Speaker
Description
Ubuntu is a collection of many software programs that function together. Sometimes, these applications may have more permissions than they actually need, which can make them a good target for attackers. For example, imagine you install a simple image viewer, but because of it's weak security settings, it can read your private documents, access the internet, or even modify system files. If an attacker was able to find a vulnerability in such an application, they could possibly use that to compromise the whole system.
Without proper restrictions, an application could accidentally or maliciously perform actions beyond what it should. AppArmor helps fix this by allowing us to define exactly what an application can and cannot do.
In this workshop, we will:
- Learn the basics of AppArmor and how it works.
- Understand how to check an application’s current permissions.
- Write a basic AppArmor profile to restrict an application’s access.
- Test the profile to see how it improves security.
- Learn how to troubleshoot and refine AppArmor profiles.
By the end of the workshop, we will be able to create AppArmor profiles that enhance the security of applications running on our system.
An AppArmor profile creates a shield around our application. It defines what files, network resources, and system capabilities the application can access. For example, if we define the following rule for the image viewer, it can only access the files that end with jpeg, jpg or png which significantly reduces the attack surface.
file r /**.{jpeg,jpg,png}
Things to know or prepare for this session
Must have:
- a laptop running Ubuntu
Good to have but not necessary:
- knowledge of file permissions
- use of chmod, chown command
- Mandatory Access Control(MAC) vs Discretionary Access Control(DAC)
Summary
This workshop introduces participants to AppArmor, a Linux Security Module that helps restrict application permissions. Through hands-on exercises, attendees will learn how to write, test, and refine AppArmor profiles to improve system security.
Biography
Shishir is currently working as a security engineer at Canonical, where he helps keep applications in Ubuntu secure by mitigating security vulnerabilities. He graduated as a computer engineer from Pulchowk Campus and has a passion for open source security, application and infrastructure hardening, and solving technical problems. With hands-on experience in securing open-source applications, Shishir is dedicated to making Ubuntu a more secure platform for end users. Beyond his professional role, Shishir is an info-sec enthusiast who enjoys tackling challenges on platforms like hackthebox and tryhackme and shares write-ups on his personal blog.
What audience can learn
By the end of this session, participants will:
- have a better understanding of the security threats associated with unconstrained applications
- get hands-on experience creating and testing AppArmor profiles
- Be able to secure applications and reduce attack surface using AppArmor
| Difficulty level | Begineer |
|---|