Subject: Re: LKM
To: Hubert Feyrer <hubert.feyrer@informatik.fh-regensburg.de>
From: Steven M. Bellovin <smb@research.att.com>
List: tech-security
Date: 09/14/2001 14:08:21
In message <Pine.GSO.4.21.0109142002260.5195-100000@rfhpc8320>, Hubert Feyrer w
rites:
>
>[trimmed list of lists this goes to]
>
>On Fri, 14 Sep 2001, Lennart Augustsson wrote:
>> > Is there any mechanisms that verify that the code in "loadable kernel
>> > modules" is safe and does not perform operations compromising system
>> > integrity?
>> 
>> Yes, but none of these are available in NetBSD (or any other wide spread
>> OS, AFAIK).  One such technique is called proof carrying code.  Each piece
>> of code loaded into the kernel is accompanied by a (formal) proof that it
>> does no damage.  Before loading the code the proof+code is run through
>> a proof checker.
>
>Isn't that similar to the "driver signing" WinXP does? 
>

No.  Driver-signing says (at most) who wrote the driver; it says 
nothing about what it does or doesn't do.

		--Steve Bellovin, http://www.research.att.com/~smb
				  http://www.wilyhacker.com