The Bear/Enforcer Project Dartmouth College http://enforcer.sourceforge.net http://www.cs.dartmouth.edu/~sws/abstracts/msmw03.shtml How can you verify that a remote computer is the "real thing, doing the right thing?" High-end secure coprocessors are expensive and computationally limited; lower-end desktop enhancements like TCPA and the former Palladium have been mainly limited to Windows and proprietary development. In contrast, this code is part of our ongoing effort to use open source and TCPA to turn ordinary computers into "virtual" secure coprocessors---more powerful but less secure than their high-assurance cousins. Our current alpha release includes the Linux Enforcer Module, a TCPA enabled LILO, and a user-level TCPA library. All source is available from the SourceForge site. The Linux Enforcer Module is a Linux Security Module designed to help improve integrity of a computer running Linux. The Enforcer provides a subset of Tripwire-like functionality. It runs continuously and as each protected file is opened its SHA1 is calculated and compared to a previously stored value. The Enforcer is designed to integrate with TCPA hardware to provide a secure boot when booted with a TCPA enabled boot loader. TCPA hardware can protect secrets and other sensitive data (for example, the secrets for an encrypted loopback file system) and bind those secrets to specific software. When the Enforcer detects a modified file it can, on a per-file basis, do any combination of the following: deny access to that file, write an entry in the system log, panic the system, or lock the TCPA hardware. If the TCPA hardware is locked then a reboot with a un-hacked system is required to obtain access to the protected secret. We developed our own TCPA support library concurrently with, but independently from, IBM's recently announced TCPA code. Our library was an initial component of the Enforcer project. However, our in-kernel TCPA support and the enforcer-seal tool are derived from IBM's TCPA code because of its ease of adaptation for in-kernel use. We plan to use our more complete library for user-level applications. (IBM's TCPA code and documentation is available from <http://www.research.ibm.com/gsal/tcpa/>.) For more information on our project, see Dartmouth College Technical Report TR2003-471 available from <http://www.cs.dartmouth.edu/~sws/abstracts/msmw03.shtml> Or contact Omen Wild at the Dartmouth PKI Lab: <Omen.Wildat_private>
This archive was generated by hypermail 2b30 : Mon Sep 08 2003 - 15:20:54 PDT