\select@language {english}
\contentsline {chapter}{\numberline {1}Credentials in Linux}{1}{chapter.1}
\contentsline {section}{\numberline {1.1}Overview}{1}{section.1.1}
\contentsline {section}{\numberline {1.2}Types of Credentials}{3}{section.1.2}
\contentsline {section}{\numberline {1.3}File Markings}{4}{section.1.3}
\contentsline {section}{\numberline {1.4}Task Credentials}{4}{section.1.4}
\contentsline {subsection}{\numberline {1.4.1}Immutable Credentials}{5}{subsection.1.4.1}
\contentsline {subsection}{\numberline {1.4.2}Accessing Task Credentials}{5}{subsection.1.4.2}
\contentsline {subsection}{\numberline {1.4.3}Accessing Another Task's Credentials}{6}{subsection.1.4.3}
\contentsline {subsection}{\numberline {1.4.4}Altering Credentials}{7}{subsection.1.4.4}
\contentsline {subsection}{\numberline {1.4.5}Managing Credentials}{8}{subsection.1.4.5}
\contentsline {section}{\numberline {1.5}Open File Credentials}{8}{section.1.5}
\contentsline {section}{\numberline {1.6}Overriding the VFS's Use of Credentials}{9}{section.1.6}
\contentsline {chapter}{\numberline {2}IMA Template Management Mechanism}{11}{chapter.2}
\contentsline {section}{\numberline {2.1}Introduction}{11}{section.2.1}
\contentsline {section}{\numberline {2.2}Supported Template Fields and Descriptors}{11}{section.2.2}
\contentsline {section}{\numberline {2.3}Use}{12}{section.2.3}
\contentsline {chapter}{\numberline {3}Kernel Keys}{13}{chapter.3}
\contentsline {section}{\numberline {3.1}Kernel Key Retention Service}{13}{section.3.1}
\contentsline {subsection}{\numberline {3.1.1}Key Overview}{13}{subsection.3.1.1}
\contentsline {subsection}{\numberline {3.1.2}Key Service Overview}{15}{subsection.3.1.2}
\contentsline {subsection}{\numberline {3.1.3}Key Access Permissions}{16}{subsection.3.1.3}
\contentsline {subsection}{\numberline {3.1.4}SELinux Support}{16}{subsection.3.1.4}
\contentsline {subsection}{\numberline {3.1.5}New ProcFS Files}{17}{subsection.3.1.5}
\contentsline {subsection}{\numberline {3.1.6}Userspace System Call Interface}{18}{subsection.3.1.6}
\contentsline {subsection}{\numberline {3.1.7}Kernel Services}{25}{subsection.3.1.7}
\contentsline {subsection}{\numberline {3.1.8}Notes On Accessing Payload Contents}{28}{subsection.3.1.8}
\contentsline {subsection}{\numberline {3.1.9}Defining a Key Type}{29}{subsection.3.1.9}
\contentsline {subsection}{\numberline {3.1.10}Request-Key Callback Service}{32}{subsection.3.1.10}
\contentsline {subsection}{\numberline {3.1.11}Garbage Collection}{33}{subsection.3.1.11}
\contentsline {section}{\numberline {3.2}Encrypted keys for the eCryptfs filesystem}{33}{section.3.2}
\contentsline {section}{\numberline {3.3}Key Request Service}{34}{section.3.3}
\contentsline {subsection}{\numberline {3.3.1}The Process}{35}{subsection.3.3.1}
\contentsline {subsection}{\numberline {3.3.2}Negative Instantiation And Rejection}{36}{subsection.3.3.2}
\contentsline {subsection}{\numberline {3.3.3}The Search Algorithm}{36}{subsection.3.3.3}
\contentsline {section}{\numberline {3.4}Trusted and Encrypted Keys}{37}{section.3.4}
\contentsline {chapter}{\numberline {4}Linux Security Module Development}{41}{chapter.4}
\contentsline {chapter}{\numberline {5}Kernel Self-Protection}{43}{chapter.5}
\contentsline {section}{\numberline {5.1}Attack Surface Reduction}{43}{section.5.1}
\contentsline {subsection}{\numberline {5.1.1}Strict kernel memory permissions}{43}{subsection.5.1.1}
\contentsline {subsubsection}{Executable code and read-only data must not be writable}{43}{subsubsection*.25}
\contentsline {subsubsection}{Function pointers and sensitive variables must not be writable}{44}{subsubsection*.26}
\contentsline {subsubsection}{Segregation of kernel memory from userspace memory}{44}{subsubsection*.27}
\contentsline {subsection}{\numberline {5.1.2}Reduced access to syscalls}{44}{subsection.5.1.2}
\contentsline {subsection}{\numberline {5.1.3}Restricting access to kernel modules}{44}{subsection.5.1.3}
\contentsline {section}{\numberline {5.2}Memory integrity}{45}{section.5.2}
\contentsline {subsection}{\numberline {5.2.1}Stack buffer overflow}{45}{subsection.5.2.1}
\contentsline {subsection}{\numberline {5.2.2}Stack depth overflow}{45}{subsection.5.2.2}
\contentsline {subsection}{\numberline {5.2.3}Heap memory integrity}{45}{subsection.5.2.3}
\contentsline {subsection}{\numberline {5.2.4}Counter integrity}{45}{subsection.5.2.4}
\contentsline {subsection}{\numberline {5.2.5}Size calculation overflow detection}{45}{subsection.5.2.5}
\contentsline {section}{\numberline {5.3}Probabilistic defenses}{45}{section.5.3}
\contentsline {subsection}{\numberline {5.3.1}Canaries, blinding, and other secrets}{45}{subsection.5.3.1}
\contentsline {subsection}{\numberline {5.3.2}Kernel Address Space Layout Randomization (KASLR)}{46}{subsection.5.3.2}
\contentsline {subsubsection}{Text and module base}{46}{subsubsection*.28}
\contentsline {subsubsection}{Stack base}{46}{subsubsection*.29}
\contentsline {subsubsection}{Dynamic memory base}{46}{subsubsection*.30}
\contentsline {subsubsection}{Structure layout}{46}{subsubsection*.31}
\contentsline {section}{\numberline {5.4}Preventing Information Exposures}{46}{section.5.4}
\contentsline {subsection}{\numberline {5.4.1}Unique identifiers}{46}{subsection.5.4.1}
\contentsline {subsection}{\numberline {5.4.2}Memory initialization}{46}{subsection.5.4.2}
\contentsline {subsection}{\numberline {5.4.3}Memory poisoning}{47}{subsection.5.4.3}
\contentsline {subsection}{\numberline {5.4.4}Destination tracking}{47}{subsection.5.4.4}
\contentsline {chapter}{\numberline {6}Trusted Platform Module documentation}{49}{chapter.6}
\contentsline {section}{\numberline {6.1}Virtual TPM Proxy Driver for Linux Containers}{49}{section.6.1}
\contentsline {subsection}{\numberline {6.1.1}Introduction}{49}{subsection.6.1.1}
\contentsline {subsection}{\numberline {6.1.2}Design}{49}{subsection.6.1.2}
\contentsline {subsection}{\numberline {6.1.3}UAPI}{49}{subsection.6.1.3}
\contentsline {chapter}{Index}{51}{section*.35}