[PATCH 0/4] integrity

From: Mimi Zohar
Date: Wed Nov 12 2008 - 22:48:48 EST


The Linux Integrity Module (LIM) Framework provides hooks
for modules to perform collection, appraisal, and storage
of system integrity measurements. One such module, IMA,
collects measurements of file data, maintains this list
in the kernel, and if available, stores (extends) the
measurements into a hardware TPM. These measurements are
collected, appraised, and stored before any access
(read or execute) to the data, so that malicious code or
data cannot remove or cover up its own measurement, to avoid
detection. If the measurements are anchored in a TPM, the
TPM can sign the measurements, for proof of integrity
to a third party, such as in enterprise client management.

Integrity measurement is complementary to LSM mandatory
access control, which can be used to protect the integrity
of system files. Integrity measurement policies can take
advantage of LSM labels in deciding what to measure and
to detect when the protection fails, with hardware strength.

This patch set addresses a couple of concerns raised on
the mailing list:

- Uses a radix tree to store integrity information
associated with an inode, instead of extending the
inode structure.
- Moves hooks out of vfs_permission and file_permission,
which are deprecated.
- Fixes the template list locking.
- Updates and clarifies the integrity_audit kernel
command line option.

Dave Safford
Mimi Zohar (4):
integrity: TPM internel kernel interface
integrity: Linux Integrity Module(LIM)
integrity: IMA as an integrity service provider
integrity: IMA radix tree
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/