Ubuntu 14.04 Operating system trust chain (IMA) Extended analysis experiment

First, the purpose of the experiment

1. Understanding the composition and role of the TPM security chip

2. Mastering the principle and function of the trust chain extension of the computing platform

3. Master IMA's working principle and function

Ii. contents of the experiment

The criterion of the trust chain extension is "Measure before load", which is the first measure of the next stage component before it is loaded and handed over to it, documenting the component metrics and protecting the measure with the TPM.

is the compute Platform Trust chain extension prototype diagram:

1. The extended Linux operating system adds IMA functionality to it, extending the chain of trust from the OS layer to the user application layer.
2. Write the following code to load or run to see how the IMA works:

(1) User application

(2) Shared library

(3) Kernel module

III. Experimental process and results

Experimental steps:

1. The Ubuntu 14.04 x64 virtual machine was created on VMware Workstation 11, and the Ubuntu 14.04 kernel itself has integrated IMA-related code, so no new kernels need to be compiled and loaded. At the same time Ubuntu 14.04 has also been mount the Securityfs file system, so the following commands are also omitted:

MOUNT-TSECURITYFS securityfs/sys/kernel/security

2. View the application metrics for the IMA record with the following command:

Cat/sys/kernel/security/ima/ascii_runtime_measurements

3. Write the following code to load or run to see how the IMA works:

(1) User application

Write any C application Testima_exe, compile and run, and observe the changes in the IMA SECURITYFS. To compile and run the program, refer to the following command:

Gcctestima_exe.c-o Testima_exe./testima_exe

TESTIMA_EXE.C Source:

#include <stdio.h>int main () {printf ("Test ima!\n");    return 0;}

When you run the cat/sys/kernel/security/ima/ascii_runtime_measurements command without running any programs, the results are as shown.

After running the cat/sys/kernel/security/ima/ascii_runtime_measurements command, observe the results as shown,./testima_exe appears in the last row, and running C applications can cause changes in IMA metrics.

(2) Shared library

Write Linux shared library Libtestima, and write C application Testima_lib link this shared library, compile and run, observe the changes of IMA SECURITYFS. The reference commands are as follows:

Gcc-o libtestima.so-fpic-shared libtestima.ccplibtestima.so/lib gcctestima_lib.c-o testima_lib-  l testima./ Testima_lib

LIBTESTIMA.C Source:

#include <stdio.h>void Print_testima () {printf ("Test IMA from lib!\n");}

TESTIMA_LIB.C Source:

extern void Print_testima (); int main () {Print_testima ();    return 0;}

After you run the cat/sys/kernel/security/ima/ascii_runtime_measurements command, observe the results as shown in./testima_lib and/lib/ The libtestima.so appears in the last two rows, and it is visible that running the load lib causes the IMA metrics to change.

(3) Kernel module

Write the Linux kernel module Testima_ko, compile and load, and observe the changes of the IMA SECURITYFS. The reference commands are as follows:

Make INSMODTESTIMA_KO.KODMESG RMMODTESTIMA_KO.KODMESG

TESTIMA_KO.C Source:

#include <linux/module.h> #include <linux/kernel.h> #include <linux/init.h>module_license ("GPL"); static int __init hello_init (void) {PRINTK (kern_info "Hello testima_ko!\n"); return 0;} static void __exit hello_exit (void) {PRINTK (kern_info "Goodbye testima_ko!\n");} Module_init (Hello_init); Module_exit (Hello_exit);

Makefile Source:

Obj-m: = testima_ko.oall:make-c/lib/modules/$ (Shell uname-r)/build m=$ (PWD) modulesclean:make-c/lib/modules/$ (shell UNAME-R)/build m=$ (PWD) Clean

After running the cat/sys/kernel/security/ima/ascii_runtime_measurements command, observe the results as shown,/osv-exp3/ko/testima_ Ko.ko appears on the last line, and visible loading of the kernel module causes the IMA metrics to change.

Iv. Summary of the experiment

1. Experiment Harvest:

Learned a lot of IMA knowledge, but also more familiar with the Linux operating system command usage.

2. Summarize the problems encountered in the experimental process and solutions:

The IMA feature is not started by default, and the Cat/sys/kernel/security/ima/ascii_runtime_measurements command does not return the correct result.

Solution:

Modify the/boot/grub/grub.cfg file, add "quiet IMA_TCB" after "Menuentry ' Ubuntu" to enable the IMA function (as shown), and then restart the machine.

3. Summarize the deficiencies of the experiment, as well as further improvement measures:

Commands for the Linux operating system are not proficient enough and need further action.

Ubuntu 14.04 Operating system trust chain (IMA) Extended analysis experiment