Re: [Linux-ima-user] How to read the xxxx_runtime_measurements

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Hello Reiner,

I am using trousers as well as trusted Java. I had problems to get the stand
alone Java TSS running so I use the wrapper to use Java with trousers. That
works quite OK. It seems to be very slow, but so far that's the only problem
I encountered.

On 7/30/07, Reiner Sailer <sa...@us...> wrote:
>
> Hi Saurabh,
>
> I assume Java has problems reading the sysfs pseudo-device file. I
> experienced similar problems when trying 'scp' (secure copy from remote).
>
> Till shows a simple workaround that work fine.

I think it was me who had the question and Saurabh who had the solution :)

Another solution could be using the TrouSerS open-source software stack
> (http://trousers.sourceforge.net/).  To my knowledge you can get both the
> TPM and the IMA measurements through TrouSerS.

I didn't know that. But maybe I will look into that. Even though I must say
I am running out of time at the moment :)

Another team in Europe
> developed a java wrapper for the TrouSerS c-library at
> http://trustedjava.sourceforge.net (I did not try it yet). This team also
> shows a full stand-alone java TSS stack on their web site but I do not
> know if this TSS supports IMA measurements.
>
> If you install a TSS stack, it helps you to get other services from the
> TPM as well, such as quotes.

I do my quote via trustedJava with trousers. It seems to work. The only
problem I have is, that I do not have any of the credentials, so I have to
cheat a bit at that point.

Reiner
> __________________________________________________________
> Reiner Sailer, Research Staff Member, Secure Systems Department
> IBM T J Watson Research Ctr, 19 Skyline Drive, Hawthorne NY 10532
> Phone: 914 784 6280  (t/l 863)  Fax: 914 784 6205, sa...@us...
> http://www.research.ibm.com/people/s/sailer
>
>
>
> "Saurabh Arora" <tan...@gm...>
> Sent by: lin...@li...
> 07/30/2007 08:17 AM
> Please respond to
> sau...@ie...
>
>
> To
> ti...@on...
> cc
> lin...@li...
> Subject
> Re: [Linux-ima-user] How to read the xxxx_runtime_measurements
>
>
>
>
>
>
> Hello Till
>
> On 7/30/07, Till Bentz <ti...@on...> wrote:
> > Hello,
> >
> > I was wondering if someone could help me with figuring out how to read
> the
> > xxxx_runtime measurements from inside a Java program. I implemented a
> Java
> > tool, that does the TPM quote. Now I want to read the measurements done
> by
> > IMA but I somehow can't read the file. I think a problem might be that
> the
> > file has a size of 0 and therefore is not readable with Java (?)
>
> to do the same, I used linux command line inside my java program, like
> this :
> ------------
> String[] cmdArray = {"cp",
> "/sys/kernel/security/ima/ascii_runtime_measurements",
> "/root/iml.txt"};
> Runtime.getRuntime().exec(cmdArray);
> ------------
>
> and then use the iml txt file as you wish to.
>
> HTH
>
> best
> Saurabh
>
> -------------------------------------------------------------------------
> This SF.net email is sponsored by: Splunk Inc.
> Still grepping through log files to find problems?  Stop.
> Now Search log events and configuration files using AJAX and a browser.
> Download your FREE copy of Splunk now >>  http://get.splunk.com/
> _______________________________________________
> Linux-ima-user mailing list
> Lin...@li...
> https://lists.sourceforge.net/lists/listinfo/linux-ima-user
>
>
>

-- 
MfG
  Till

**********************************************
      Der Benutzer ist eine nicht zu
  tolerierende Quelle der Unsicherheit
**********************************************