lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:	Tue, 12 Sep 2006 10:57:25 -0700
From:	Kylene Jo Hall <kjhall@...ibm.com>
To:	linux-kernel <linux-kernel@...r.kernel.org>,
	LSM ML <linux-security-module@...r.kernel.org>
Cc:	Dave Safford <safford@...ibm.com>, Mimi Zohar <zohar@...ibm.com>,
	Serge Hallyn <sergeh@...ibm.com>, akpm@...l.org
Subject: [PATCH 0/7] Integrity Service and SLIM

This is an updated request for comments on a proposed integrity 
service framework and dummy provider, along with SLIM, a low 
water-mark mandatory access control LSM module which utilizes the 
integrity services as additional input to the access control decisions.

In this version:
- We have further slimmed down the code by removing the secrecy checks
to focus on only the integrity model at this time.  The secrecy code had
several parts that were still in development and only had comments
indicating where they would eventually be and the policy was only using
one secrecy level.  Hopefully, this will remove an element of review
confusion
- The file revocation code was removed in favor of denying access when a
process has open shared file descriptors b/c file revocation has too
many corner cases.
- Fixed the situation where shared physical memory could cause a problem
if one thread was demoted.  Currently access is denied in the situation
we are working on a way to allow the access and demote all the threads.
- SLIM boot parameter
- INTEGRITY config parameter (which SLIM depends on) 

Where we are going:
- dummy integrity subsystem (included)
- integrity-only slim (included)
- secrecy slim 
- tcg-based integrity subsystem

Later we will be submitting EVM as a specific integrity service
provider under this proposed framework. By separating the submissions,
we hope that the integrity framework and its relationship to SLIM
(and potentially to selinux) will be clearer and easier to review.
Since this integrity provider is a dummy, it has no requirements for
TPM hardware, or for LSM stacking, again making the review simpler.

A corresponding userspace utility package is available at
http://www.research.ibm.com/gsal/tcpa

Patch 1/7 is a tiny patch to make mprotect available for revocation.

Patch 2/7 provides the integrity service API with dummy provider.

Patch 3-7 provide SLIM, and a more detailed description of
its changes, and points out its use of the integrity service.

These patches have no prerequisites for stacker or TPM related patches.


-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ