September 13-16, 2022
Dublin, Ireland + Virtual
View More Details & Registration
Note: The schedule is subject to change.

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for Open Source Summit Europe 2022 to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

This schedule is automatically displayed in Irish Standard Time (UTC +1). To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date."

IMPORTANT NOTE: Timing of sessions and room locations are subject to change.

Back To Schedule
Thursday, September 15 • 17:05 - 17:45
Are you Sure your System Applications are Secure? Reduce Exploitation Risk via Application Specific Hardening - Kjell Pirschel, ETAS GmbH & Philipp Ahmann, Robert Bosch GmbH

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
Any connected IoT system or elements thereof (no matter if application or library) will be confronted with various kind of attacks. There is never a guarantee to be 100% secure. As consequence, it must be accepted, that security issues will occur in IoT applications in the future. Preventive measures have to be taken. 

Even if Bosch uses secure coding guidelines as well as various testing strategies to prevent security issues in its own development, vulnerabilities might be introduced at the interface boundary e.g. by a linked library. In addition, it is expected that not all kinds of security-related bugs can be fully eliminated from the code base. Already a missing compiler parameter can result in a larger attack surface.

With this expectation in mind the idea came up, which exploit mitigations and measures can be applied to enhance the security of a system containing possibly unsecure applications. Discretionary and mandatory access control as well as systemd configurations were picked to evaluate and tailor chosen services (like connman and blueZ) in a plain APERTIS based IoT image. Those additional tailored configurations shall provide service isolation and enhanced exploit mitigation using Linux kernel features which are described in this talk.

avatar for Kjell Pirschel

Kjell Pirschel

IT Security Consultant, ETAS GmbH
Kjell Pirschel is a security consultant with focus on embedded security. He brings experience in different projects – from Linux security over post-quantum cryptography to security processes and solutions in the automotive sector.He studied computer science with a focus on computer... Read More →
avatar for Philipp Ahmann

Philipp Ahmann

Product Manager, Bosch
Philipp Ahmann is a technical business development manager at Robert Bosch GmbH with focus on Open Source activities. He represents the ELISA project of the Linux Foundation as technical steering committee chair and is a member of the Linux Foundation Europe Advisory Board. He has... Read More →

Thursday September 15, 2022 17:05 - 17:45 IST
Liffey Hall 1 (Level 1)
  Embedded Linux Conference (ELC), Security