Re: [RFC V2] IMA Log Snapshotting Design Proposal

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 10/19/2023 2:49 PM, Tushar Sugandhi wrote:
   f. A new event, "snapshot_aggregate", will be computed and measured
        in the IMA log as part of this feature.  It should help the
        remote-attestation client/service to benefit from the IMA log
        snapshot feature.
        The "snapshot_aggregate" event is described in more details in
        section "D.1 Snapshot Aggregate Event" below.

What is the use case for the snapshot aggregate?  My thinking is:

1. The platform must retain the entire measurement list. Early measurements can never be discarded because a new quote verifier
must receive the entire log starting at the first measurement.

In this case, isn't the snapshot aggregate redundant?

2. There is a disadvantage to redundant data. The verifier must support this new event type. It receives this event and must validate the aggregate against the snapshot-ed events. This is an attack surface. The attacker can send an aggregate and snapshot-ed measurements that do not match to exploit a flaw in the verifier.



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux Kernel]     [Linux Kernel Hardening]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux SCSI]

  Powered by Linux