Re: [PATCH 2 of 4] ima: related Makefile compile order change and Readme

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi!

> +Limitations: IMA does not detect corruption of software once it is
> +loaded into main memory. Instead, it indicates known vulnerabilities
> +in such software (e.g., buffer overflow) by securely identifying the
> +software at load-time. Only executable files (binaries, libraries,
> +kernel modules) are measured by default. However, IMA offers a
> +sysfs-interface that allows applications to instruct the kernel to
> +measure files that they have opened.

What is it good for, then? So I have to put my backdoor into script,
not into an executable...

> +Some of our work shows that IMA is very useful to detect Rootkit
> +exploits that totally take over the software of a Linux system but
> +cannot hide themselves from contributing to the TPM aggregate and this
> +will be detectable from a non-corrupted platform. While the corrupted
> +system might not show the Rootkit, a remote party can securely
> +identify known bad or unknown software having been loaded into the
> +system.

How does it work? It is corrupted software, not your TPM chip that is
talking over network.... Do you sign the measurements inside TPM chip?

								Pavel
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]
  Powered by Linux