Re: IMA appraisal master plan?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Subject: Re: IMA appraisal master plan?
From: James Morris <james.l.morris@xxxxxxxxxx>
Date: Mon, 20 Nov 2017 07:47:55 +1100 (AEDT)
Cc: Mimi Zohar <zohar@xxxxxxxxxxxxxxxxxx>, Matthew Garrett <mjg59@xxxxxxxxxx>, Patrick Ohly <patrick.ohly@xxxxxxxxx>, linux-integrity <linux-integrity@xxxxxxxxxxxxxxx>, linux-security-module <linux-security-module@xxxxxxxxxxxxxxx>, Silviu Vlasceanu <silviu.vlasceanu@xxxxxxxxxx>
In-reply-to: <a88aff89-1e75-9019-4394-640f5fb318da@huawei.com>
User-agent: Alpine 2.20 (LFD 67 2015-01-07)

On Fri, 17 Nov 2017, Roberto Sassu wrote:

> LSMs are responsible to enforce a security policy at run-time, while
> IMA/EVM protect data and metadata against offline attacks.

In my view, IMA can also protect against making an online attack 
persistent across boots, and that would be the most compelling use of it 
for many general purpose applications.

-- 
James Morris
<james.l.morris@xxxxxxxxxx>

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Follow-Ups:
- Re: IMA appraisal master plan?
  - From: Patrick Ohly

References:
- [PATCH V6] EVM: Add support for portable signature format
  - From: Matthew Garrett
- IMA appraisal master plan? (was: Re: [PATCH V6] EVM: Add support for portable signature format)
  - From: Patrick Ohly
- Re: IMA appraisal master plan? (was: Re: [PATCH V6] EVM: Add support for portable signature format)
  - From: Matthew Garrett
- Re: IMA appraisal master plan? (was: Re: [PATCH V6] EVM: Add support for portable signature format)
  - From: Patrick Ohly
- Re: IMA appraisal master plan? (was: Re: [PATCH V6] EVM: Add support for portable signature format)
  - From: James Morris
- Re: IMA appraisal master plan? (was: Re: [PATCH V6] EVM: Add support for portable signature format)
  - From: Matthew Garrett
- Re: IMA appraisal master plan? (was: Re: [PATCH V6] EVM: Add support for portable signature format)
  - From: Mimi Zohar
- Re: IMA appraisal master plan?
  - From: Roberto Sassu
- Re: IMA appraisal master plan?
  - From: Mimi Zohar
- Re: IMA appraisal master plan?
  - From: Roberto Sassu

Prev by Date: Re: [RFC PATCH] tpm: don't return -EINVAL if TPM command validation fails
Next by Date: [GIT PULL] security subsystem: IMA bugfix
Previous by thread: Re: IMA appraisal master plan?
Next by thread: Re: IMA appraisal master plan?
Index(es):
- Date
- Thread

[Index of Archives] [Linux Kernel] [Linux Kernel Hardening] [Linux NFS] [Linux NILFS] [Linux USB Devel] [Video for Linux] [Linux Audio Users] [Yosemite News] [Linux SCSI]