Re: Release DigSig 0.1: LSM module checking digital signatures before loading the binaries

From: Crispin Cowan (crispinat_private)
Date: Thu Sep 18 2003 - 11:22:43 PDT

  • Next message: Yuan ChunYang: "about security_skb_alloc??"

    Makan Pourzandi wrote:
    >> We found the performance penalties to be *substantial*, typically in 
    >> the 500% slowdown range. The problem is that the cost of digital 
    >> signatures is more or less linear in the size of the program, mostly 
    >> to compute the MD5 of the program. Small programs tend to be 
    >> short-lived, while larger programs tend to be longer-lived, and the 
    >> net result was 200% to 500% slowdown across the board. I suggest you 
    >> try doing a kernel build with and without digsig and see what it does 
    >> to your performance overhead. If you don't see the same overhead that 
    >> we did, then I'd be very curious about the details.
    > We'll do, for time being we have been trying to use rather lmbench for 
    > tests, but I believe you have a good idea, we're currently running the 
    > tests as soon as we come up with some synthesis of the results I'll 
    > post it to the mailing list. 
    I am a big fan of the lmbench microbenchmark test suite. It is very good 
    for testing the performance of many operating systems core features.
    But I don't think it is applicable in this case. Digital signatures for 
    programs has the unusual property of imposing overhead that is nearly 
    linear in the size of the program. The programs that lmbench exec's are 
    artificially small, and so you won't see the overhead that will occur in 
    natural programs.
    This is why it is important in this and all systems researhc projects to 
    perform both microbenchmarks and macrobenchmarks. Looking at just one or 
    the other leads to major errors.
    > That's the main reason we avoided the use of OpenSSL, I hoped that 
    > somehow I would be wrong and during the discussions someone will come 
    > with a brilliant idea to make possible the use openssl. It seems that 
    > it was just wishful thinking. 
    I too hoped for a long time that it was just a misunderstanding that 
    OpenSSL could not be combined with the Linux kernel. It seemed silly 
    that two well-respected open source packages could not be merged. But it 
    really is true: the OpenSSL group refuses to yield in changing from the 
    BSD 4-clause license, and some Linux kernel authors refuse to yield on 
    the view that the "advertising" clause in BSD 4-clause is a restriction 
    that the GPL does not allow.
    Or so I was told by leading people in the two respective groups. Get 
    your own lawyer and ask your own questions if you want to pursue it.
    Good luck,
    Crispin Cowan, Ph.D. 
    Chief Scientist, Immunix

    This archive was generated by hypermail 2b30 : Thu Sep 18 2003 - 11:23:27 PDT