Overview
Syllabus
Intro
Remote Attestation - Problem
Background - Explicit RA
Simple RA Protocol with Implicit RA
Mutable Files in the IMA Measurement List
Alternative Solution for Evaluation of Mutable Fles
Unknown Impact of Process Actions without MAC
Protect Mutable Files with Mandatory Access Control
Integrity Models - Biba vs Clark-Wison
PRIMA Overview and Drawbacks
Our Proposal to Simplify and Complete PRIMA
Reduce TCB size
Detect Malicious Updates of Mutable Fles
Exclude Mutable Files from Measurement
Chained Integrity Verification across Reboots
Implicit RA-Verification Options
Infollow LSM Implementation - Setup Phase
Infoflow LSM Implementation - Deployment Phase
Source Code
Conclusions
Taught by
Linux Foundation