The Sched app allows you to build your schedule but is not a substitute for your event registration. In addition, you must be registered for Linux Security Summit to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

This schedule is automatically displayed in Pacific Daylight Time (PDT), UTC-7. Please select from the drop-down menu to the right to see the schedule in your preferred timezone above "Filter by Date."
Back To Schedule
Wednesday, September 29 • 2:45pm - 3:30pm
(VIRTUAL) Device Mapper Target Measurements for Remote Attestation using IMA - Tushar Sugandhi, Microsoft Corp & Alasdair G Kergon, Red Hat

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
For a given system, various external services/infrastructure tools interact with it (during setup and system run-time.) They share sensitive data/execute critical workload on that system. The external services may want to verify the current run-time state of the kernel subsystems before fully trusting the system with business-critical data/workload. Device mapper is one such subsystem that plays a critical role on a given system by providing various important functionalities to the block devices e.g. crypt, verity, integrity etc. The attributes chosen to configure these target types can significantly impact the security profile of the block device, and of the system itself. So, verifying the current state of various block devices and their target attributes is crucial for external services before fully trusting the system with business-critical data/workload. IMA provides the necessary functionality for device mapper to measure the state and configuration of various block devices. Our work includes using the IMA functionality to measure the device state and configuration changes and store those in IMA logs, so that it can be used by external services for managing the system.


Tushar Sugandhi

Senior Software Developer, Microsoft Corp
Tushar Sugandhi works as a Senior Software Development Engineer for Microsoft, and is located in Redmond WA. He has worked in areas Container Security, Hardware Based Isolation, System Integrity, Remote Attestation etc. Currently he is working in Linux Kernel Device Mapper space to... Read More →

Alasdair G Kergon

Member of the Kernel Storage Group at Red Hat., RedHat
Alasdair Kergon is a member of the kernel storage group at Red Hat. He is a maintainer of Device-Mapper framework provided by the Linux kernel for mapping physical block devices onto higher-level virtual block devices.

Wednesday September 29, 2021 2:45pm - 3:30pm PDT
Room 402 - Chiliwack