From: zohar@linux.vnet.ibm.com (Mimi Zohar)
To: linux-security-module@vger.kernel.org
Subject: [PATCH v2] integrity: track mtime in addition to i_version for assessment
Date: Wed, 12 Jul 2017 13:56:50 -0400 [thread overview]
Message-ID: <1499882210.3426.47.camel@linux.vnet.ibm.com> (raw)
In-Reply-To: <20170712143504.GB31196@fieldses.org>
On Wed, 2017-07-12 at 10:35 -0400, Bruce Fields wrote:
> On Wed, Jul 12, 2017 at 08:20:21AM -0400, Mimi Zohar wrote:
> > Right, currently the only way of knowing is by looking at the IMA
> > measurement list to see if modified files are re-measured or, as you
> > said, by looking at the code.
>
> Who's actually using this, and do they do any kind of checks, or
> document the filesystem-specific limitations?
Knowing who is using it and how it is being used is the big question.
?I only hear about it when there are problems.
Over the years, there have been a number of Linux Security Summit
(LSS) talks, which have been mostly about embedded systems or locked
down systems, not so much for generic systems.
Examples include:
- Design and Implementation of a Security Architecture for Critical
Infrastructure Industrial Control Systems - David Safford, GE 2016
- IMA/EVM: Real Applications for Embedded Networking Systems - Petko
Manolov, Konsulko Group, and Mark Baushke, Juniper Networks 2015
-?CC3: An Identity Attested Linux Security Supervisor Architecture
?-?Greg Wettstein, IDfusion 2015
- The Linux Integrity Subsystem and TPM-based Network Endpoint
Assessment -?Andreas Steffen, HSR University of Applied Sciences
Rapperswil, Switzerland 2012
Mimi
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
next prev parent reply other threads:[~2017-07-12 17:56 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-07-07 14:05 [PATCH v2] integrity: track mtime in addition to i_version for assessment Jeff Layton
2017-07-07 16:57 ` Jeff Layton
2017-07-07 17:24 ` Mimi Zohar
2017-07-07 17:49 ` Jeff Layton
2017-07-07 19:59 ` Mimi Zohar
2017-07-07 20:35 ` Jeff Layton
2017-07-10 12:10 ` Mimi Zohar
2017-07-12 1:17 ` jlayton at redhat.com
2017-07-12 12:20 ` Mimi Zohar
2017-07-12 14:35 ` Bruce Fields
2017-07-12 17:56 ` Mimi Zohar [this message]
2017-07-19 21:23 ` Bruce Fields
2017-07-11 16:13 ` J. Bruce Fields
2017-07-11 18:47 ` Mimi Zohar
2017-07-12 0:30 ` jlayton at poochiereds.net
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1499882210.3426.47.camel@linux.vnet.ibm.com \
--to=zohar@linux.vnet.ibm.com \
--cc=linux-security-module@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).