Linux Security Summit 2015/Abstracts/Manolov

From Linux Kernel Security Subsystem
Revision as of 13:57, 1 July 2015 by JamesMorris (talk | contribs) (Created page with "== Title == IMA/EVM: Real Applications for Embedded Networking Systems == Presenter == Petko Manolov, Konsulko Group, and Mark Baushke, Juniper Networks == Abstract == I...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

Title

IMA/EVM: Real Applications for Embedded Networking Systems

Presenter

Petko Manolov, Konsulko Group, and Mark Baushke, Juniper Networks

Abstract

I am working on a project that requires integration of Linux IMA in a large scale networking equipment.

These are the basic ideas behind the talk:

  • Provide a way for a platform supplier to delegate a Certificate Authority or building and IMA/EVM signing software to a third-party.
  • The Kernel Keyring needs to be able to add new CAs or certificate chains to provide a root of trust for all software from platform

and other third-parties.

  • There should be a method (OCSP or CRL) for being able to revoke a particular CA from the kernel keyring.

We will discuss experiments performed on the Linux kernel with different kinds of X509 certificate hierarchies for the validation of software being run.

Retrieved from "http://kernsec.org/wiki/index.php?title=Linux_Security_Summit_2015/Abstracts/Manolov&oldid=3581"