We presented the design and implementation of a secure integrity
measurement system for Linux. This system extends the TCG trust
concepts from the BIOS all the way up into the application layer for a
general operating system. We extend the operating system with hooks
to measure when the first code is loaded into a process
(file_mmap LSM hook), provide a measure sysfs entry to
request subsequent measurements, and detect when changes to measured
inodes occur. This mechanism enables the measurement of dynamic
loaders, shared libraries, and kernel modules in addition to the
executed files. Further, the approach is extensible, such that
applications can measure their specialized loads as shown for
bash. The result is that we show that many of the Microsoft
NGSCB guarantees can be obtained on today's hardware and today's
software and that these guarantees do not require a new CPU mode or
operating system but merely depend on the availability of an
independent trusted entity. Such a system can already detect a variety
of integrity issues, such as the presence of rootkits or vulnerable
software. Our measurements show that the non-development systems can
be practically measured and that the measurement overhead is
reasonable.
The measurement system is extensible and we believe that we can ultimately achieve guarantees beyond those of Microsoft NGSCB. The application of mandatory access control policy can ensure that dynamic data cannot be modified except by trusted sources [17]. Identification of low integrity data flows can enable the possibility of control over whether these flows should be allowed, whether effective restriction can be put on them at the system-level or within applications.
We are currently in the process of making the source code of our integrity measurement architecture implementation publicly available as open-source and pursue efforts to integrate it into the kernel as an optional LSM kernel module.