Whicl linux technology existd to protect file's data at run at file granularity?

Whicl linux technology existd to protect file's data at run at file granularity?

Elazar Leibovich elazarl at gmail.com
Sun Feb 24 11:34:10 IST 2019 

Sounds like you want IMA+EVM, specifically IMA-appraisal. I've no
experience with that in practice.

https://sourceforge.net/p/linux-ima/wiki/Home/#ima-appraisal
https://events.linuxfoundation.org/wp-content/uploads/2017/12/LSS2018-EU-LinuxIntegrityOverview_Mimi-Zohar.pdf

As I mentioned before, judging from your previous question, *I think what
you really need is a paid professional Linux security consultancy.*

Asking security questions in a mailing list, and worse, getting answers
from none-professionals like myself is not a good path to reach a secure
system IMHO.

By all means, you're invited to mail me in private/give me a call. While I
personally cannot help you I can refer you to people who does that for
living.

Disclosure, I've no connection to security consultunts other than working
with some excellent ones, to which I can refer and they'll probably find
you a good place to get your system secure.

Remember, even world class security teams, like the ones who designed the
X-Boxes missed some details and ended up with vulnerable system. If indeed
a secure Linux is a priority, industry knows how to do that to some extent,
but IMHO you need paid professional consultant, not general question in a
public mailing list. In my view, what you're doing is akin to asking a
public forum how to design a brakes system without any context. This is
unlikely to end up well. I don't feel it's responsible from my side to just
provide my limited knowledge without mentioning the problems with the
general approach.

On Sun, Feb 24, 2019 at 10:07 AM Lev Olshvang <levonshe at yandex.com> wrote:

>
> I know at least several  technologies that protect "data at rest" , such
> as dm-crypt, tomb, eCryptfs.
>
> The problem with dm-crypt or eCrypts that since file system is mounted,
> all logged users, including attackers can read files.
>
> But I did not find anything that protects data at run, i.e decrypts  only
> file read request using user key.
>
> Please advise,
> Lev
> _______________________________________________
> Linux-il mailing list
> Linux-il at cs.huji.ac.il
> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.cs.huji.ac.il/pipermail/linux-il/attachments/20190224/85427c41/attachment-0001.html>

More information about the Linux-il mailing list