- Collect – measure a file before it is accessed.
- Store– add the measurement to a kernel resident list and, if a hardware Trusted Platform Module (TPM) is present, extend the IMA PCR
- Attest – if present, use the TPM to sign the IMA PCR value, to allow a remote validation of the measurement list.
- Appraise – enforce local validation of a measurement against a “good” value stored in an extended attribute of the file.
- Protect – protect a file’s security extended attributes (including appraisal hash) against off-line attack
Integrity Measurement Architecture(IMA)
IMA is an open source trusted computing component. IMA maintains a runtime measurement list and, if anchored in a hardware Trusted Platform Module(TPM), an aggregate integrity value over this list. The benefit of anchoring the aggregate integrity value in the TPM is that the measurement list cannot be compromised by any software attack, without being detectable. Hence, on a trusted boot system, IMA can be used to attest to the system’s runtime integrity.
Download Latest (IMA) : ima-evm-utils-0.2.tar.gz (16.3 kB)
Find other version |
Read more in here : http://linux-ima.sourceforge.net/
For Installation : http://sourceforge.net/apps/mediawiki/linux-ima/index.php?title=Main_Page