Linux Security Summit 2015/Abstracts/Manolov

From Linux Kernel Security Subsystem
Jump to: navigation, search

Title

IMA/EVM: Real Applications for Embedded Networking Systems

Presenter

Petko Manolov, Konsulko Group, and Mark Baushke, Juniper Networks

Abstract

I am working on a project that requires integration of Linux IMA in a large scale networking equipment.

These are the basic ideas behind the talk:

  • Provide a way for a platform supplier to delegate a Certificate Authority or building and IMA/EVM signing software to a third-party.
  • The Kernel Keyring needs to be able to add new CAs or certificate chains to provide a root of trust for all software from platform

and other third-parties.

  • There should be a method (OCSP or CRL) for being able to revoke a particular CA from the kernel keyring.

We will discuss experiments performed on the Linux kernel with different kinds of X509 certificate hierarchies for the validation of software being run.

Personal tools
Namespaces

Variants
Actions
Navigation
Tools