[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <AANLkTik6Ww6zM2LaNzgX5TSGOaxnK-VLQNVP-D0dtVJi@mail.gmail.com>
Date: Fri, 4 Jun 2010 23:47:24 +0500
From: Shaz <shazalive@...il.com>
To: Mimi Zohar <zohar@...ux.vnet.ibm.com>
Cc: Dmitry Kasatkin <dmitry.kasatkin@...ia.com>,
James Morris <jmorris@...ei.org>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
"linux-security-module@...r.kernel.org"
<linux-security-module@...r.kernel.org>,
David Safford <safford@...son.ibm.com>,
Dave Hansen <dave@...ux.vnet.ibm.com>,
Arjan van de Ven <arjan@...radead.org>,
securityengineeringresearchgroup
<securityengineeringresearchgroup@...glegroups.com>
Subject: Re: [PATCH 00/14] EVM
On Fri, Jun 4, 2010 at 8:09 PM, Mimi Zohar <zohar@...ux.vnet.ibm.com> wrote:
> On Fri, 2010-06-04 at 11:53 +0500, Shaz wrote:
>> > Yes, verifying one file containing the hashes would be faster than
>> > verifying individual hashes stored as extended attributes (xattrs), but
>> > this does not take into account that files on a running system are being
What if the sensitive files (binary or data) are compared with IMA
measurements after trusted boot or at anytime a stakeholder wants to?
The comparisons made with IMA will be the sha1 (or ....) of the files
stored in that one verification file. The stakeholder's key determines
which measurements can be compared by her (privacy protection and
confidentiality). Better use this key for an equivalence mechanism for
the factor of performance. The stakeholder's key as an identity can
help to make remote attestation more sensible as well. And here you
will be moving towards TCG MPWG standards .....
Combine this with SELinux or some RBAC mechanism and hopefully you
will get something closer to what MeeGo is trying to achieve. Consider
a trusted package manager with a registry sort of functionality for
files and it's owners and users and you've got a complete solution.
The worst part is that achieving performance is tough, while space is
not a serious issue.
>> > modified or added. On a small form factor, the number of files is
>> > limited, but would this scale well? In addition, what protects that one
>> > file containing all the hashes from being modified? So, if you limit
--
Shaz
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists