09-11, 16:00–16:45 (Europe/Stockholm), Main hall
Blessed sanctum, save us.
In this talk, I will present Sanctum, a new, fully privilege-separated, compact and performant VPN daemon for POSIX systems.
Sanctum is based on the principle of "least privilege" using a multi-process approach where each process only has the necessary permissions to perform its function. This completely separates encryption, decryption and io paths from each other in a way not done before in VPN software.
Also, what happens if you do things wrong? Winky face.
So put on your hacker hat, and let’s hack.
Joris has many years of experience writing safe C code, of which more than 15 years in the OpenBSD project and over 10 years designing and writing code for high assurance cryptographic systems used in classified networks.