Re: [RFC] IMA Log Snapshotting Design Proposal - network bandwidth

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 





On 8/1/2023 3:12 PM, Sush Shringarputale wrote:
In addition, a large IMA log can add pressure on the network bandwidth when
the attestation client sends it to remote-attestation-service.

I would not worry too much about network bandwidth.

1. Every solution eventually realizes that sending the entire log each time hurts performance. The verifier will ask the attestor, "give me everything since record n", and the number of new entries approaches zero.

2. My benchmarks show that

On the client, the TPM quote time swamps everything else.
On the server, verifying the IMA entry signatures swamps everything else.

The network transfer time is negligible.



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux Kernel]     [Linux Kernel Hardening]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux SCSI]

  Powered by Linux