CYBERSEC 2021 uses cookies to provide you with the best user experience possible. By continuing to use this site, you agree to the terms in our Privacy Policy. I Agree

May 4-6 at Taipei Nangang Exhibition Center, Hall 2

Po-Chun Chang

Po-Chun Chang

Engineer, ITRI ICL

Associate Engineer, Division for Cyber and Data Security, ITRI ICL 

  • May 6th (Thu)
  • 15:45 - 16:15
  • 7F 701G

The Missing Piece of OpenWrt Security

These embedded devices are very susceptible to security vulnerabilities, as they are always powered-on, and usually have no updates after manufacture (unless malfunctioning). OpenWrt is no exception. Although the community already tries its best to bring the state-of-art hardening to date, it is just insufficient as there are too many software packages but too few people maintaining. As a consequence per “defense in depth”concept, Thomas Petazzoni from bootlin initiated the work in 2019 bringing SELinux to OpenWrt, and the work has been merged to the mainstream as of today.

Unfortunately the work addresses only the very first part of porting: necessary user-space packages and related kernel options, but not the bundled Reference Policy. After a detailed examination, our work fills the gap to unleash the power of SELinux, in hope to bring security to everyone in a more friendly way (prevention rather than mitigation).

Intermediate
Access ControlApplication SecurityEndpoint Security
Read More