From fin@linux.vnet.ibm.com Tue Jun 10 00:57:17 2014
Date: Wed, 21 May 2014 16:23:25 -0500
From: Fionnuala Gunter <fin@linux.vnet.ibm.com>
To: lss-pc@ext.namei.org
Subject: [lss-pc] : LSS presentation proposal

Package managers: including and installing file signatures

IMA-appraisal, upstreamed in linux-3.7, enforces local file integrity 
based on a known 'good' value stored as an extended attribute 
'security.ima'.  This attribute may contain a hash, which is convenient, 
particularly for changing files, but does not provide authenticity 
protection. The other option is to store a file's digital signature in 
security.ima, which provides integrity and authenticity.

Currently, file signatures are calculated and stored after a package is 
installed. Including file signatures in the package would provides not 
only integrity, but file provenance. This talk will discuss extensions 
to package managers (.rpm and .deb) to include and install file signatures.

--
Fionnuala Gunter
Mimi Zohar


_______________________________________________
lss-pc mailing list
lss-pc@ext.namei.org
https://ext.namei.org/mailman/listinfo/lss-pc