Enforcing Runtime Integrity with Maat

Explore Maat, an open-source framework for runtime integrity measurement and appraisal in Linux systems, through this 34-minute conference talk by Jonathan Myers and Andrew Guinn from Johns Hopkins University Applied Physics Laboratory. Learn about the importance of continuous integrity checks throughout a system's lifecycle, addressing the limitations of existing tools that focus solely on kernel boot and module loading. Discover how Maat detects and protects against unauthorized modifications and malware infections after system startup, making it suitable for critical Linux systems and general-purpose use on desktop or server machines. Delve into the goals and challenges of runtime integrity measurement, including multi-layered assessment of hypervisors, operating systems, and userspace. Understand the complexities of performing trustworthy measurements on potentially compromised systems, examine Maat's design principles, and explore practical use cases enabled by this innovative tool.