tech-embed archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: LKM



Pål Halvorsen wrote:

> Hi!
>
> Is there any mechanisms that verify that the code in "loadable kernel
> modules" is safe and does not perform operations compromising system
> integrity?

Yes, but none of these are available in NetBSD (or any other wide spread
OS, AFAIK).  One such technique is called proof carrying code.  Each piece
of code loaded into the kernel is accompanied by a (formal) proof that it
does no damage.  Before loading the code the proof+code is run through
a proof checker.

    -- Lennart





Home | Main Index | Thread Index | Old Index