LinuxCon Europe + CloudOpen Europe

Runtime system integrity is protected by access control mechanisms. The Linux kernel provides Discretionary Access Control (DAC) and several Mandatory Access Control modules, such as SELinux, SMACK, Tomoyo, AppArmor. All of these assume trustworthiness of the access control related data. Integrity protection is required to ensure that offline modification of such data will not remain undetected. This presentation will summarize and compare the different methods, at the different layers, for achieving integrity protection, highlight the benefits and limitations of each method, and show how to use them to build integrity protected system. In particular, it will compare the VFS level Linux kernel Integrity Subsystem, with block-level integrity protection modules, such as dm-integrity and dm-verity.The rest of the talk will focus on recent and future directions of the Integrity Subsystem.