in the Open
- Contribute Incremental Bits, Not Large Code Dumps
- Leave Your Ego at the Door: Don't Be Thin-Skinned
- Be Patient, Develop Long Term Relationships, Be Helpful
Reducing Attack Surfaces
- Types of Security
- Vulnerabilities
- Layers of Protection
- Software Exploits
- Labs
Kernel Features
- User-Space vs. Kernel-Space
- What are System Calls?
- Available System Calls
- Scheduling Algorithms and Task Structures
- Process Context
- Labs
Kernel Deprecated Interfaces
- __deprecated
- BUG() and BUG_ON()
- Computed Sizes for kmalloc()
- simple_strtol() Family of Routines
- strcpy(), strncpy(), strlcpy()
- printk() %p Format Specifier
- Variable Length Arrays
- Switch Case Fall-Through
- Zero-Length and One-Element Arrays in Structs
Address Space Layout Randomization (ASLR)
- How to Use ASLR
- Disabling ASLR for Specific Programs
- Kernel Configuration
- Kernel Address Space Layout Randomization (KASLR)
- How KASLR Works
- Enabling KASLR
- Labs
Kernel Structure Layout Randomization
- How Structure Randomization Works
- Structure Initialization
- Opt-in vs Opt-out
- Partial Randomization
- Enabling Structure Randomization
- Building Out-of-tree Modules with Structure Randomization
Introduction to Linux Kernel Security
- Discretionary Access Control (DAC)
- POSIX ACLs
- POSIX Capabilities
- Namespaces
- Linux Security Modules (LSM)
- Netfilter
- Cryptographic Methods
- The Kernel Self Protection Project
CGroups
- Overview
- Components of CGroup
- cgroup initialization
- cgroup Activation
- cgroups Parameters
- Testing cgroups
- systemd and cgroups
- Labs
eBPF
- eBPF
- Installation
- bcc Tools
- bpftrace
- Labs
Seccomp
- The seccomp Interface
- seccomp Strict Mode
- seccomp Filter Mode
- Labs
Secure Boot
- Secure Boot x86
- Embedded Systems Secure Boot
- Labs
Module Signing
- Basics of Signatures
- Module Signing Keys
- Enabling Module Signature Verification
- How It Works
- Signing Modules
- Labs
Integrity Measurement Architecture (IMA)
- Conceptual Operations
- Modes of Operation
- Collect Mode textit {(Collect and Store)
- Logging Mode textit {(Appraise and Audit)
- Enforcing Mode textit {(Appraise and Protect)
- Extended Verification Module (EVM)
- Labs
DM-Verity
- How dm-verity Works
- Enabling dm-verity
- Setting up dm-verity
- Using dm-verity
- Signing with dm-verity
- Booting with dm-verity
- Labs
Encrypted Storage
- Data Encryption Solutions
- Survey of Storage Encryption Options
- Block Encryption
- Block Encryption Use
- Filesystem Encryption
- Filesystem Encryption Use
- Layered Filesystem Encryption
- Layered Filesystem Encryption Use
- Labs
Linux Security Modules (LSM)
- LSM Basics
- LSM Choices
- How LSM Works
- An LSM Example: Yama
- Labs
SELinux
- SELinux Overview
- SELinux Modes
- SELinux Policies
- Context Utilities
- SELinux and Standard Command Line Tools
- SELinux Context Inheritance and Preservation**
- restorecon**
- semanage fcontext**
- Using SELinux Booleans**
- getsebool and setsebool**
- Troubleshooting Tools
- Labs
AppArmor
- Checking Status
- Modes and Profiles
- Profiles
- Utilities
Yama (LSM)
- Configuring Yama
- How Yama Works
- Labs
LoadPin (LSM)
- Enabling LoadPin
- Using LoadPin
- How LoadPin Works
Lockdown
- Lockdown Modes
- What Things are Locked Down?
- How It Works
- A Few Notes
- Labs
Safesetid
- Configuring Safesetid
- How Safesetid Works
- Labs
Netfilter
- Netfilter Hooks
- Netfilter Implementation
- Hooking into Netfilter
- Iptables
- nftables
- Labs
Netlink Sockets**
- Opening a netlink Socket
- netlink Messages
- Labs
Closing and Evaluation Survey
Kernel Architecture I
- Monolithic and Micro Kernels
- Object-Oriented Methods
- Main Kernel Components
- User-Space and Kernel-Space
Kernel Programming Preview
- Memory Allocation
- Transferring Data between User and Kernel Spaces
- Object-Oriented Inheritance - Sort Of
- Linked Lists
- Jiffies
- Labs
Modules
- A Trivial Example
- Compiling Modules
- Modules vs Built-in
- Module Utilities
- Automatic Module Loading
- Module Usage Count
- Module Licensing
- Exporting Symbols
- Resolving Symbols **
- Labs
Kernel Architecture II
- Kernel Preemption
- Real Time Preemption Patch
- Labs
Kernel Configuration and Compilation
- Kernel Browsers
- Kernel Configuration Files
- Kernel Building and Makefiles
- initrd and initramfs
- Labs
Kernel Style and General Considerations
- Using Generic Kernel Routines and Methods
- Making a Kernel Patch
- sparse
- Using likely() and unlikely()
- Writing Portable Code, CPU, 32/64-bit, Endianness
- Writing for SMP
- Writing for High Memory Systems
- Power Management
- Keeping Security in Mind
- Labs
Race Conditions and Synchronization Methods
- Atomic Operations
- Bit Operations
- Spinlocks
- Seqlocks
- Disabling Preemption
- Mutexes
- Semaphores
- Completion Functions
- Read-Copy-Update (RCU)
- Reference Counts
- Labs
Memory Addressing
- Systems With and Without MMU and the TLB
- Memory Addresses
- High and Low Memory
- Memory Zones
- Special Device Nodes
- NUMA
- Paging
- Page Tables
- page structure
- Labs
Memory Allocation
- Buddy System
- Slabs and Cache Allocations
- Memory Pools
- kmalloc()
- vmalloc()
- Early Allocations and bootmem()
- Memory Defragmentation
- Labs
These sections may be considered in part or in whole as optional. They contain either background reference material, specialized topics, or advanced subjects. The instructor may choose to cover or not cover them depending on classroom experience and time constraints.
Prerequisites
- Be proficient in the C programming language.
- Be familiar with basic Linux (UNIX) utilities such as ls, grep and tar.
- Be comfortable using any of the available text editors (e.g. emacs, vi, etc.).
- Experience with any major Linux distribution is helpful but not strictly required.
- Have experience equivalent to having taken LFD420: Linux Kernel Internals and Development.
Pre-class preparation material will be provided before class.
Nov 2024
The wide range of topics covered. Attending it virtually made it much easier to attend as well.
Sep 2024
Having examples to run, and the opportunity to play around in menuconfig, are always helpful when learning about the kernel.
Sep 2024
The labs were very well developed, and everything was ready to be run.
Jun 2024
I appreciated how easy it was made to recompile a kernel from the sources, and the overall presentation of the different kernel features as well as how the development of the kernel is taking place has been demystified.
Apr 2024
I really enjoyed having John as the instructor, he explained things well without getting too into the weeds, but still covered it well that I was constantly learning new things, and knew where to go to dig more into something myself.
Apr 2024
This was my first LFD offline training. The pace was good, and we covered all the material. John was well-prepared, professional, well-spoken, and funny.
Apr 2024
My favorite part was the labs, specifically the netfilter labs. I was able to deepen my skills here, and I felt accomplished doing so. It was challenging, but not too challenging to be frustrating.
Apr 2024
The broadness of the course material, it covered a lot. As a result I know which areas I will need to focus on, and which classes will be needed to advance my learning.
Apr 2024
I like the breadth of knowledge, i.e., going over all the features that could be considered kernel security features. I also liked that we got a good idea of how the different features were implemented, not just how to use them.
$3250
Jan, 27 - 30, 2025
9:00 am - 5:00 pm US/Central
Virtual, Instructor-Led
GUARANTEED With Next Enrollment
Classes will be guaranteed to run with next enrollment.
Mar, 3 - 6, 2025
9:00 am - 5:00 pm US/Central
Virtual, Instructor-Led
Dates don't work? Check out our partner schedule
Live Online (Virtual) or Live (Classroom)
4 days of Instructor-led class time
Hands-on Labs & Assignments
Resources & Course Manual
Certificate of Completion
Digital Badge
