EVM
in [Kernel]
|
Prev: [PATCH v2] cdc-acm: fix resource reclaim in error path of acm_probe
Next: [RFC PATCH] ARM: Add SSI Clock Adjustment for i.MX27 TO2
From: James Morris on 30 May 2010 20:30 On Wed, 21 Apr 2010, Mimi Zohar wrote: > Much appreciation to Dave Hansen, Serge Hallyn, and Matt Helsley for > reviewing the patches. We're not seeing much comment on this code beyond the folk above. It might help to cc fsdevel. Also, I raised some issues: I'd also be interested to know what kind of user demand there is for EVM -- are there any specific instances of user requirements which are met by it? Do any distros plan to enable and support it? and does this code meet the requirements of potential users such as Meego ? - James -- James Morris <jmorris(a)namei.org> -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo(a)vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
From: Shaz on 31 May 2010 06:10 > EVM is based on EA while Aegis does not use EA as far as I can > understand from the documentation available. Can we make EVM > independent of EA? Even the MAC mechanism is very different then > existing LSM based mechanisms. Have a look at the following: http://research.nokia.com/files/NRCTR2008010.pdf http://research.nokia.com/files/NRCTR2008007.pdf http://lwn.net/Articles/372937/ -- Shaz -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo(a)vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
From: Shaz on 31 May 2010 06:10 On Mon, May 31, 2010 at 5:20 AM, James Morris <jmorris(a)namei.org> wrote: > On Wed, 21 Apr 2010, Mimi Zohar wrote: > >> Much appreciation to Dave Hansen, Serge Hallyn, and Matt Helsley for >> reviewing the patches. > > We're not seeing much comment on this code beyond the folk above. �It > might help to cc fsdevel. > > Also, I raised some issues: > > �I'd also be interested to know what kind of user demand there is for EVM > �-- are there any specific instances of user requirements which are met > �by it? �Do any distros plan to enable and support it? > > and does this code meet the requirements of potential users such as Meego ? EVM is based on EA while Aegis does not use EA as far as I can understand from the documentation available. Can we make EVM independent of EA? Even the MAC mechanism is very different then existing LSM based mechanisms. -- Shaz -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo(a)vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
From: Mimi Zohar on 1 Jun 2010 15:30 On Mon, 2010-05-31 at 15:08 +0500, Shaz wrote: > > EVM is based on EA while Aegis does not use EA as far as I can > > understand from the documentation available. Can we make EVM > > independent of EA? Even the MAC mechanism is very different then > > existing LSM based mechanisms. > > Have a look at the following: > > http://research.nokia.com/files/NRCTR2008010.pdf > http://research.nokia.com/files/NRCTR2008007.pdf > http://lwn.net/Articles/372937/ SELinux, Smack, Capabilities, and IMA all use extended attributes. The purpose of EVM is to detect offline tampering of these security extended attributes. The IMA integrity appraisal extension extends IMA with local measurement appraisal. The extension stores and maintains the file integrity measurement as an extended attribute 'security.ima', which EVM can be configured to protect. Instead of storing the hash measurement as an extended attribute, the file hashes could be loaded in kernel memory, as long as the appraise policy is appropriately constrained. Mimi -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo(a)vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
From: Dmitry Kasatkin on 2 Jun 2010 03:10
On 01/06/10 22:28, ext Mimi Zohar wrote: > On Mon, 2010-05-31 at 15:08 +0500, Shaz wrote: > >>> EVM is based on EA while Aegis does not use EA as far as I can >>> understand from the documentation available. Can we make EVM >>> independent of EA? Even the MAC mechanism is very different then >>> existing LSM based mechanisms. >>> >> Have a look at the following: >> >> http://research.nokia.com/files/NRCTR2008010.pdf >> http://research.nokia.com/files/NRCTR2008007.pdf >> http://lwn.net/Articles/372937/ >> > SELinux, Smack, Capabilities, and IMA all use extended attributes. The > purpose of EVM is to detect offline tampering of these security extended > attributes. > > The IMA integrity appraisal extension extends IMA with local measurement > appraisal. The extension stores and maintains the file integrity > measurement as an extended attribute 'security.ima', which EVM can be > configured to protect. Instead of storing the hash measurement as an > extended attribute, the file hashes could be loaded in kernel memory, as > long as the appraise policy is appropriately constrained. > > Hi, Maemo integrity protection solution was based on old DigSig project which was used to verify integrity of executables. Signed integrity measurement was embedded to the ELF header. When we started to develop it EVM was not available. And we decided to use a file to keep hashes and other info. Our goals were 1. Protect also certain data files. digsig worked only with ELF files. 2. Be mobile friendly It seems faster to verify signature of one file with hashes instead of checking signature of every EA. 3. Persistant to offline attacks EA can be delete. If not all files has EA then it is not possible to detect removal 4. Do not use EA. IIRC it was some problems with EA on our system and we could not use them.. EVM looks very interesting and I would like also to review the code and understand the architecture. We consider possibility to use EVM if it is going to be in the kernel. - Dmitry Kasatkin Maemo/MeeGo security team > Mimi > > > -- > To unsubscribe from this list: send the line "unsubscribe linux-security-module" in > the body of a message to majordomo(a)vger.kernel.org > More majordomo info at http://vger.kernel.org/majordomo-info.html > -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo(a)vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/ |