http://kernsec.org/wiki/index.php?action=history&feed=atom&title=Linux_Security_Summit_2014%2FAbstracts%2FSaffordLinux Security Summit 2014/Abstracts/Safford - Revision history2026-04-29T09:56:16ZRevision history for this page on the wikiMediaWiki 1.36.1http://kernsec.org/wiki/index.php?title=Linux_Security_Summit_2014/Abstracts/Safford&diff=3508&oldid=prevJamesMorris: New page: == Title == Extending the Linux Integrity Subsystem for TCB Protection == Presenter == David Safford & Mimi Zohar, IBM == Abstract == The Linux Integrity Subsystem currently provides...2014-07-15T16:19:40Z<p>New page: == Title == Extending the Linux Integrity Subsystem for TCB Protection == Presenter == David Safford & Mimi Zohar, IBM == Abstract == The Linux Integrity Subsystem currently provides...</p>
<p><b>New page</b></p><div>== Title ==<br />
<br />
Extending the Linux Integrity Subsystem for TCB Protection<br />
<br />
== Presenter ==<br />
<br />
David Safford & Mimi Zohar, IBM<br />
<br />
== Abstract ==<br />
<br />
<br />
The Linux Integrity Subsystem currently provides basic file integrity <br />
measurement, attestation, and appraisal, combining both the trusted <br />
computing model based on hashes, and the secure computing model based <br />
on signatures. It has, however, limitations in its ability to protect<br />
all TCB files. For example, the appraisal policy cannot distinguish<br />
TCB regular files which are read and executed by an interpreter from <br />
files which are simply read. In addition, while IMA-appraisal-digsig <br />
provides some immutability for signed files, a root privileged attacker<br />
can (in some cases) simply delete and replace the file with an unsigned <br />
one. To overcome these limitations, we have extended IMA with a policy <br />
based locking that integrates a concept similar to BSD immutable files<br />
with the full power of the IMA policy language.<br />
<br />
The first part of the talk will describe the use of IMA audit data to <br />
determine which files are in the Fedora 20 desktop TCB, and show how <br />
the existing IMA is unable to distinguish and lock some of these files <br />
adequately. We will then detail the new extensions, and show how these <br />
extensions are able to protect the TCB. We will then demonstrate the <br />
overall subsystem in action, including package installation and update.<br />
<br />
As a bonus, we will show how to build a complementary multifunction usb <br />
hardware token for the truly paranoid. It combines the functionality of <br />
a TPM (for anchoring IMA attestation on systems with no TPM), of a <br />
signature authority (for signing all TCB files locally with _your_ key), <br />
and an authentication token (for remote access like ssh). The RSA private <br />
keys are generated on token, and never leave the token. <br />
(Some soldering required :-)</div>JamesMorris