lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <1174931715.3493.44.camel@localhost.localdomain>
Date:	Mon, 26 Mar 2007 13:55:15 -0400
From:	David Safford <safford@...son.ibm.com>
To:	Pavel Machek <pavel@....cz>
Cc:	Andrew Morton <akpm@...ux-foundation.org>,
	Mimi Zohar <zohar@...ux.vnet.ibm.com>,
	linux-kernel@...r.kernel.org, serue@...ux.vnet.ibm.com,
	kjhall@...ux.vnet.ibm.com, zohar@...ibm.com
Subject: Re: [Patch 3/7] integrity: EVM as an integrity service provider

On Sun, 2007-03-25 at 12:13 +0000, Pavel Machek wrote:
> > > +	  The Extended Verification Module is an integrity provider.
> > > +	  An extensible set of extended attributes, as defined in
> > > +	  /etc/evm.conf, are HMAC protected against modification
> > > +	  using the TPM's KERNEL ROOT KEY, if configured, or with a
> > > +	  pass-phrase.  Possible extended attributes include authenticity,
> > > +	  integrity, and revision level.
> 
> What is identity provider good for? Can you explain it a bit more, or
> perhaps point to Doc*/ somewhere?
> 							Pavel

There are some papers and related userspace code at
   http://www.research.ibm.com/gsal/tcpa
which describe the architecture in more detail, but basically this 
integrity provider is designed to complement mandatory access control
systems like selinux and slim. Such systems can protect a running system 
against on-line attacks, but do not protect against off-line attacks  
(booting Knoppix and changing executables or their selinux labels), or 
against attacks which find weaknesses in the kernel or the LSM module 
itself.

Using a TPM or passphrase, EVM can verify the integrity of all files 
(including the kernel and initrd) and their labels before they are 
referenced. Using a TPM, EVM/IMA can attest to the integrity of all files 
to a third party, even if the kernel or modules have been compromised.
(An attack can block the attestation, but cannot forge valid TPM 
signatures.)

In response to customer demand, we are actively working to develop and 
test this attestation in enterprise server environments, integrated 
with both selinux and AppArmor.

dave


-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ