An Overview of the Linux Integrity Subsystem: Use Cases and Demonstration
David Safford and Mimi Zohar, IBM
The first component of the Linux Integrity Subsystem, the Integrity Measurement Architecture (IMA), was introduced in kernel 2.6.30. Since then, additional components, including Trusted and Encrypted Keys, Ecryptfs patches for Encrypted Keys, IMA-Appraisal, Extended Verification Module (EVM), Digital Signatures for IMA-Appraisal and for EVM, and patches for Qemu to extend the model into KVM guests have been developed. One problem with all of the new components is understanding exactly what the overall subsystem is supposed to accomplish. What do all of these components do, not do, and why should I care?
This talk will concentrate on use cases for the overall architecture, including demonstrations of key capabilities.