On Thu, 2011-05-19 at 21:07 -0400, Mimi Zohar wrote: > On Fri, 2011-05-20 at 10:51 +1000, James Morris wrote: > > On Wed, 18 May 2011, Mimi Zohar wrote: > > > > > > Once we have a better understanding of what the feature does and why it > > > > does it and how it interfaces with the user, we can start looking at > > > > the implementation. > > > > > > Much appreciated! > > > > What is the status of potential users of the feature? > > > > I recall that MeeGo were planning to use EVM, but they've since changed > > their security plans. Do they still plan to use it? Are any other users > > committing to use EVM? > > > > Also -- this was raised some time back, but I can't find the discussion -- > > what does IMA/EVM provide over disk encryption as a protection against > > offline attacks? > > > > - James > > Dave Safford's whitepaper discusses this. > http://downloads.sf.net/project/linux-ima/linux-ima/Integrity_overview.pdf > > Mimi The short answer is that encryption provides confidentiality, but does not provide integrity, authenticity, or immutability. The easiest way to think about it is to consider a one time pad, which provides perfect confidentiality, but is trivially bit-twiddled. Yes, AES is better in this respect, and encrypted file systems can combine integrity (as long as you encrypt-then-authenticate), but usually they don't. If you want policy driven integrity, authenticity, and immutability, (and we have two IBM customers wanting them this year), then you want the combination IMA, IMA-Appraisal, EVM, and Dmitry's digital signature extensions. dave -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
