LSM performance measurement

LSM performance measurement

[Dmitry Kasatkin]

Hi,

Could anybody suggest a good approach/test suite to measure LSMs
runtime overheads?

-- 
Thanks,
Dmitry

Re: LSM performance measurement

[Casey Schaufler]

On 7/6/2022 8:22 AM, Dmitry Kasatkin wrote:
> Hi,
>
> Could anybody suggest a good approach/test suite to measure LSMs
> runtime overheads?

I have used LMbench, ltp and kernel builds when checking the
overhead on the LSM stacking work. I have also tried timing the
SELinux, audit and Smack testsuites, but they all have built in
delays that make performance numbers questionable. Be sure to
include network throughput and latency measurements if you're
looking at SELinux and/or Smack. Also be sure that you have
meaningful policy loaded, that you're consistent with how IMA
is used, and that you know how your audit limits are configured.

Re: LSM performance measurement

[Igor Zhbanov]

Hi Dmitry,

On 06.07.2022 18:22, Dmitry Kasatkin wrote:
> Could anybody suggest a good approach/test suite to measure LSMs
> runtime overheads?

There are a couple of old articles on the same subject.
So, you can get some ideas from there:
- Evaluation of Performance of Secure OS Using Performance Evaluation
  Mechanism of LSM-Based LSMPMON
  http://www.swlab.cs.okayama-u.ac.jp/~yamauchi/research/sectech2010_yamamoto.pdf
- Analyzing the Overhead of Filesystem Protection Using Linux Security Modules
  https://arxiv.org/pdf/2101.11611

Re: LSM performance measurement

[Dmitry Kasatkin]

Hi Casey,

Thanks. Those certainly sound familiar..
Will have a look.

-Dmitry

On Wed, Jul 6, 2022 at 6:39 PM Casey Schaufler <casey@schaufler-ca.com> wrote:
>
> On 7/6/2022 8:22 AM, Dmitry Kasatkin wrote:
> > Hi,
> >
> > Could anybody suggest a good approach/test suite to measure LSMs
> > runtime overheads?
>
> I have used LMbench, ltp and kernel builds when checking the
> overhead on the LSM stacking work. I have also tried timing the
> SELinux, audit and Smack testsuites, but they all have built in
> delays that make performance numbers questionable. Be sure to
> include network throughput and latency measurements if you're
> looking at SELinux and/or Smack. Also be sure that you have
> meaningful policy loaded, that you're consistent with how IMA
> is used, and that you know how your audit limits are configured.
>


-- 
Thanks,
Dmitry

Re: LSM performance measurement

[Dmitry Kasatkin]

On Wed, Jul 6, 2022 at 6:47 PM Igor Zhbanov <izh1979@gmail.com> wrote:
>
> Hi Dmitry,
>
> On 06.07.2022 18:22, Dmitry Kasatkin wrote:
> > Could anybody suggest a good approach/test suite to measure LSMs
> > runtime overheads?
>
> There are a couple of old articles on the same subject.
> So, you can get some ideas from there:
> - Evaluation of Performance of Secure OS Using Performance Evaluation
>   Mechanism of LSM-Based LSMPMON
>   http://www.swlab.cs.okayama-u.ac.jp/~yamauchi/research/sectech2010_yamamoto.pdf
> - Analyzing the Overhead of Filesystem Protection Using Linux Security Modules
>   https://arxiv.org/pdf/2101.11611
>

Hello,

Thanks. Google also gave me that second article.
Seems to be useful to read.


-- 
Thanks,
Dmitry