IMA appraisal master plan?
James Morris
james.l.morris at oracle.com
Tue Nov 21 10:05:19 UTC 2017
On Mon, 20 Nov 2017, Mimi Zohar wrote:
> On Mon, 2017-11-20 at 11:20 +0100, Patrick Ohly wrote:
> > On Mon, 2017-11-20 at 07:47 +1100, James Morris wrote:
> > > On Fri, 17 Nov 2017, Roberto Sassu wrote:
> > >
> > > > LSMs are responsible to enforce a security policy at run-time,
> > > > while IMA/EVM protect data and metadata against offline attacks.
> > >
> > > In my view, IMA can also protect against making an online attack
> > > persistent across boots, and that would be the most compelling use of
> > > it for many general purpose applications.
> >
> > I do not quite buy that interpretation. If the online attack succeeds
> > in bypassing the run-time checks, for example with a full root exploit,
> > then he has pretty much the same capabilities to make persistent file
> > changes as during an offline attack.
>
> In the face of a full root exploit, there is not much that one can do,
> "other" than to detect it. This is why remote attestation is so
> important.
Right, although the consensus seems to be that RA is essential rather than
simply important.
--
James Morris
<james.l.morris at oracle.com>
More information about the Linux-security-module-archive
mailing list