LFD441 Security and the Linux Kernel

understanding the Linux kernel security model and the mechanisms used to secure the operating system

The course covers the fundamentals of Linux kernel security, including memory protection, process management, system calls, and filesystem security. Students will learn about various security mechanisms in the Linux kernel, such as Mandatory Access Control (MAC), Linux Security Modules (LSM), and secureboot. Throughout the course, students will gain hands-on experience in securing both userspace and the Linux kernel through various security mechanisms.

This course prepares students to be able to secure a system using the various mechanisms and systems available as part of the Linux kernel and operating system. These skills can be used to secure anything from embedded systems, to mobile computers, desktop systems, servers or virtual machines.


This course is designed for systems level programmers or kernel engineers who want to learn more about the security options provided by the Linux kernel, as well as userspace developers who want to learn more about Linux kernel security mitigations. Learners should know how to build a Linux kernel, write and use Linux kernel modules, as well as have basic Linux command line and system administration skills.


  • Introduction
  • Preliminaries
  • How to Work in OSS Projects **
  • Kernel Features
  • Reducing Attack Surfaces
  • Kernel Deprecated Interfaces
  • Kernel Structure Layout Randomization
  • Introduction to Linux Kernel Security
  • Secure Boot VM Setup
  • Secure Boot
  • Module Signing
  • Integrity Measurement Architecture (IMA)
  • Linux Security Modules (LSM)
  • SELinux
  • AppArmor
  • Lockdown
  • Netfilter
  • Netlink Sockets**
  • Monitoring and Debugging
  • Printk
  • The proc Filesystem **
  • The proc Filesystem **
  • Ftrace
  • Perf
  • eBPF
  • Crash
  • kexec
  • Kernel Core Dumps
  • QEMU
  • Linux Kernel Debugging Tools
  • Closing and Evaluation Survey
  • Kernel Architecture I
  • Kernel Programming Preview
  • Modules
  • Kernel Architecture II
  • Kernel Configuration and Compilation
  • Kernel Style and General Considerations
  • Race Conditions and Synchronization Methods
  • Memory Addressing
  • Memory Allocation

** These sections may be considered in part or in whole as optional. They contain either background reference material, specialized topics, or advanced subjects. The instructor may choose to cover or not cover them depending on classroom experience and time constraints.


Wer möchte, reist bis 22 Uhr am Vortag an und nutzt den Abend bereits zum Fachsimpeln am Kamin oder im Park.

An den Kurstagen dann von 9-18 Uhr (mit 2 Kaffee- und 1 Mittagspause) etwa 60% Schulungen und 40% Übungen. Selbstverständlich arbeitet jeder Teilnehmer am von uns gestellten Notebook oft parallel zum Referenten mit.

Anschließend Abendessen und Angebote für Fachsimpeln, Ausflüge uvm. Wir schaffen eine Atmosphäre, in der Fachleute sich ungezwungen austauschen. Wer das nicht will, wird zu nichts gezwungen und findet auch jederzeit Ruhe.