Name: IMA Update: Lessons Learned from Re-implementing IMA-measurement in User Space - Roberto Sassu, Huawei Technologies Duesseldorf GmbH
Start: 2025-08-28T13:45:00+0200
End: 2025-08-28T14:15:00+0200

28 - 29 August | Amsterdam, Netherlands
View More Details & Registration
Note: The schedule is subject to change.

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for Linux Security Summit Europe 2025 to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

This schedule is automatically displayed in Central European Summer Time (CEST | UTC+2). To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date."

Thursday August 28, 2025 13:45 - 14:15 CEST

G102-103

Integrity Measurement Architecture (IMA) was originally designed and developed by IBM Research to extend the trusted
boot chain of measurements to the running system. Subsequently, support for extending secure boot up to the running system (IMA-appraisal) was added and, with it, support for writing audit messages in the system logs.

For good and for bad, IMA-measurement and IMA-appraisal needed to be flexible to work in different environments from embedded/IoT to large systems. The original concepts of extending both trusted and secure boot have not changed, but some of the methods/designs could be improved.

This talk proposes a few kernel improvements based on our work in user space. First, it proposes a new design change to serialize and store the measurement list in a memory area shared between primary and secondary kernel, so that nothing needs to be done on kexec, as opposed to carrying out measurements from one kernel to another.

Second, it proposes a new testing tool for verifying that IMA reported a violation when a file is opened for read and
subsequently opened as write or vice-versa. Building on that, the talk also discusses a few alternatives on how to detect
such violations.

Finally, it proposes a new debugging technique, allowing to run a large number of integration tests without rebooting the
kernel.

Speakers

Roberto Sassu

Principal Engineer, Huawei Technologies Duesseldorf GmbH

Roberto Sassu received a MsC in Information Security in 2008 and worked as a research assistant until 2014. He published and presented papers on Trusted Computing at STC'11 and TrustCom 2014. He also participated to several European projects (OpenTC, TClouds, SECURED and FutureTPM... Read More →

Thursday August 28, 2025 13:45 - 14:15 CEST
G102-103

Short Topics

Need help? View Support Guides
Event questions? Contact Event Planner

Linux Security Summit Europe 2025

Roberto Sassu

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!