SE Linux and Decrypted Data

Source: etbe.coker - Posted by Bill Keys

There is currently a discussion on the Debian-security mailing list about how to protect data which came from an encrypted file. I was going to skip that one until someone summoned me by mentioning SE Linux.

The issue which was raised is that data from an encrypted file can be read from /dev/mem (for all memory of the machine) or /proc//mem (for the memory of the process). It was suggested that SE Linux can prevent such attacks, however it’s not that simple. How do you secure data that came from an encrypted file? This article takes the position that SELinux is the answer. Do you agree after reading it?

Read this full article at etbe.coker

Comments

LSA European Parliament

Written by D. Schuerewegen on 2008-11-27 10:12:44

I agree with the author, it's feasible, but not straightforward.
On the other hand, some kernel processes need access to /dev/mem (i.e. memory management), so how are you going to deny them access to decrypted data?

Only registered users can write comments.
Please login or register.