Brussels / 31 January & 1 February 2015

schedule

Software isolation in Linux

as used in the development of openconnect VPN server


For the development of openconnect VPN server a decision to compartmentalize the server was taken, in order to protect any sensitive values exchanged, ranging from the user transferred data, to the data used during the authentication process. This talk will summarize the issues faced during that development that relate to software isolation. That would cover issues with protecting the server's keys via TLS, the client-side authentication of TLS, and PAM authentication, and how they were solved.

For the development of openconnect VPN server a decision to compartmentalize the server was taken, in order to protect any sensitive values exchanged, ranging from the user transferred data, to the data used during the authentication process. This talk will summarize the issues faced during that development that relate to software isolation. That would cover issues with protecting the server's keys via TLS, the client-side authentication of TLS, and PAM authentication, and how they were solved.

Speakers

Nikos Mavrogiannopoulos

Attachments

Links