Xen project Mailing List

Re: [Xen-devel] trusted computing

From: David Hopwood <david.nospam.hopwood@xxxxxxxxxxxxxxxx>

Date: Tue, 19 Oct 2004 00:16:43 +0100

Delivery-date: Tue, 19 Oct 2004 00:58:29 +0100

List-id: List for Xen developers <xen-devel.lists.sourceforge.net>

Tim Freeman wrote:

not about Xen in particular, but as a side note, because I think some
people are interested in trusted computing and virtualization?  If
you're not, sorry for the intrusion!

http://www.research.ibm.com/secure_systems_department/projects/tcglinux/

"Currently, we experiment measuring the information flow on SELinux
systems to reason about isolation properties of a system. For this
purpose, we modified tcgLinux to run as an LSM kernel module stacked on
top of SELinux. We also envision to extend our attestation method to
integrate virtualization technology and partition the attestation space
of a system using the information flow policies enforced therein."

# [tcgLinux]'s main goal is to generate verifiable representative information # about the software stack running on a Linux system. This information can # be used by remote parties to determine the integrity of the execution # environment. Can it, though? The assumption seems to be that fingerprinting executables is sufficient to characterise the security configuration of a system. AFAICS that's patently false: the security of a system is dependent on its complete configuration, including many non-executable files. IOW, anyone can compromise a system without changing any executable files. # We instrumented the Linux kernel to trigger a measurement for each # executable, library, or kernel module loaded into the run-time before # they affect the system. Yep, only executables. This seems quite useless. -- David Hopwood <david.nospam.hopwood@xxxxxxxxxxxxxxxx> ------------------------------------------------------- This SF.net email is sponsored by: IT Product Guide on ITManagersJournal Use IT products in your business? Tell us what you think of them. Give us Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more http://productguide.itmanagersjournal.com/guidepromo.tmpl _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/xen-devel

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.