Browse Prior Art Database

Method to improve performance of the trusted execution system

IP.com Disclosure Number: IPCOM000210333D
Publication Date: 2011-Aug-30
Document File: 4 page(s) / 63K

Publishing Venue

The IP.com Prior Art Database

Abstract

Disclosed is a system in which a global and application environment sharing the same loader (Global machine and WPARs/Containers/Corals share the same loader) then the execution will depend on loader of the Global environment. In this situation if we enable any of the security feature like Trusted execution, RBAC, MLS etc, either on global or in application environment . ). Once the security feature has been enabled, before loading the executable into the memory, the loader will start verifying whether that security feature is still enabled or not. Presently we are unable to identify whether security feature is enabled in global or any of the application environment (corrals). So when we enable security feature (MLS/RBAC/TE) in either Global environment or in corrals, loader will start verifying for the correctness based on the security feature enabled for that operation, if it matches It will allow the operation to complete. Even if we disable the security feature its unable to identify whether the security feature is enabled or not because of the some complexities involved in application environment (corrals).The complexity is that the security feature can be enabled or disabled either in global or application environment. Even if we disable the security feature, loader will do extra verification for all the executables to see whether that features is enabled or not, because of this a lot of performance hurt especially in global environment. We are showing the example of trustchk in the above disclosure. Solution for the above mentioned problem: The security feature (RBAC/MLS/TE) can be enabled either in global environment or in application environment (corrals). Once the security feature has been enabled, before loading the executable into the memory, the loader will start verifying whether that security feature is still enabled or not. We can disable the security feature either in global environment or in corrals, assume if we disable the security feature in global environment and in all the application environment (corrals) , then we will reset the flag of that global security feature to zero which means loader will not verify the enablement of the security feature for any of the executables. Assume like if we disable the security feature in the global environment and if any of the wpar(corrals) has this security feature enabled then we will wait for that wpars security feature to be turned off, then we will reset the flag of that global security feature to zero. In the mean time if global process is waiting for any of the wpars security feature to be turned off, suddenly if global process security feature is turned on, then stop waiting for the wpars security feature to be turned off. This is briefly explained in this disclosure.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 42% of the total text.

Page 01 of 4

Method to improve performance of the trusted execution system

Background:


Presently in AIX we can enable trusted execution dynamically using truschk command.
trustchk command is used for the administration of Trusted Signature Database (TSD) and Trusted Execution function.

Privileged users use the trustchk command to add, delete, or list entries to the Trusted Signature Database (TSD). The TSD is a database of security attributes of the trusted files that are present on the system. The TSD is in the /etc/security/tsd/tsd.dat file. This database gets populated at installation time. It stores the security attributes of the trusted files that are present on the system.

/etc/security/tsd/tsd.dat file looks likes this: /usr/sysv/bin/lp:

owner = lp

group = lp

mode = 111

type = FILE

hardlinks =

symlinks =

size = 174064

cert

tag = 00af4b62b878aa47f7

signature = 3fb8ae43e0ec648871dbb33e48eeb638490a5482a2e857647ac735b908916fbefb0b5b535a836b85ae0c3 301afd0974ed8c2493aa 6946393d7f81db4424964ec70385b342dbfb9309b634d7c85b1d212580803dcdddf96cfc04cd2906703fefe 93d2124363ebd3b3a2098ff4071d3a99c94753
e6441e75c97cecc49c58b0f985

We can define the stanzas of our own executables in /etc/security/tsd/tsd.dat file.

If we execute our executable, before loading the executable into the memory, the following check will be done:

if (trusted

_

/* Verify the integrity of the file and its path

if corresponding trustchk modes are enabled. Fail the

load if trust is not established. */

trustchk

}

Before loading the executable into the memory, the following things have to be verified:

1)Check whether the trusted

_

enable trusted execution with the help of trustchk -p TE=ON command.

2)If trusted

_execution

corresponding trustchk modes are enabled. Fail to load if trust is not established.

trustchk feature is available for both global and WPAR/corrals.

Workload Partitions (WPARs) are virtualized operating system environments that are created within a

_execution

_

flag)) {

_

verify(filename, ….,….);

execution flag is set to 1 or not. trusted

_execution

_flag is set when we

_flag is set to 1, then verify the integrity of the file and its path if

1


Page 02 of 4

sin

gle AI

X

(onl

y

supported on AI

X

6.1

)

ima

g

e. While the

y

ma

y

be sel

f-contained in the sense that each

WPAR has its own private execution environment with its own filesystems and network addresses, they still run inside the global environment. The global environment -- the actual LPAR -- owns all the physical resources of the logical partition. It is important to also note that the global environment can see all the processes running inside the specific WPARs.

In a single LPAR there can be 'n' number of wpars (wpar1,wpar2,…..wparn).

If we have two wpars in a single LPAR, then we can enable trustchk for global LPAR, wpar1and wpar2, where each one will be having their own trusted

_execution

_policies.

Current problem:

When the system boots up, usually the trusted execution will be set to OFF, as shown...