IMA as a standalone service
The following paras are from the linux mailing list which is a mail sent by ibm ima team. They are working out this userspace ima thingy. I am still not satisfied. Mr. TAT can you plz verify it? I can email u the patches and the related mails as well.
This is a request for comments for a subset of the original integrity
patches. By submitting this subset of the original patches, we hope to
simplify its review and ultimately ease its inclusion into the kernel.
For this reason, neither EVM nor SLIM are included in this patchset.
This patchset contains: Linux Integrity Module(LIM), Integrity
Measurement Architecture (IMA), and patches to the TPM driver. The LIM
patch defines 3 integrity API calls, 7 integrity hooks, placement of
the hooks, and a dummy integrity service provider. There are very minor
changes from the previous release. The IMA patch is now an independent
integrity service provider, which provides support for a subset of the
integrity API calls.IBAC, a sample LSM module, which helps clarify the interaction between
LSM and LIM modules, will be posted separately to the LSM mailing list.
In addition, we are working on an SELinux integrity patch to take
advantage of the integrity services, in a similar way to the IBAC
example.Patch 1/3 integrity: Linux Integrity Module (LIM)
Patch 2/3 integrity: IMA as a stand alone integrity service provider
Patch 3/3 integrity: TPM internal kernel interface
11 Comments to IMA as a standalone service
Leave a comment
Search
Recent Comments
- Khushal Khan on Dynamic Behavioral Attestation for Mobile Platforms
- Dynamic Behavioral Attestation for Mobile Platforms - Project « recluze on DBAMP
- shazkhan on Backing up OpenMoko FR before bricking it and getting your custom kernel and rootfs onto it …
- shazkhan on Getting Java on Openmoko
- shazkhan on A Standardized .bib File
Archives
- January 2009 (1)
- December 2008 (1)
- November 2008 (7)
- October 2008 (4)
- September 2008 (2)
- August 2008 (4)
- July 2008 (1)
- June 2008 (5)
- January 2008 (5)
- December 2007 (5)
- November 2007 (5)
- October 2007 (3)
- September 2007 (6)
- August 2007 (14)
- July 2007 (25)
- June 2007 (24)
- May 2007 (33)
- April 2007 (70)
Categories
- Achievements (7)
- Announcements (17)
- Blogroll (1)
- Conferences (11)
- Formal Methods (8)
- Ideas (11)
- Isabelle (6)
- Linux (18)
- News (28)
- Publications (1)
- Resources (31)
- SELinux (10)
- Trusted Computing (11)
- Uncategorized (106)
I am not sure what they are doing with such huge amount of code but they are probably using the same technique which mr mma tried out earlier (file_mmap()). Definitely there are some additions.
Mr mma have u written any formal or informal thingy on this work of urs? I would like to have it for my paper purposes and might need to refference it.
its quite interesting field bcoz only ibm guys are working in this area with linux… so they are changing things from one format to another and they mix 2 or 3 things and make a new thing… Thats true that ima needs to be at the user space but hope this effort makes it so… i need some letrature as well on these topics… if u have these patches then send me or send me the url so that i do it myself…
Its quite interesting to hear this. But this development is not new for me, As I know that SElinux and IBM community is working on this idea from some time.
I already posted my results on the group. Lets talk on this issue tomorrow inshAllah
Best,
MM Alam
Mr tat did u go through those patches that we forwarded to u today? Let me know about ur analysis because i am double minded regarding ima and direct api usage of trousers.
mr mma we had a mismanagement in meeting today so was’nt able discuss this issue with u. I will try my luck on messengers!
Mr mma as i have already asked for ur previous work that u presented at the selinux symposium regarding ima + selinux. I would like to have a copy of it. if u have not formally written anything on it plz give me ur drafts or rough work. I would like to pursue it further.
Actually, that was not my work, and I have not presented that work!. That was presented by Xinwen.
Shall i send my copy to you by mail
Work on ima as a service is being discussed on the Linux mailing lists. Mr tat u should have a look at it. I cannot forward all the mails so we better have a short meeting if u r interested in it. Maybe the others get together also for the past agenda regarding tutorial sessions.
We should also be getting in touch with ibm watson guys if we have to go ahead with their remote attestaion module.
I am waiting!
mr tat i am waiting for ur expert opinion on this topic. plz shed some light on it so that i take it as my start.
The mm patch is andrew mortens more experimental kernels. Its in his own subdirectory in kernel.org. For mr tat.