Completed
NFS Support for the Linux Integrity Measurement Architecture Chuck Lever, Oracle Corporation
Class Central Classrooms beta
YouTube videos curated by Class Central.
Classroom Contents
NFS Support for Linux Integrity Measurement Architecture
Automatically move to the next video in the Classroom when playback concludes
- 1 NFS Support for the Linux Integrity Measurement Architecture Chuck Lever, Oracle Corporation
- 2 NFS with Integrity Measurement
- 3 Some storage servers do not have a user execution environment (e.g., filers) Storage servers and clients may run different operating systems with different semantics • Filesystems on storage server m…
- 4 Extend envelope of protection from NFS server to end users on NFS clients • Enable installation of IMA-protected executables from NFS clients Enable appraisal policy on an NFS client to be different …
- 5 transport via NFS - Corruption of IMA metadata is detected when signature is verified - Corruption of file content is detected when it is appraised
- 6 supported by NFS protocol - NFSv4 ACLs are not the same as POSIX ACLS - NFS protocol would need to expose the list of protected attributes and FS UUID
- 7 How do we decide if the specified extension is effective complete? - When will prototype implementation be ready to merge upstream? • Is performance a consideration? • Is IMA offload an interesting u…
- 8 Whine about legacy technologies! - Kerberized NFS, NFSv4 ID mapping and ACLS Throw tomatoes at new topics! - NFS support for capabilities and other LSM
- 9 LINUX SECURITY SUMMIT
