Leendert van Doorn wrote: ># > Release of digsig.0.1 ># ># > We implemented a kernel module using LSM hooks for 2.5.66 ># > which checks signatures before running a binary. The main goal is to ># > insert digital signatures inside the ELF binary ># > and verify this signature before loading the binary. ># ># This sounds *very* similar to CryptoMark 1, which we released in 2001 > >It also sounds very similar to a system my intern Gerco Ballintijn did in 2000 which was published as: > >Van Doorn, L., Ballintijn, G., Arbaugh, W.A., Signed Executables for Linux, UMD CS-TR-4259, June 2001 >(available from my CMU home page http://www.ece.cmu.edu/~leendert/publications/SignedExec.pdf). > > Hi Leendert, I read your paper with great interest, and believe that there are many interesting ideas. Particularly, I agree with you in fact that the digital signature is only one of different building blocks to achieve security. This is why the digsig package is part of a greater effort, the DSI project. In DSI project, we have already implemented aprts of what we call distributed access control mechanisms (http://disec.sourceforge.net/docs/dpta_dsi.pdf). We showed their feasability and their performance impact. However, I believe even we fill up different pieces of the puzzle, still many pieces are missing. Regarding our release, I want to be very clear on our goal. Our goal is not to claim we are the first ones to deal with digital signatures at kernel level. The digital signature and its possible uses are very known (at least in security aware environments) whether it's in the kernel or not. Our goal is to have a free GPL based code for signature verification at linux kernel level. I believe that community and industry are more and more willing to use this kind of mechanism. As an example, the support for verifying the signature of an executable before loading it has been added to the security requirements for carrier grade Linux release 3 (http://www.osdl.org/lab_activities/carrier_grade_linux/documents.html). regards, Makan ------------------------------------------------------- Makan Pourzandi, Ericsson Research Canada makan.pourzandiat_private This email does not represent or express the opinions of Ericsson Inc. ------------------------------------------------------- >Here we actually cached the signature verification results and found that the overhead becomes >insignificant because the working set of programs is very small. Of course, signature caching >only works for local file systems, remote file systems are not cached. Full comparison for a >kernel with and with-out signature checking is in the paper. > >Just as in Crispin's case we couldn't release the source code. We used rsaref for the assymetric >crypto which license is incompatible with GPL. > > Leendert > > >
This archive was generated by hypermail 2b30 : Thu Sep 18 2003 - 09:55:55 PDT