On Wed, Jul 12, 2017 at 01:56:50PM -0400, Mimi Zohar wrote: > On Wed, 2017-07-12 at 10:35 -0400, Bruce Fields wrote: > > On Wed, Jul 12, 2017 at 08:20:21AM -0400, Mimi Zohar wrote: > > > Right, currently the only way of knowing is by looking at the IMA > > > measurement list to see if modified files are re-measured or, as you > > > said, by looking at the code. > > > > Who's actually using this, and do they do any kind of checks, or > > document the filesystem-specific limitations? > > Knowing who is using it and how it is being used is the big question. > I only hear about it when there are problems. > > Over the years, there have been a number of Linux Security Summit > (LSS) talks, which have been mostly about embedded systems or locked > down systems, not so much for generic systems. > > Examples include: Thanks, I skimmed a couple. Hard to tell, but it sounds like they need this to work. I wonder if they're getting this right. It'd be easy enough to test for. --b. > > - Design and Implementation of a Security Architecture for Critical > Infrastructure Industrial Control Systems - David Safford, GE 2016 > > - IMA/EVM: Real Applications for Embedded Networking Systems - Petko > Manolov, Konsulko Group, and Mark Baushke, Juniper Networks 2015 > > - CC3: An Identity Attested Linux Security Supervisor Architecture > - Greg Wettstein, IDfusion 2015 > > - The Linux Integrity Subsystem and TPM-based Network Endpoint > Assessment - Andreas Steffen, HSR University of Applied Sciences > Rapperswil, Switzerland 2012 > > Mimi
