Linux Security Summit 2015/Abstracts/Manolov

From Linux Kernel Security Subsystem
Revision as of 13:57, 1 July 2015 by JamesMorris (talk | contribs) (Created page with "== Title == IMA/EVM: Real Applications for Embedded Networking Systems == Presenter == Petko Manolov, Konsulko Group, and Mark Baushke, Juniper Networks == Abstract == I...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Title

IMA/EVM: Real Applications for Embedded Networking Systems

Presenter

Petko Manolov, Konsulko Group, and Mark Baushke, Juniper Networks

Abstract

I am working on a project that requires integration of Linux IMA in a large scale networking equipment.

These are the basic ideas behind the talk:

  • Provide a way for a platform supplier to delegate a Certificate Authority or building and IMA/EVM signing software to a third-party.
  • The Kernel Keyring needs to be able to add new CAs or certificate chains to provide a root of trust for all software from platform

and other third-parties.

  • There should be a method (OCSP or CRL) for being able to revoke a particular CA from the kernel keyring.

We will discuss experiments performed on the Linux kernel with different kinds of X509 certificate hierarchies for the validation of software being run.