From: Mimi Zohar <zohar@linux.vnet.ibm.com>
To: Bruce Fields <bfields@fieldses.org>
Cc: jlayton@redhat.com, Jeff Layton <jlayton@kernel.org>,
"Serge E. Hallyn" <serge@hallyn.com>,
Dmitry Kasatkin <dmitry.kasatkin@gmail.com>,
linux-kernel@vger.kernel.org,
linux-security-module@vger.kernel.org,
linux-fsdevel <linux-fsdevel@vger.kernel.org>
Subject: Re: [PATCH v2] integrity: track mtime in addition to i_version for assessment
Date: Wed, 12 Jul 2017 13:56:50 -0400 [thread overview]
Message-ID: <1499882210.3426.47.camel@linux.vnet.ibm.com> (raw)
In-Reply-To: <20170712143504.GB31196@fieldses.org>
On Wed, 2017-07-12 at 10:35 -0400, Bruce Fields wrote:
> On Wed, Jul 12, 2017 at 08:20:21AM -0400, Mimi Zohar wrote:
> > Right, currently the only way of knowing is by looking at the IMA
> > measurement list to see if modified files are re-measured or, as you
> > said, by looking at the code.
>
> Who's actually using this, and do they do any kind of checks, or
> document the filesystem-specific limitations?
Knowing who is using it and how it is being used is the big question.
I only hear about it when there are problems.
Over the years, there have been a number of Linux Security Summit
(LSS) talks, which have been mostly about embedded systems or locked
down systems, not so much for generic systems.
Examples include:
- Design and Implementation of a Security Architecture for Critical
Infrastructure Industrial Control Systems - David Safford, GE 2016
- IMA/EVM: Real Applications for Embedded Networking Systems - Petko
Manolov, Konsulko Group, and Mark Baushke, Juniper Networks 2015
- CC3: An Identity Attested Linux Security Supervisor Architecture
- Greg Wettstein, IDfusion 2015
- The Linux Integrity Subsystem and TPM-based Network Endpoint
Assessment - Andreas Steffen, HSR University of Applied Sciences
Rapperswil, Switzerland 2012
Mimi
next prev parent reply other threads:[~2017-07-12 17:56 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-07-07 14:05 [PATCH v2] integrity: track mtime in addition to i_version for assessment Jeff Layton
2017-07-07 16:57 ` Jeff Layton
2017-07-07 17:24 ` Mimi Zohar
2017-07-07 17:49 ` Jeff Layton
2017-07-07 19:59 ` Mimi Zohar
2017-07-07 20:35 ` Jeff Layton
2017-07-10 12:10 ` Mimi Zohar
2017-07-12 1:17 ` jlayton
2017-07-12 12:20 ` Mimi Zohar
2017-07-12 14:35 ` Bruce Fields
2017-07-12 17:56 ` Mimi Zohar [this message]
2017-07-19 21:23 ` Bruce Fields
2017-07-11 16:13 ` J. Bruce Fields
2017-07-11 18:47 ` Mimi Zohar
2017-07-12 0:30 ` jlayton
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1499882210.3426.47.camel@linux.vnet.ibm.com \
--to=zohar@linux.vnet.ibm.com \
--cc=bfields@fieldses.org \
--cc=dmitry.kasatkin@gmail.com \
--cc=jlayton@kernel.org \
--cc=jlayton@redhat.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=serge@hallyn.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).