2025-07-03, 11:40–12:00 (Europe/Paris), Amphitheater 122
This presentation introduces RootAsRole; an alternative to sudo/su commands that applies more finely the principle of least privilege, dives into security issues with Ansible and how RootAsRole helps to deal with.
RootAsRole is a Rust-based alternative to sudo for Linux systems. It allows the definitions of a co-administrated infrastructure with limited privilege sets through a structured role-based access control model and adhering to the principle of least privilege. In this presentation, we’ll explore how sr (the name of our tool, for Switch-Role) is more secure or/and better than sudo/doas/su alternatives, and extends its utility for automation with Ansible and the valuable security insights it offers.
After studying electronics and computer architecture, Yves spent a decade developing embedded software, first in a small business, then at Airbus. He then moved on to the Airbus A350 design office to work on its security. There, he practiced supplier management, systems engineering, and security requirements for systems with critical, safety-related impacts. Since then he has worked on various topics related to security, from governance to formal proofs of security properties, in several industrial domains such as aeronautics, railway and automotive.
In his free time, he develops his side-project sslh, which helps evading firewalls, hiding network services, and performs various network plumbing tasks.
Eddie Billoir is a last year industrial PhD student with the Institut de Recherche en Informatique de Toulouse (IRIT) in France and Airbus Protect company. His research focuses on operating system access control, emphasizing the principle of least privilege. He is also the main contributor of RootAsRole project.