File signatures needed! / Linux Plumbers Conference: Developing the Kernel, Libraries and Utilities

File signatures needed!

Session information has not yet been published for this event.

Scheduled: Thursday, November 3, 2016 from 2:00 – 2:45pm in Sweeney F

One Line Summary

In this talk we will present how Linux Integrity Measurement Architecture (IMA) on Ubuntu and Fedora can prevent the execution of unsanctioned programs once we have installed the system files with signatures.

Abstract

The boot process of modern systems is protected against attack by secure
and trusted boot. In secure boot, each part of the boot chain validates
the signature of the next stage before transferring control. Each stage
of the boot process is required to have a valid signature. In trusted
boot, each part of the boot chain is measured and logged before control
is transferred to the next stage. The results of trusted boot can be
presented to a remote party for attestation. The Linux Integrity
Measurement Architecture (IMA) extends these mechanisms to runtime
and presents a single, uniform method for measuring and appraising file
signatures.

In most distros, while packages installed from a repository have been
typically signed, the files that are installed by these packages have
not been signed. Meanwhile, for example the iOS kernel prevents
executing any unsigned code. Similarly, IMA can also be configured
to enforce signature verification on any file before reading or executing,
therefore preventing the execution of any software that is either installed
from untrusted sources, or modified after installation. In order to achieve
this, all files should be signed and installed with their signatures.
This requirement has limited the adoption of IMA to embedded, IoT, and
enterprise environments, where files come from a trusted image and do
not change frequently. For general users, the prescribed way of using
IMA has been to self-sign all the files during the initialization step.
As a result, any pre-installed malware would be able to escape
detection.

In this talk we will present an overview of the state of the art of
signature verification in commonly used operating systems, our efforts
to enable enforcement of file signatures for two distros, namely Ubuntu
and Fedora, and our userspace extensions to various components, starting
from the package build processes, to the installation of packages on the
system. We will demonstrate the installation of such a system from an
ISO that contains packages with signed files. Finally, we will present
our work on managing the certificates in a way that gives the control to
the user. We hope to convince the Linux distros to start signing all
the files by presenting our proof of concept. We hope that this talk will
also provide an opportunity for discussing the userspace/kernel plumbing
still needed for general signature verification adoption.

Presentation Materials

slides

Back to list of proposals

Speakers

Stefan Berger
IBM Research
- Website: http://researcher.ibm.com/researcher/view.php?person=us-stefanb
Biography

Stefan Berger is a senior technical staff member working in the Secure Systems group at IBM Research.
Mehmet Kayaalp
IBM Research
- Website: http://researcher.watson.ibm.com/researcher/view.php?person=u...
Biography

Mehmet Kayaalp is a postdoctoral researcher at IBM Research in Secure Systems Group. He received his PhD from Binghamton University, in the area of computer architecture and security.