http://kernsec.org/wiki/index.php?title=Linux_Security_Summit_2015/Abstracts/Manolov&feed=atom&action=historyLinux Security Summit 2015/Abstracts/Manolov - Revision history2024-03-28T11:54:58ZRevision history for this page on the wikiMediaWiki 1.36.1http://kernsec.org/wiki/index.php?title=Linux_Security_Summit_2015/Abstracts/Manolov&diff=3581&oldid=prevJamesMorris: Created page with "== Title == IMA/EVM: Real Applications for Embedded Networking Systems == Presenter == Petko Manolov, Konsulko Group, and Mark Baushke, Juniper Networks == Abstract == I..."2015-07-01T13:57:49Z<p>Created page with "== Title == IMA/EVM: Real Applications for Embedded Networking Systems == Presenter == Petko Manolov, Konsulko Group, and Mark Baushke, Juniper Networks == Abstract == I..."</p>
<p><b>New page</b></p><div>== Title ==<br />
<br />
IMA/EVM: Real Applications for Embedded Networking Systems<br />
<br />
== Presenter ==<br />
<br />
Petko Manolov, Konsulko Group, and Mark Baushke, Juniper Networks <br />
<br />
== Abstract ==<br />
<br />
I am working on a project that requires integration of Linux IMA in a large scale networking equipment.<br />
<br />
These are the basic ideas behind the talk:<br />
<br />
* Provide a way for a platform supplier to delegate a Certificate Authority or building and IMA/EVM signing software to a third-party.<br />
<br />
* The Kernel Keyring needs to be able to add new CAs or certificate chains to provide a root of trust for all software from platform<br />
and other third-parties.<br />
<br />
* There should be a method (OCSP or CRL) for being able to revoke a particular CA from the kernel keyring.<br />
<br />
We will discuss experiments performed on the Linux kernel with different kinds of X509 certificate hierarchies for<br />
the validation of software being run.</div>JamesMorris