Hi, Given the LSM performance results on lmbench that were posted, I thought that this might be interesting. We have been working on tools for verifying the placement of LSM hooks (that I spoke of at the USENIX Security BoF, and will be reporting on shortly), and we found that less than 20% of the LSM security hooks are actually invoked by lmbench. Therefore, lmbench is not a suitable benchmark for hook placement verification (i.e., do the hooks protect the dangerous operations in the kernel properly). We also tried the SAINT vulnerability checking tool and found only a slightly greater coverage. For the time being we have pushed the coverage benchmark problem on the stack. If any of you have any ideas, we would appreciate them. Regards, Trent. ---------------------------------- Trent Jaeger IBM T.J. Watson Research Center 30 Saw Mill River Road Hawthorne, NY 10532 jaegertat_private (914) 784-7225, FAX (914) 784-7595 _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Wed Oct 31 2001 - 07:42:31 PST