Re: Release DigSig 0.1: LSM module checking digital signatures before loading the binaries

From: Crispin Cowan (crispinat_private)
Date: Thu Sep 18 2003 - 11:22:43 PDT

Next message: Yuan ChunYang: "about security_skb_alloc??"

Previous message: Greg KH: "Re: Release DigSig 0.1: LSM module checking digital signatures before loading the binaries"
In reply to: Makan Pourzandi: "Re: Release DigSig 0.1: LSM module checking digital signatures before loading the binaries"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Makan Pourzandi wrote:

>> We found the performance penalties to be *substantial*, typically in 
>> the 500% slowdown range. The problem is that the cost of digital 
>> signatures is more or less linear in the size of the program, mostly 
>> to compute the MD5 of the program. Small programs tend to be 
>> short-lived, while larger programs tend to be longer-lived, and the 
>> net result was 200% to 500% slowdown across the board. I suggest you 
>> try doing a kernel build with and without digsig and see what it does 
>> to your performance overhead. If you don't see the same overhead that 
>> we did, then I'd be very curious about the details.
>
> We'll do, for time being we have been trying to use rather lmbench for 
> tests, but I believe you have a good idea, we're currently running the 
> tests as soon as we come up with some synthesis of the results I'll 
> post it to the mailing list. 

I am a big fan of the lmbench microbenchmark test suite. It is very good 
for testing the performance of many operating systems core features.

But I don't think it is applicable in this case. Digital signatures for 
programs has the unusual property of imposing overhead that is nearly 
linear in the size of the program. The programs that lmbench exec's are 
artificially small, and so you won't see the overhead that will occur in 
natural programs.

This is why it is important in this and all systems researhc projects to 
perform both microbenchmarks and macrobenchmarks. Looking at just one or 
the other leads to major errors.

> That's the main reason we avoided the use of OpenSSL, I hoped that 
> somehow I would be wrong and during the discussions someone will come 
> with a brilliant idea to make possible the use openssl. It seems that 
> it was just wishful thinking. 

I too hoped for a long time that it was just a misunderstanding that 
OpenSSL could not be combined with the Linux kernel. It seemed silly 
that two well-respected open source packages could not be merged. But it 
really is true: the OpenSSL group refuses to yield in changing from the 
BSD 4-clause license, and some Linux kernel authors refuse to yield on 
the view that the "advertising" clause in BSD 4-clause is a restriction 
that the GPL does not allow.

Or so I was told by leading people in the two respective groups. Get 
your own lawyer and ask your own questions if you want to pursue it.

Good luck,
    Crispin

-- 
Crispin Cowan, Ph.D.           http://immunix.com/~crispin/
Chief Scientist, Immunix       http://immunix.com
            http://www.immunix.com/shop/

Next message: Yuan ChunYang: "about security_skb_alloc??"
Previous message: Greg KH: "Re: Release DigSig 0.1: LSM module checking digital signatures before loading the binaries"
In reply to: Makan Pourzandi: "Re: Release DigSig 0.1: LSM module checking digital signatures before loading the binaries"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Sep 18 2003 - 11:23:27 PDT