Project MySelfa project by cschum The goal of Project MySelf is to build a system to collect data about yourself in a safe and private way, so that you control your data and you can decide what happens with it. Read more |
updating rpms in docker containersa project by jordimassaguerpla The docker way of updating containers is to build a new image with the updated binaries and files, which creates a security concern. The docker way is not anymore running "zypper update" in the containment but to update the whole image in the image registry (hub docker if we are talking about public registry) and then pull the image update from there, stop the outdated containments and replace them by starting new containments based on the new image. |
zypper-docker with multiple backends and an APIa project by mssola During the last CSM workshop I started to refactor zypper-docker in a way that: - The CLI code and the "library" part got split. |
Diving into Qubes OSa project by thardeck What is Qubes OSQubes OS is an operating system based on Linux with security in mind. |
Do something useful with the TPMan idea by mwilck Almost all our laptops, and many servers, feature a TPM today. The TPM doesn't have the best reputation in the community because it could be used to lock down platforms or do nasty things with DRM. Under normal conditions on PCs, the TPM is controlled by the system owner and could actually be useful for almost anything involving crypto. Unfortunately the integration of the TPM in the OS is essentially non-existent. The introduction of the TPM2.0 standard complicates matters, because we now have two different devices with different APIs. The goal of this project would be to identify reasonable use cases for the TPM, evaluate exisiting projects, and create ways how to integrate it into various workflows in openSUSE. |
Analyze the security of Linux HTTPS connections and monitor the traffic of "smart" devicesan invention by thardeck I have Raspberry Pi with WLAN and an additional network module which can be run as a WIFI access point. Plan |
Securing a CMS by using a hidden CMS and exporting static html to a web servera project by johannes_p Small non profit organisations or activist groups need a Web presence that is easy to maintain by several authors. When using a CMS they do not have the resources to secure the CMS from the various possible attacs most CMSes are notorious for. Defacement or placing malicious content can damage the reputation of such non profit organisations. The solution would be to combine an of the shelf CMS with a static web server that is hosted on a different IP address. The authors would access the CMS through a kind of remote access gateway e.g. openvpn) where access can be well secured with certificates or even hardware tokens. |
Generate CVRFan invention by msmeissn CVRF is a standard where security advisories are encoded in a XML format. We are currently not generating such a format, but it seems to be getting more attention. |
Improve supplychain security in the build servicean idea by kbabioch In the past I've worked on a set of scripts to identify potential for improvement of the supply chain within our build service. For now RPM files can be scanned for unused signature files that are available upstream and look for potentially unused |
Improving the Security of OpenPGP USB Token with a Secure Chipa project by biergaizi OpenPGP Card is an ISO/IEC 7816-4 compatible smartcard that is integrated with many OpenPGP functions, including signature, encryption, and authentication. It provides an trustful computing environment isolated from the host computer, to guard one's private keys from attacks and exposures. ZetiControl in Germany is the first manufacturer of OpenPGP Card based on BasicCard platform. Since then, compatible USB tokens have also been manufactured, such as Yubikey and Nitrokey. Currently for compatible USB tokens, there are two approaches of OpenPGP Card implementation: |
libpathrsa project by cyphar The plan is to implement a safe path resolution library for Linux to avoid the plentiful numbers of security vulnerabilities that have been seen in the wild related to path resolution race conditions and various other attacks. I've been working on kernel-space solutions but even if they were merged, it is difficult to use them safely directly. So this library intends to provide simple wrappers that everyone can use. https://github.com/openSUSE/libpathrs |
Kanidm: A safe and modern IDM systeman invention by firstyear This hackweek I'll be working on Kanidm, an IDM system written in Rust for modern systems authentication. The github repo has a detailed "getting started" on the readme. Kanidm Github |
Kanidm - A modern opensource IDMa project by firstyear Project DescriptionKanidm is a modern, fast, opensource IDM aiming to be an alternative to projects like 389-ds, freeipa, samba 4 and others. Inspired by many identity as a services, many features of this project aim to advance the state of what is possible with opensource security and IDM today. |
Dawnscanner: revive the project and create an RPM packagea project by pperego Project DescriptionDawnscanner was a ruby code security static analyzer I created in 2013 and led until a couple of years ago. Unfortunately in my last two jobs, my focus was less on ruby code, so the project lost some traction. |