Linux-audit Archive on lore.kernel.org
 help / color / Atom feed
* [RFC] Tamper Evident Logging on Linux Audit
@ 2020-08-27 16:25 Paccagnella, Riccardo
  2020-08-29 15:42 ` Paul Moore
  0 siblings, 1 reply; 2+ messages in thread
From: Paccagnella, Riccardo @ 2020-08-27 16:25 UTC (permalink / raw)
  To: linux-audit; +Cc: rgb, Dave (Jing) Tian, Liao, Kevin, Bates, Adam

[-- Attachment #1.1: Type: text/plain, Size: 766 bytes --]

Dear Linux Audit Team,
  My team and I would like to share with you some recent research results that we hope will be interesting to you. In a nutshell, we designed a kernel-based tamper-evident logging system and implemented a proof of concept of it on top of Linux Audit. Would you be interested in the possibility of incorporating our system in the upstream version of Linux Audit? We envision a small extension to Linux Audit that would allow users to enable integrity protection for the logs if desired. For reference, this<https://rp8.web.engr.illinois.edu/papers/kennyloggings-ccs2020.pdf> is our paper and this<https://bitbucket.org/sts-lab/kennyloggings/> is our proof-of-concept implementation.

Thanks very much in advance and best regards,
Riccardo

[-- Attachment #1.2: Type: text/html, Size: 1134 bytes --]

[-- Attachment #2: Type: text/plain, Size: 102 bytes --]

--
Linux-audit mailing list
Linux-audit@redhat.com
https://www.redhat.com/mailman/listinfo/linux-audit

^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: [RFC] Tamper Evident Logging on Linux Audit
  2020-08-27 16:25 [RFC] Tamper Evident Logging on Linux Audit Paccagnella, Riccardo
@ 2020-08-29 15:42 ` Paul Moore
  0 siblings, 0 replies; 2+ messages in thread
From: Paul Moore @ 2020-08-29 15:42 UTC (permalink / raw)
  To: Paccagnella, Riccardo
  Cc: rgb, Dave (Jing) Tian, Liao, Kevin, linux-audit, Bates, Adam

On Thu, Aug 27, 2020 at 12:25 PM Paccagnella, Riccardo <rp8@illinois.edu> wrote:
>
> Dear Linux Audit Team,
>   My team and I would like to share with you some recent research results that we hope will be interesting to you. In a nutshell, we designed a kernel-based tamper-evident logging system and implemented a proof of concept of it on top of Linux Audit. Would you be interested in the possibility of incorporating our system in the upstream version of Linux Audit? We envision a small extension to Linux Audit that would allow users to enable integrity protection for the logs if desired. For reference, this is our paper and this is our proof-of-concept implementation.
>
> Thanks very much in advance and best regards,
> Riccardo

Hi Riccardo,

Often it helps to discuss new features in the context of a patch
submission; it helps remove ambiguity and is an easy way to offer
feedback.  It would appear that you already have patches so I would
suggest you prepare those for posting on-list, complete with an
in-depth commit description, so we can discuss further.

If you are unfamiliar with submitting Linux kernel patches, the link
below may be helpful:

* https://www.kernel.org/doc/html/latest/process/submitting-patches.html

-- 
paul moore
www.paul-moore.com


--
Linux-audit mailing list
Linux-audit@redhat.com
https://www.redhat.com/mailman/listinfo/linux-audit


^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, back to index

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-08-27 16:25 [RFC] Tamper Evident Logging on Linux Audit Paccagnella, Riccardo
2020-08-29 15:42 ` Paul Moore

Linux-audit Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/linux-audit/0 linux-audit/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 linux-audit linux-audit/ https://lore.kernel.org/linux-audit \
		linux-audit@redhat.com
	public-inbox-index linux-audit

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/com.redhat.linux-audit


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git