The Digest_cache LSM - Enhancing File Access Security and Performance

Explore a 31-minute conference talk on the Digest_cache LSM presented by Roberto Sassu from Huawei Technologies Duesseldorf GmbH. Delve into the importance of verifying file access for system integrity and the challenges of delivering reference digest values. Learn about the digest_cache LSM, a standalone component that bridges the gap between producers and consumers of reference values without requiring data format changes. Discover its advantages over previous proposals like IMA Digest Lists, including on-demand provision of reference digest values, improved IMA performance, and support for unloading and reloading references. Examine the TLV-based and RPM parsers, formally verified with Frama-C, and explore the potential for extending the system with additional parsers. Gain insights into its early boot operation capabilities and support for deterministic data source reading, enabling secure TPM key usage.