IBM 10 SP1 EAL4 Manuale Utente
5.4.3.4.1.8 Cryptographic subsystem
IPSec uses the cryptographic subsystem described in this section. The cryptographic subsystem performs
several cryptographic-related assignments, including Digital Signature Algorithm (DSA) signature
verification, in-kernel key management, arbitrary-precision integer arithmetic, and verification of kernel
modules signatures.
This subsystem was initially designed as a general-purpose mechanism, preserving the design ideas of
simplicity and flexibility, including security-relevant network and file system services such as encrypted files
and file systems, network file system security, strong file system integrity, and other kernel networking
services where cryptography was required.
The ability to enforce cryptographic signatures on loadable modules has a couple of security uses:
several cryptographic-related assignments, including Digital Signature Algorithm (DSA) signature
verification, in-kernel key management, arbitrary-precision integer arithmetic, and verification of kernel
modules signatures.
This subsystem was initially designed as a general-purpose mechanism, preserving the design ideas of
simplicity and flexibility, including security-relevant network and file system services such as encrypted files
and file systems, network file system security, strong file system integrity, and other kernel networking
services where cryptography was required.
The ability to enforce cryptographic signatures on loadable modules has a couple of security uses:
•
It prevents the kernel from loading corrupted modules
•
It makes it difficult for an attacker to install a rootkit on a system
The kernel can be configured for checking or not checking the signatures of modules, so these signatures are
only useful once the system is able to check it. For a signature to be checked and the new module accepted, it
is first necessary that the kernel decrypt the signature with a public key. This public key is contained within
the kernel, and the key must also to have the same checksum.
The in-kernel key management service allows cryptographic keys, authentication tokens, cross-domain user
mappings, and other related security information to be cached in the kernel for the file systems to use other
kernel services.
A special kind of key, called a keyring, which contains a list of keys and support links to others keys, is also
permitted. The keys represent cryptographic data, authentication tokens, keyrings, and similar information.
The in-kernel key management service possesses two special types of keys: the above-mentioned keyring, and
the user key. Userspace programs can directly create and manipulate keys and keyrings through a system call
interface, using three new system calls: add_key(), request_key(), and keyctl(). Services can
only useful once the system is able to check it. For a signature to be checked and the new module accepted, it
is first necessary that the kernel decrypt the signature with a public key. This public key is contained within
the kernel, and the key must also to have the same checksum.
The in-kernel key management service allows cryptographic keys, authentication tokens, cross-domain user
mappings, and other related security information to be cached in the kernel for the file systems to use other
kernel services.
A special kind of key, called a keyring, which contains a list of keys and support links to others keys, is also
permitted. The keys represent cryptographic data, authentication tokens, keyrings, and similar information.
The in-kernel key management service possesses two special types of keys: the above-mentioned keyring, and
the user key. Userspace programs can directly create and manipulate keys and keyrings through a system call
interface, using three new system calls: add_key(), request_key(), and keyctl(). Services can
register types and search for keys through a kernel interface. There also exists an optional file system in which
the key database can be manipulated and viewed.
For manipulating the key attributes and permissions it is necessary to be the key owner or to have
administrative privileges.
the key database can be manipulated and viewed.
For manipulating the key attributes and permissions it is necessary to be the key owner or to have
administrative privileges.
5.4.4 Internet Control Message Protocol (ICMP)
Internet Control Message Protocol (ICMP) is an extension to IP that provides a messaging service. The
purpose of these control messages is to provide feedback about problems in the communication environment.
ICMP messages are sent in following situations:
purpose of these control messages is to provide feedback about problems in the communication environment.
ICMP messages are sent in following situations:
•
When a datagram cannot reach its destination.
•
When the gateway does not have the buffering capacity to forward a datagram.
•
When the gateway can direct the host to send traffic on a shorter route.
For more information about the ICMP, refer to RFC 792.
5.4.4.1 Link layer protocols
The Address Resolution Protocol (ARP) is the link layer protocol that is supported on the SLES system.
78