diff --git a/thesis/MAIN.pdf b/thesis/MAIN.pdf index fb4b116..f7d707a 100644 Binary files a/thesis/MAIN.pdf and b/thesis/MAIN.pdf differ diff --git a/thesis/MAIN.tex b/thesis/MAIN.tex index d2d4673..b3321a1 100644 --- a/thesis/MAIN.tex +++ b/thesis/MAIN.tex @@ -1,3 +1,4 @@ +% !TeX document-id = {7131b1f7-d05a-492d-b4e1-23bbecfee18f} % !TeX encoding = UTF-8 % !TeX program = pdflatex % !BIB program = biber @@ -23,7 +24,7 @@ parskip=half*, % toc=flat, table, - 11pt, + 12pt, % draft ]{scrbook} @@ -93,6 +94,8 @@ \usepackage{sourcecodepro} \usepackage{microtype} + \usepackage{listings} + % \setcounter{tocdepth}{3} %subsubsection % \setcounter{secnumdepth}{3} @@ -152,4 +155,32 @@ \appendix +\section{Installing IMA on Arch} +\url{https://wiki.archlinux.org/index.php/Kernel/Arch_Build_System} in combination with \url{https://wiki.gentoo.org/wiki/Integrity_Measurement_Architecture}: + +\begin{lstlisting} + sudo pacman -S asp base-devel + cd ~ + mkdir build && cd build + asp update linux + asp export linux #Linux repo exported to this directory +\end{lstlisting} +Change \emph{pkgbase} in \texttt{linux/PKGBUILD} to custom name, e.g. linux-ima. +Check \texttt{linux/config} for the following settings: +\begin{lstlisting} + CONFIG_INTEGRITY=y + CONFIG_IMA=y + CONFIG_IMA_MEASURE_PCR_IDX=10 + CONFIG_IMA_LSM_RULES=y + CONFIG_INTEGRITY_SIGNATURE=y + CONFIG_IMA_APPRAISE=y + IMA_APPRAISE_BOOTPARAM=y +\end{lstlisting} +For optimizing file access, add to every fstab-entry \emph{iversion}. +It prevents creating a hash of the file at every access. +Instead the hash will only be created when writing the file. + +\texttt{updpkgsums} generates new checksums for the modified files. + +\texttt{makepkg -s} then makes the new kernel \end{document} \ No newline at end of file diff --git a/thesis/mainmatter.tex b/thesis/mainmatter.tex index 8f3907b..fe45ae6 100644 --- a/thesis/mainmatter.tex +++ b/thesis/mainmatter.tex @@ -1,5 +1,12 @@ \chapter{Introduction} +All about motivation of doing this masterthesis +\begin{itemize} + \item introduction in project digidow + \item privacy + \item integrity +\end{itemize} \chapter{Concept} +The theoretical tool that should be formed to one whole system implementation in this thesis \section{Attack Vectors and Threat Model} \section{Trust and Security} \section{Systems of Trust} @@ -11,7 +18,13 @@ \section{Extend the Trust to External Hardware} \section{Mitigation of Attack Vectors} \chapter{Implemtentation and Limitations} +\section{Trusted Boot} +\section{Linux Kernel Integrity Tools} + \chapter{Conclusion and Outlook} +It is yet very hard to implement a system of this kind. +The tools are available, but the documentation is not. +I did at least figure out what a prototype can look like. \autoref{tab:example} is an example of a table, in which the numbers are aligned at the comma, every second line is colored and the commands \texttt{\textbackslash toprule}, \texttt{\textbackslash midrule} and \texttt{\textbackslash bottomrule} are used \cite{arthur15}. \begin{table}[ht]