Skip to content
Snippets Groups Projects

update security ima

Closed update security ima
Tino.Lippold-ext/apertis-website:wip/tino/update-security-ima into master
Closed Tino Lippold requested to merge Tino.Lippold-ext/apertis-website:wip/tino/update-security-ima into master
Compare
and
1 file
+ 21
24
Compare changes
  • Side-by-side
  • Inline
content/designs/security.md
+ 21
24
@@ -1337,7 +1337,7 @@ Resource usage here refers to the limitation and prioritization of
hardware resources usage. Common resources to limit usage of are CPU,
memory, network, disk I/O and IPC.
The proposed solution is Control Groups ([cgroups]), which is a
The proposed solution is Control Groups ([cgroup-v1], [cgroup-v2]), which is a
Linux kernel feature to limit, account, isolate and prioritize resource
usage of process groups. It protects the platform from resource
exhaustion and DoS attacks. The groups of processes can be dynamically
@@ -1833,11 +1833,8 @@ environment.
## The IMA Linux Integrity Subsystem
The basics of the Integrity Measurement Architecture ([IMA])
subsystem have been a part of Linux since the version 2.6.30, viewing of
the records has been included in 2.6.36, and local verification has been
[submitted][kernel-local-verif] to the kernel maintainers very recently, in late January 2012.
The goal of the subsystem is to make sure that a given set
The goal of the Integrity Measurement Architecture ([IMA])
subsystem is to make sure that a given set
of files have not been altered and are authentic – in other words,
provided by a trusted source. The mechanism used to provide these two
features are essentially keeping a database of file hashes and RSA
@@ -2113,25 +2110,27 @@ from iterating on an implementation.
[smack-embedded-tv]: http://www.embeddedalley.com/pdfs/Smack_for_DigitalTV.pdf
[cgroups]: http://www.kernel.org/doc/Documentation/cgroups/cgroups.txt
[cgroup-v1]: https://www.kernel.org/doc/Documentation/cgroup-v1/cgroups.txt
[blkio-doc]: http://www.kernel.org/doc/Documentation/cgroups/blkio-controller.txt
[cgroup-v2]: https://www.kernel.org/doc/Documentation/cgroup-v2.txt
[blkio-doc]: https://www.kernel.org/doc/Documentation/cgroup-v1/blkio-controller.txt
[udev]: http://en.wikipedia.org/wiki/Udev
[clone]: http://www.kernel.org/doc/man-pages/online/pages/man2/clone.2.html
[clone]: https://man7.org/linux/man-pages/man2/clone.2.html
[man-in-the-middle]: https://en.wikipedia.org/wiki/Man-in-the-middle_attack
[cross-site scripting]: http://en.wikipedia.org/wiki/Cross-site_scripting
[cross-site scripting]: https://en.wikipedia.org/wiki/Cross-site_scripting
[omnibox]: http://chrome.blogspot.com.br/2010/10/understanding-omnibox-for-better.html
[omnibox]: https://chrome.googleblog.com/2010/10/understanding-omnibox-for-better.html
[Secure APT]: http://wiki.debian.org/SecureApt
[Secure APT]: https://wiki.debian.org/SecureApt
[Release file]: http://wiki.debian.org/SecureApt#Secure_apt_groundwork:_checksums
[Release file]: https://wiki.debian.org/SecureApt#Secure_apt_groundwork:_checksums
[Secrets D-Bus service]: http://standards.freedesktop.org/secret-service/re01.html
[Secrets D-Bus service]: https://specifications.freedesktop.org/secret-service/latest/re01.html
[GNOME-secret-service]: https://wiki.gnome.org/Projects/GnomeKeyring
@@ -2139,24 +2138,22 @@ from iterating on an implementation.
[SSP]: https://wiki.ubuntu.com/GccSsp
[LXC]: http://lxc.sourceforge.net/
[LXC]: https://linuxcontainers.org/
[dbus-tcp]: http://www.freedesktop.org/wiki/Software/DBusRemote
[dbus-tcp]: https://www.freedesktop.org/wiki/Software/DBusRemote/
[Virtual GL]: http://www.virtualgl.org/
[Virtual GL]: https://virtualgl.org/
[Flatpak]: https://flatpak.org/
[IMA]: http://sourceforge.net/apps/mediawiki/linux-ima/index.php?title=Main_Page
[kernel-local-verif]: http://thread.gmane.org/gmane.linux.file-systems/61111/focus=61121
[IMA]: https://sourceforge.net/p/linux-ima/wiki/Home/
[IMA LPC]: http://linuxplumbersconf.org/2009/slides/David-Stafford-IMA_LPC.pdf
[IMA LPC]: https://blog.linuxplumbersconf.org/2009/slides/David-Stafford-IMA_LPC.pdf
[EVM]: http://sourceforge.net/apps/mediawiki/linux-ima/index.php?title=Main_Page#Linux_Extended_Verification_Module_.28EVM.29
[EVM]: https://sourceforge.net/p/linux-ima/wiki/Home/#linux-extended-verification-module-evm
[kernel-EVM]: http://kernelnewbies.org/Linux_3.2#head-03576b924303bb0fad19cabb35efcbd33eeed084
[kernel-EVM]: https://kernelnewbies.org/Linux_3.2#head-03576b924303bb0fad19cabb35efcbd33eeed084
[Seccomp]: https://github.com/torvalds/linux/blob/master/Documentation/prctl/seccomp_filter.txt
[Seccomp]: https://www.kernel.org/doc/Documentation/prctl/seccomp_filter.txt
[libseccomp]: https://lwn.net/Articles/494252/
Apertis Website Terms of Use Privacy Policy