Linux Security Summit 2012/Abstracts/Kasatkin
Upcoming Extensions to the Linux kernel Integrity Subsystem (IMA/EVM)
The talk will introduce new extensions to the IMA/EVM kernel integrity subsystem.
Extended verification module (EVM) has been integrated to Linux kernel since 3.2 and digital signature verification extension since 3.3.
Currently there is an effort going on to integrate IMA-appraisal extension, which allows local integrity appraisal based on hashes and digital signatures. IMA-appraisal extension protects the integrity of regular files, which is not enough to implement full integrity protection of the system. It is also necessary to protect integrity of directories and special files, such as symbolic links, device nodes, socket and pipes.
Directory integrity verification has already been implemented and available in my tree at git.kernel.org. I will submit patches for RFC shortly.
Patches for protecting integrity of special files are currently under development and expected to be ready before the summit.