Linux Integrity Subsystem – Integrity Measurement Architecture (IMA)

The goals of the kernel integrity subsystem are to detect if files have been accidentally or maliciously altered, both remotely and locally, appraise a file’s measurement against a “good” value stored as an extended attribute, and enforce local file integrity. These goals are complementary to Mandatory Access Control(MAC) protections provided by LSM modules, such as SElinux and Smack, which, depending on policy, can attempt to protect file integrity. The following modules provide serveral integrity functions:

  • Collect – measure a file before it is accessed.
  • Store– add the measurement to a kernel resident list and, if a hardware Trusted Platform Module (TPM) is present, extend the IMA PCR
  • Attest – if present, use the TPM to sign the IMA PCR value, to allow a remote validation of the measurement list.
  • Appraise – enforce local validation of a measurement against a “good” value stored in an extended attribute of the file.
  • Protect – protect a file’s security extended attributes (including appraisal hash) against off-line attack

Integrity Measurement Architecture(IMA)

IMA is an open source trusted computing component. IMA maintains a runtime measurement list and, if anchored in a hardware Trusted Platform Module(TPM), an aggregate integrity value over this list. The benefit of anchoring the aggregate integrity value in the TPM is that the measurement list cannot be compromised by any software attack, without being detectable. Hence, on a trusted boot system, IMA can be used to attest to the system’s runtime integrity.

Download Latest (IMA) : ima-evm-utils-0.2.tar.gz (16.3 kB)
Find other version |
Read more in here :
For Installation :