Black Friday 2024: 25+ Ways to Save on Online Learning

Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

Linux Foundation

NFS Support for Linux Integrity Measurement Architecture

Linux Foundation via YouTube

Start learning Write review

Overview

Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!
Grab it
Explore a conference talk detailing the proposed extension of the NFS protocol to support the Linux Integrity Measurement Architecture (IMA). Delve into the design's strengths, limitations, and remaining challenges in implementing integrity measurement support for NFS. Learn about the complexities of extending protection from NFS servers to end users on NFS clients, enabling IMA-protected executable installation, and allowing different appraisal policies across NFS clients. Examine the technical considerations, including corruption detection methods, protocol support issues, and performance implications. Gain insights into the decision-making process for determining the effectiveness and completeness of the specified extension, as well as potential future developments such as IMA offload.

Syllabus

NFS Support for the Linux Integrity Measurement Architecture Chuck Lever, Oracle Corporation
NFS with Integrity Measurement
Some storage servers do not have a user execution environment (e.g., filers) Storage servers and clients may run different operating systems with different semantics • Filesystems on storage server may not support Linux-style extended attributes
Extend envelope of protection from NFS server to end users on NFS clients • Enable installation of IMA-protected executables from NFS clients Enable appraisal policy on an NFS client to be different than its peers or the policy on the NFS server
transport via NFS - Corruption of IMA metadata is detected when signature is verified - Corruption of file content is detected when it is appraised
supported by NFS protocol - NFSv4 ACLs are not the same as POSIX ACLS - NFS protocol would need to expose the list of protected attributes and FS UUID
How do we decide if the specified extension is effective complete? - When will prototype implementation be ready to merge upstream? • Is performance a consideration? • Is IMA offload an interesting use case?
Whine about legacy technologies! - Kerberized NFS, NFSv4 ID mapping and ACLS Throw tomatoes at new topics! - NFS support for capabilities and other LSM
LINUX SECURITY SUMMIT

Taught by

Linux Foundation

Tags

Reviews

Start your review of NFS Support for Linux Integrity Measurement Architecture

Start learning

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Sign up for free
Someone learning on their laptop while sitting on the floor.