Brussels / 1 & 2 February 2020

schedule

Security devroom


09 10 11 12 13 14 15 16 17 18
Saturday Threat Modelling for Developers OSINT
do you really know what data you are leaking to the public?
Securing Existing Software using Formally Verified Libraries SpecFuzz: Bringing Spectre-type vulnerabilities to the surface Falco Internals 101 : Syscalls processing for security analysis
What happens when you have: syscalls, a kernel module, an eBPF probe and a Ring Buffer?
Docker Security considerations & Incident Analysis Incrementality and deck functions
Simple protocols and efficient constructions in symmetric cryptography
How Transparent Data Encryption is built in MySQL and Percona Server ? Secure logging with syslog-ng
Forward integrity and confidentiality of system logs
Protecting plaintext secrets in configuration files Application Whitelisting in Linux Environment seccomp — Your Next Layer of Defense Kernel Runtime Security Instrumentation
LSM+BPF=KRSI
Using SELinux with container runtimes The hairy issue of e2e encryption in instant messaging What you most likely did not know about sudo…

The security devroom topic this year is Practial use of security technologies.

This covers security protocols and their usability, the usability of the open source crypto libraries and applications from both developer and user side, pitfails of using crypto, security threats, vulnerabilities and their mitigations in real-world use cases. We welcome presentations which elaborate on these topics, and presentations that analyze other's solutions.

See https://github.com/security-devroom/fosdem-2020 for more information.

Event Speakers Start End

Saturday

  Threat Modelling for Developers Arne Padmos 10:30 10:55
  OSINT
do you really know what data you are leaking to the public?
David Busby 11:00 11:25
  Securing Existing Software using Formally Verified Libraries Tobias Reiher 11:30 11:55
  SpecFuzz: Bringing Spectre-type vulnerabilities to the surface Oleksii Oleksenko 12:00 12:25
  Falco Internals 101 : Syscalls processing for security analysis
What happens when you have: syscalls, a kernel module, an eBPF probe and a Ring Buffer?
Lorenzo Fontana 12:30 12:55
  Docker Security considerations & Incident Analysis John Lionis 13:00 13:25
  Incrementality and deck functions
Simple protocols and efficient constructions in symmetric cryptography
Gilles Van Assche 13:30 13:55
  How Transparent Data Encryption is built in MySQL and Percona Server ? Robert Golebiowski 14:00 14:25
  Secure logging with syslog-ng
Forward integrity and confidentiality of system logs
Stephan Marwedel 14:30 14:55
  Protecting plaintext secrets in configuration files Moisés Guimarães 15:00 15:25
  Application Whitelisting in Linux Environment Radovan Sroka 15:30 15:55
  seccomp — Your Next Layer of Defense Philipp Krenn 16:00 16:25
  Kernel Runtime Security Instrumentation
LSM+BPF=KRSI
Florent Revest 16:30 16:55
  Using SELinux with container runtimes Lukas Vrabec 17:00 17:25
  The hairy issue of e2e encryption in instant messaging Winfried Tilanus 17:30 17:55
  What you most likely did not know about sudo… Peter Czanik 18:00 18:25