From: Roberto Sassu <roberto.sassu@huawei.com>
To: <linux-integrity@vger.kernel.org>
Cc: Roberto Sassu <roberto.sassu@huawei.com>
Subject: [RFC][PATCH 0/2] ima: preserve integrity of dynamic data
Date: Fri, 20 Oct 2017 17:41:36 +0200 [thread overview]
Message-ID: <20171020154138.23635-1-roberto.sassu@huawei.com> (raw)
One of the most challenging tasks for remote attestation is how to
handle the measurement of dynamic data (mutable files). When the default
policy is selected, IMA measures files accessed by root processes (TCB).
However, if a file was previously modified by another process, the digest
included in the new measurement list is unknown, and verifiers must assume,
during a remote attestation, that the system was compromised, because they
don't know if that file was written by a process in the TCB or not.
The goal of this patch set is to enforce an integrity policy on appraised
files, to avoid reporting measurements of dynamic data after they have been
modified. Only the initial state should be reported (e.g. the file
signature, or a digest list).
In order to properly enforce an integrity policy, it is necessary to
specify in the IMA policy process credentials rather than file attributes.
For example, the rule:
appraise fowner=0
could be replaced with:
appraise uid=0
appraise euid=0
This patch set has been developed on top of linux-integrity/next
(commit 9785a867) and https://patchwork.kernel.org/patch/10013185/
(ima: Store measurement after appraisal).
Roberto Sassu (2):
ima: preserve the integrity of appraised files
ima: don't measure files in the TCB if Biba strict policy is enforced
Documentation/admin-guide/kernel-parameters.txt | 4 ++
security/integrity/ima/ima.h | 23 ++++++++++
security/integrity/ima/ima_appraise.c | 61 +++++++++++++++++++++++++
security/integrity/ima/ima_main.c | 40 ++++++++++++----
4 files changed, 118 insertions(+), 10 deletions(-)
--
2.11.0
next reply other threads:[~2017-10-20 15:42 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-10-20 15:41 Roberto Sassu [this message]
2017-10-20 15:41 ` [RFC][PATCH 1/2] ima: preserve the integrity of appraised files Roberto Sassu
2017-10-23 11:46 ` Mimi Zohar
2017-10-23 11:46 ` Mimi Zohar
2017-10-23 13:41 ` Roberto Sassu
2017-10-23 13:41 ` Roberto Sassu
2017-10-23 20:30 ` Mimi Zohar
2017-10-23 20:30 ` Mimi Zohar
2017-10-24 10:07 ` Roberto Sassu
2017-10-24 10:07 ` Roberto Sassu
2017-10-20 15:41 ` [RFC][PATCH 2/2] ima: don't measure files in the TCB if Biba strict policy is enforced Roberto Sassu
2017-10-23 20:40 ` Mimi Zohar
2017-10-24 12:38 ` Roberto Sassu
2017-10-23 11:01 ` [RFC][PATCH 0/2] ima: preserve integrity of dynamic data Mimi Zohar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20171020154138.23635-1-roberto.sassu@huawei.com \
--to=roberto.sassu@huawei.com \
--cc=linux-integrity@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.