tech-security: Re: verified executable kernel modification committed

Subject: Re: verified executable kernel modification committed
To: Brett Lymn <blymn@baesystems.com.au>
From: Dries Schellekens <gwyllion@ace.ulyssis.org>
List: tech-security
Date: 10/31/2002 14:54:36

On Thu, 31 Oct 2002, Brett Lymn wrote:

> On Wed, Oct 30, 2002 at 09:26:09PM +1030, Brett Lymn wrote:
> >
> > > Stephanie: http://www.innu.org/~brian/Stephanie/
> > > The Design of k5: http://www.innu.org/~brian/Stephanie/dist/Stephanie-3.1/doc/DESIGN.k5
> > >
> >
> > Stephanie (iirc) made a trusted computing base by shifting all the
> > critical binaries into a separate, locked down tree.
> >
>
> My apologies to Brian here - this is not correct.  Stephanie uses
> Trusted Path Execution, it does not shift the binaries at all.  My
> memory was faulty.  Note that Stephanie is not maintained anymore.

I disagree. Brian added k5 (Binary Integrity Verification) in May 2002.
Read the design notes at
http://www.innu.org/~brian/Stephanie/dist/Stephanie-3.1/doc/DESIGN.k5

I think he will support 3.2 when it is released.


Cheers,

Dries
-- 
Dries Schellekens
email: gwyllion@ulyssis.org