Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Sven Vermeulen <sven.vermeulen@××××××.be>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/hardened-docs:master commit in: html/integrity/
Date: Mon, 30 Jul 2012 19:24:27
Message-Id: 1343676211.7dd55a565f006fb64d8040395ea4ba408e13c9a3.SwifT@gentoo
1 commit: 7dd55a565f006fb64d8040395ea4ba408e13c9a3
2 Author: Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
3 AuthorDate: Mon Jul 30 19:23:31 2012 +0000
4 Commit: Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
5 CommitDate: Mon Jul 30 19:23:31 2012 +0000
6 URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-docs.git;a=commit;h=7dd55a56
7
8 Add in previous on integrity concepts
9
10 ---
11 html/integrity/concepts.html | 463 ++++++++++++++++++++++++++++++++++++++++++
12 1 files changed, 463 insertions(+), 0 deletions(-)
13
14 diff --git a/html/integrity/concepts.html b/html/integrity/concepts.html
15 new file mode 100644
16 index 0000000..22b50d9
17 --- /dev/null
18 +++ b/html/integrity/concepts.html
19 @@ -0,0 +1,463 @@
20 +<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
21 +<html lang="en">
22 +<head>
23 +<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
24 +<link title="new" rel="stylesheet" href="http://www.gentoo.org/css/main.css" type="text/css">
25 +<link REL="shortcut icon" HREF="http://www.gentoo.org/favicon.ico" TYPE="image/x-icon">
26 +<link rel="search" type="application/opensearchdescription+xml" href="http://www.gentoo.org/search/www-gentoo-org.xml" title="Gentoo Website">
27 +<link rel="search" type="application/opensearchdescription+xml" href="http://www.gentoo.org/search/forums-gentoo-org.xml" title="Gentoo Forums">
28 +<link rel="search" type="application/opensearchdescription+xml" href="http://www.gentoo.org/search/bugs-gentoo-org.xml" title="Gentoo Bugzilla">
29 +<link rel="search" type="application/opensearchdescription+xml" href="http://www.gentoo.org/search/packages-gentoo-org.xml" title="Gentoo Packages">
30 +<link rel="search" type="application/opensearchdescription+xml" href="http://www.gentoo.org/search/archives-gentoo-org.xml" title="Gentoo List Archives">
31 +<title>Gentoo Linux Documentation
32 +--
33 + Integrity - Introduction and Concepts</title>
34 +</head>
35 +<body style="margin:0px;" bgcolor="#ffffff"><table width="100%" border="0" cellspacing="0" cellpadding="0">
36 +<tr><td valign="top" height="125" bgcolor="#45347b"><a href="http://www.gentoo.org/"><img border="0" src="http://www.gentoo.org/images/gtop-www.jpg" alt="Gentoo Logo"></a></td></tr>
37 +<tr><td valign="top" align="right" colspan="1" bgcolor="#ffffff"><table border="0" cellspacing="0" cellpadding="0" width="100%"><tr>
38 +<td width="99%" class="content" valign="top" align="left">
39 +<br><h1>Integrity - Introduction and Concepts</h1>
40 +<form name="contents" action="http://www.gentoo.org">
41 +<b>Content</b>:
42 + <select name="url" size="1" OnChange="location.href=form.url.options[form.url.selectedIndex].value" style="font-family:sans-serif,Arial,Helvetica"><option value="#doc_chap1">1. It is about trust</option>
43 +<option value="#doc_chap2">2. Hash results</option>
44 +<option value="#doc_chap3">3. Hash-based Message Authentication Codes</option>
45 +<option value="#doc_chap4">4. Using private/public key cryptography</option>
46 +<option value="#doc_chap5">5. Trust chain</option>
47 +<option value="#doc_chap6">6. An implementation: the Trusted Computing Group functionality</option></select>
48 +</form>
49 +<p class="chaphead"><a name="doc_chap1"></a><span class="chapnum">1.
50 + </span>It is about trust</p>
51 +<p class="secthead"><a name="doc_chap1_sect1">Introduction</a></p>
52 +<p>
53 +Integrity is about trusting components within your environment, and in our case
54 +the workstations, servers and machines you work on. You definitely want to be
55 +certain that the workstation you type your credentials on to log on to the
56 +infrastructure is not compromised in any way. This "trust" in your environment
57 +is a combination of various factors: physical security, system security patching
58 +process, secure configuration, access controls and more.
59 +</p>
60 +<p>
61 +Integrity plays a role in this security field: it tries to ensure that the
62 +systems have not been tampered with by malicious people or organizations. And
63 +this tamperproof-ness extends to a wide range of components that need to be
64 +validated. You probably want to be certain that the binaries that are ran (and
65 +libraries that are loaded) are those you built yourself (in case of Gentoo) or
66 +were provided to you by someone (or something) you trust. And that the Linux
67 +kernel you booted (and the modules that are loaded) are those you made, and not
68 +someone else.
69 +</p>
70 +<p>
71 +Most people trust themselves and look at integrity as if it needs to prove that
72 +things are still as you've built them. But to support this claim, the systems you
73 +use to ensure integrity need to be trusted too: you want to make sure that
74 +whatever system is in place to offer you the final yes/no on the integrity only
75 +uses trusted information (did it really validate the binary) and services (is it
76 +not running on a compromised system). To support these claims, many ideas,
77 +technologies, processes and algorithms have passed the review.
78 +</p>
79 +<p>
80 +In this document, we will talk about a few of those, and how they play in the
81 +Gentoo Hardened Integrity subprojects' vision and roadmap.
82 +</p>
83 +<p class="chaphead"><a name="doc_chap2"></a><span class="chapnum">2.
84 + </span>Hash results</p>
85 +<p class="secthead"><a name="doc_chap2_sect1">Algorithmically validating a file's content</a></p>
86 +<p>
87 +Hashes are a primary method for validating if a file (or other resource) has
88 +not been changed since it was first inspected. A hash is the result of a
89 +mathematical calculation on the content of a file (most often a number or
90 +ordered set of numbers), and exhibits the following properties:
91 +</p>
92 +<ul>
93 + <li>
94 + The resulting number is represented in a <span class="emphasis">small (often fixed-size) length</span>.
95 + This is necessary to allow fast verification if two hash values are the same
96 + or not, but also to allow storing the value in a secure location (which is,
97 + more than often, much more restricted in space).
98 + </li>
99 + <li>
100 + The hash function always <span class="emphasis">returns the same hash</span> (output) when the file it
101 + inspects has not been changed (input). Otherwise it'll be impossible to
102 + ensure that the file content hasn't changed.
103 + </li>
104 + <li>
105 + The hash function is fast to run (the calculation of a hash result does not
106 + take up too much time or even resources). Without this property, it would
107 + take too long to generate and even validate hash results, leading to users
108 + being malcontent (and more likely to disable the validation alltogether).
109 + </li>
110 + <li>
111 + The hash result <span class="emphasis">cannot be used to reconstruct</span> the file. Although this is
112 + often seen as a result of the first property (small length), it is important
113 + because hash results are often also seen as a "public validation" of data
114 + that is otherwise private in nature. In other words, many processes relie on
115 + the inability of users (or hackers) to reverse-engineer information based on
116 + its hash result. A good example are passwords and password databases, which
117 + <span class="emphasis">should</span> store hashes of the passwords, not the passwords themselves.
118 + </li>
119 + <li>
120 + Given a hash result, it is near impossible to find another file with the
121 + same hash result (or to create such a file yourself). Since the hash result
122 + is limited in space, there are many inputs that will map onto the same
123 + hash result. The power of a good hash function is that it is not feasible to
124 + find them (or calculate them) except by brute force. When such a match is
125 + found, it is called a <span class="emphasis">collision</span>.
126 + </li>
127 +</ul>
128 +<p>
129 +Compared with checksums, hashes try to be more cryptographically secure (and as
130 +such more effort is made in the last property to make sure collisions are very
131 +hard to obtain). Some even try to generate hash results in a way that the
132 +duration to calculate hashes cannot be used to obtain information from the data
133 +(such as if it contains more 0s than 1s, etc.)
134 +</p>
135 +<p class="secthead"><a name="doc_chap2_sect2">Hashes in integrity validation</a></p>
136 +<p>
137 +Integrity validation services are often based on hash generation and validation.
138 +Tools such as <a href="http://www.tripwire.org/">tripwire</a> or <a href="http://aide.sourceforge.net/">AIDE</a> generate hashes of files and
139 +directories on your systems and then ask you to store them safely. When you want
140 +the integrity of your systems checked, you provide this information to the
141 +program (most likely in a read-only manner since you don't want this list to
142 +be modified while validating) which then recalculates the hashes of the files
143 +and compares them with the given list. Any changes in files are detected and can
144 +be reported to you (or the administrator).
145 +</p>
146 +<p>
147 +A popular hash functions is SHA-1 (which you can generate and validate using the
148 +<span class="code" dir="ltr">sha1sum</span> command) which gained momentum after MD5 (using <span class="code" dir="ltr">md5sum</span>)
149 +was found to be less secure (nowadays collisions in MD5 are easy to generate).
150 +SHA-2 also exists (but is less popular than SHA-1) and can be played with using
151 +the commands <span class="code" dir="ltr">sha224sum</span>, <span class="code" dir="ltr">sha256sum</span>, <span class="code" dir="ltr">sha384sum</span> and
152 +<span class="code" dir="ltr">sha512sum</span>.
153 +</p>
154 +<a name="doc_chap2_pre1"></a><table class="ntable" width="100%" cellspacing="0" cellpadding="0" border="0">
155 +<tr><td bgcolor="#7a5ada"><p class="codetitle">Code Listing2.1: Generating the SHA-1 sum of a file</p></td></tr>
156 +<tr><td bgcolor="#eeeeff" align="left" dir="ltr"><pre>
157 +~$ <span class="code-input">sha1sum ~/Downloads/pastie-4301043.rb</span>
158 +6b9b4e0946044ec752992c2afffa7be103c2e748 /home/swift/Downloads/pastie-4301043.rb
159 +</pre></td></tr>
160 +</table>
161 +<p class="secthead"><a name="doc_chap2_sect3">Hashes are a means, not a solution</a></p>
162 +<p>
163 +Hashes, in the field of integrity validation, are a means to compare data and
164 +integrity in a relatively fast way. However, by itself hashes cannot be used to
165 +provide integrity assurance towards the administrator. Take the use of
166 +<span class="code" dir="ltr">sha1sum</span> by itself for instance.
167 +</p>
168 +<p>
169 +You are not guaranteed that the <span class="code" dir="ltr">sha1sum</span> application behaves correctly
170 +(and as such has or hasn't been tampered with). You can't use <span class="code" dir="ltr">sha1sum</span>
171 +against itself since malicious modifications of the command can easily just
172 +return (print out) the expected SHA-1 sum rather than the real one. A way to
173 +thwart this is to provide the binary together with the hash values on read-only
174 +media.
175 +</p>
176 +<p>
177 +But then you're still not certain that it is that application that is executed:
178 +a modified system might have you think it is executing that application, but
179 +instead is using a different application. To provide this level of trust, you
180 +need to get insurance from a higher-positioned, trusted service that the right
181 +application is being ran. Running with a trusted kernel helps here (but might
182 +not provide 100% closure on it) but you most likely need assistance from the
183 +hardware (we will talk about the Trusted Platform Module later).
184 +</p>
185 +<p>
186 +Likewise, you are not guaranteed that it is still your file with hash results
187 +that is being used to verify the integrity of a file. Another file (with
188 +modified content) may be bind-mounted on top of it. To support integrity
189 +validation with a trusted information source, some solutions use HMAC digests
190 +instead of plain hashes.
191 +</p>
192 +<p>
193 +Finally, checksums should not only be taken on file level, but also its
194 +attributes (which are often used to provide access controls or even toggle
195 +particular security measures on/off on a file, such as is the case with PaX
196 +markings), directories (holding information about directory updates such
197 +as file adds or removals) and privileges. These are things that a program like
198 +<span class="code" dir="ltr">sha1sum</span> doesn't offer (but tools like AIDE do).
199 +</p>
200 +<p class="chaphead"><a name="doc_chap3"></a><span class="chapnum">3.
201 + </span>Hash-based Message Authentication Codes</p>
202 +<p class="secthead"><a name="doc_chap3_sect1">Trusting the hash result</a></p>
203 +<p>
204 +In order to trust a hash result, some solutions use HMAC digests instead. An
205 +HMAC digest combines a regular hash function (and its properties) with a
206 +a secret cryptographic key. As such, the function generates the hash of the
207 +content of a file together with the secret cryptographic key. This not only
208 +provides integrity validation of the file, but also a signature telling the
209 +verification tool that the hash was made by a trusted application (one that
210 +knows the cryptographic key) in the past and has not been tampered with.
211 +</p>
212 +<p>
213 +By using HMAC digests, malicious users will find it more difficult to modify
214 +code and then present a "fake" hash results file since the user cannot reproduce
215 +the secret cryptographic key that needs to be added to generate this new hash
216 +result. When you see terms like <span class="emphasis">HMAC-SHA1</span> it means that a SHA-1 hash
217 +result is used together with a cryptographic key.
218 +</p>
219 +<p class="secthead"><a name="doc_chap3_sect2">Managing the keys</a></p>
220 +<p>
221 +Using keys to "protect" the hash results introduces another level of complexity:
222 +how do you properly, securely store the keys and access them only when needed?
223 +You cannot just embed the key in the hash list (since a tampered system might
224 +read it out when you are verifying the system, generate its own results file and
225 +have you check against that instead). Likewise you can't just embed the key in
226 +the application itself, because a tampered system might just read out the
227 +application binary to find the key (and once compromised, you might need to
228 +rebuild the application completely with a new key).
229 +</p>
230 +<p>
231 +You might be tempted to just provide the key as a command-line argument, but
232 +then again you are not certain that a malicious user is idling on your system,
233 +waiting to capture this valuable information from the output of <span class="code" dir="ltr">ps</span>, etc.
234 +</p>
235 +<p>
236 +Again rises the need to trust a higher-level component. When you trust the
237 +kernel, you might be able to use the kernel key ring for this.
238 +</p>
239 +<p class="chaphead"><a name="doc_chap4"></a><span class="chapnum">4.
240 + </span>Using private/public key cryptography</p>
241 +<p class="secthead"><a name="doc_chap4_sect1">Validating integrity using public keys</a></p>
242 +<p>
243 +One way to work around the vulnerability of having the malicious user getting
244 +hold of the secret key is to not rely on the key for the authentication of the
245 +hash result in the first place when verifying the integrity of the system. This
246 +can be accomplised if you, instead of using just an HMAC, you also encrypt HMAC
247 +digest with a private key.
248 +</p>
249 +<p>
250 +During validation of the hashes, you decrypt the HMAC with the public key (not
251 +the private key) and use this to generate the HMAC digests again to validate.
252 +</p>
253 +<p>
254 +In this approach, an attacker cannot forge a fake HMAC since forgery requires
255 +access to the private key, and the private key is never used on the system to
256 +validate signatures. And as long as no collisions occur, he also cannot reuse
257 +the encrypted HMAC values (which you could consider to be a replay attack).
258 +</p>
259 +<p class="secthead"><a name="doc_chap4_sect2">Ensuring the key integrity</a></p>
260 +<p>
261 +Of course, this still requires that the public key is not modifyable by a
262 +tampered system: a fake list of hash results can be made using a different
263 +private key, and the moment the tool wants to decrypt the encrypted values, the
264 +tampered system replaces the public key with its own public key, and the system
265 +is again vulnerable.
266 +</p>
267 +<p class="chaphead"><a name="doc_chap5"></a><span class="chapnum">5.
268 + </span>Trust chain</p>
269 +<p class="secthead"><a name="doc_chap5_sect1">Handing over trust</a></p>
270 +<p>
271 +As you've noticed from the methods and services above, you always need to have
272 +something you trust and that you can build on. If you trust nothing, you can't
273 +validate anything since nothing can be trusted to return a valid response. And
274 +to trust something means you also want to have confidence that that system
275 +itself uses trusted resources.
276 +</p>
277 +<p>
278 +For many users, the hardware level is something they trust. After all, as long
279 +as no burglar has come in the house and tampered with the hardware itself, it is
280 +reasonable to expect that the hardware is still the same. In effect, the users
281 +trust that the physical protection of their house is sufficient for them.
282 +</p>
283 +<p>
284 +For companies, the physical protection of the working environment is not
285 +sufficient for ultimate trust. They want to make sure that the hardware is not
286 +tampered with (or different hardware is suddenly used), specifically when that
287 +company uses laptops instead of (less portable) workstations.
288 +</p>
289 +<p>
290 +The more you don't trust, the more things you need to take care of in order to
291 +be confident that the system is not tampered with. In the Gentoo Hardened
292 +Integrity subproject we will use the following "order" of resources:
293 +</p>
294 +<ul>
295 + <li>
296 + <span class="emphasis">System root-owned files and root-running processes</span>. In most cases
297 + and most households, properly configured and protected systems will trust
298 + root-owned files and processes. Any request for integrity validation of
299 + the system is usually applied against user-provided files (no-one tampered
300 + with the user account or specific user files) and not against the system
301 + itself.
302 + </li>
303 + <li>
304 + <span class="emphasis">Operating system kernel</span> (in our case the Linux kernel). Although some
305 + precautions need to be taken, a properly configured and protected kernel can
306 + provide a higher trust level. Integrity validation on kernel level can offer
307 + a higher trust in the systems' integrity, although you must be aware that
308 + most kernels still reside on the system itself.
309 + </li>
310 + <li>
311 + <span class="emphasis">Live environments</span>. A bootable (preferably) read-only medium can be
312 + used to boot up a validation environment that scans and verifies the
313 + integrity of the system-under-investigation. In this case, even tampered
314 + kernel boot images can be detected, and by taking proper precautions when
315 + running the validation (such as ensuring no network access is enabled from
316 + the boot up until the final compliance check has occurred) you can make
317 + yourself confident of the state of the entire system.
318 + </li>
319 + <li>
320 + <span class="emphasis">Hypervisor level</span>. Hypervisors are by many organizations seen as
321 + trusted resources (the isolation of a virtual environment is hard to break
322 + out of). Integrity validation on the hypervisor level can therefor provide
323 + confidence, especially when "chaining trusts": the hypervisor first
324 + validates the kernel to boot, and then boots this (now trusted) kernel which
325 + loads up the rest of the system.
326 + </li>
327 + <li>
328 + <span class="emphasis">Hardware level</span>. Whereas hypervisors are still "just software", you
329 + can lift up trust up to the hardware level and use the hardware-offered
330 + integrity features to provide you with confidence that the system you are
331 + about to boot has not been tampered with.
332 + </li>
333 +</ul>
334 +<p>
335 +In the Gentoo Hardened Integrity subproject, we aim to eventually support all
336 +these levels (and perhaps more) to provide you as a user the tools and methods
337 +you need to validate the integrity of your system, up to the point that you
338 +trust. The less you trust, the more complex a trust chain might become to
339 +validate (and manage), but we will not limit our research and support to a
340 +single technology (or chain of technologies).
341 +</p>
342 +<p>
343 +Chaining trust is an important aspect to keep things from becoming too complex
344 +and unmanageable. It also allows users to just "drop in" at the level of trust
345 +they feel is sufficient, rather than requiring technologies for higher levels.
346 +</p>
347 +<p>
348 +For instance:
349 +</p>
350 +<ul>
351 + <li>
352 + A hardware component that you trust (like a <span class="emphasis">Trusted Platform Module</span>
353 + or a specific BIOS-supported functionality) verifies the integrity of the
354 + boot regions on your disk. When ok, it passes control over to the
355 + bootloader.
356 + </li>
357 + <li>
358 + The bootloader now validates the integrity of its configuration and of the
359 + files (kernel and initramfs) it is told to boot up. If it checks out, it
360 + boots the kernel and hands over control to this kernel.
361 + </li>
362 + <li>
363 + The kernel, together with the initial ram file system, verifies the
364 + integrity of the system components (and for instance SELinux policy) before
365 + the initial ram system changes to the real system and boots up the
366 + (verified) init system.
367 + </li>
368 + <li>
369 + The (root-running) init system validates the integrity of the services it
370 + wants to start before handing over control of the system to the user.
371 + </li>
372 +</ul>
373 +<p>
374 +An even longer chain can be seen with hypervisors:
375 +</p>
376 +<ul>
377 + <li>
378 + Hardware validates boot loader
379 + </li>
380 + <li>
381 + Boot loader validates hypervisor kernel and system
382 + </li>
383 + <li>
384 + Hypervisor validates kernel(s) of the images (or the entire images)
385 + </li>
386 + <li>
387 + Hypervisor-managed virtual environment starts the image
388 + </li>
389 + <li>
390 + ...
391 + </li>
392 +</ul>
393 +<p class="secthead"><a name="doc_chap5_sect2">Integrity on serviced platforms</a></p>
394 +<p>
395 +Sometimes you cannot trust higher positioned components, but still want to be
396 +assured that your service is not tampered with. An example would be when you are
397 +hosting a system in a remote, non-accessible data center or when you manage an
398 +image hosted by a virtualized hosting provider (I don't want to say "cloud"
399 +here, but it fits).
400 +</p>
401 +<p>
402 +In these cases, you want a level of assurance that your own image has not been
403 +tampered with while being offline (you can imagine manipulating the guest image,
404 +injecting trojans or other backdoors, and then booting the image) or even while
405 +running the system. Instead of trusting the higher components, you try to deal
406 +with a level of distrust that you want to manage.
407 +</p>
408 +<p>
409 +Providing you with some confidence at this level too is our goal within the
410 +Gentoo Hardened Integrity subproject.
411 +</p>
412 +<p class="secthead"><a name="doc_chap5_sect3">From measurement to protection</a></p>
413 +<p>
414 +When dealing with integrity (and trust chains), the idea behind the top-down
415 +trust chain is that higher level components first measure the integrity of the
416 +next component, validate (and take appropriate action) and then hand over
417 +control to this component. This is what we call <span class="emphasis">protection</span> or
418 +<span class="emphasis">integrity enforcement</span> of resources.
419 +</p>
420 +<p>
421 +If the system cannot validate the integrity, or the system is too volatile to
422 +enforce this integrity from a higher level, it is necessary to provide a trusted
423 +method for other services to validate the integrity. In this case, the system
424 +<span class="emphasis">attests</span> the state of the underlying component(s) towards a third party
425 +service, which <span class="emphasis">appraises</span> this state against a known "good" value.
426 +</p>
427 +<p>
428 +In the case of our HMAC-based checks, there is no enforcement of integrity of
429 +the files, but the tool itself attests the state of the resources by generating
430 +new HMAC digests and validating (appraising) it against the list of HMAC digests
431 +it took before.
432 +</p>
433 +<p class="chaphead"><a name="doc_chap6"></a><span class="chapnum">6.
434 + </span>An implementation: the Trusted Computing Group functionality</p>
435 +<p class="secthead"><a name="doc_chap6_sect1">Trusted Platform Module</a></p>
436 +<br><p class="copyright">
437 + The contents of this document, unless otherwise expressly stated, are
438 + licensed under the <a href="http://creativecommons.org/licenses/by-sa/3.0">CC-BY-SA-3.0</a> license. The <a href="http://www.gentoo.org/main/en/name-logo.xml"> Gentoo Name and Logo Usage Guidelines </a> apply.
439 + </p>
440 +<!--
441 + <rdf:RDF xmlns="http://web.resource.org/cc/"
442 + xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">
443 +
444 + <License rdf:about="http://creativecommons.org/licenses/by-sa/3.0/">
445 +
446 + <permits rdf:resource="http://web.resource.org/cc/Reproduction" />
447 + <permits rdf:resource="http://web.resource.org/cc/Distribution" />
448 + <requires rdf:resource="http://web.resource.org/cc/Notice" />
449 + <requires rdf:resource="http://web.resource.org/cc/Attribution" />
450 + <permits rdf:resource="http://web.resource.org/cc/DerivativeWorks" />
451 + <requires rdf:resource="http://web.resource.org/cc/ShareAlike" />
452 + </License>
453 + </rdf:RDF>
454 +--><br>
455 +</td>
456 +<td width="1%" bgcolor="#dddaec" valign="top"><table border="0" cellspacing="4px" cellpadding="4px">
457 +<tr><td class="topsep" align="center"><p class="altmenu"><a title="View a printer-friendly version" class="altlink" href="swift?style=printable">Print</a></p></td></tr>
458 +<tr><td class="topsep" align="center"><p class="alttext">Page updated July 30, 2012</p></td></tr>
459 +<tr><td class="topsep" align="left"><p class="alttext"><b>Summary: </b>
460 +Integrity validation is a wide field in which many technologies play a role.
461 +This guide aims to offer a high-level view on what integrity validation is all
462 +about and how the various technologies work together to achieve a (hopefully)
463 +more secure environment to work in.
464 +</p></td></tr>
465 +<tr><td align="left" class="topsep"><p class="alttext">
466 + <a href="mailto:swift@g.o" class="altlink"><b>Sven Vermeulen</b></a>
467 +<br><i>Author</i><br></p></td></tr>
468 +<tr lang="en"><td align="center" class="topsep">
469 +<p class="alttext"><b>Donate</b> to support our development efforts.
470 + </p>
471 +<form action="https://www.paypal.com/cgi-bin/webscr" method="post">
472 +<input type="hidden" name="cmd" value="_xclick"><input type="hidden" name="business" value="paypal@g.o"><input type="hidden" name="item_name" value="Gentoo Linux Support"><input type="hidden" name="item_number" value="1000"><input type="hidden" name="image_url" value="http://www.gentoo.org/images/paypal.png"><input type="hidden" name="no_shipping" value="1"><input type="hidden" name="return" value="http://www.gentoo.org"><input type="hidden" name="cancel_return" value="http://www.gentoo.org"><input type="image" src="http://images.paypal.com/images/x-click-but21.gif" name="submit" alt="Donate to Gentoo">
473 +</form>
474 +</td></tr>
475 +<tr lang="en"><td align="center"><iframe src="http://sidebar.gentoo.org" scrolling="no" width="125" height="850" frameborder="0" style="border:0px padding:0x" marginwidth="0" marginheight="0"><p>Your browser does not support iframes.</p></iframe></td></tr>
476 +</table></td>
477 +</tr></table></td></tr>
478 +<tr><td colspan="2" align="right" class="infohead">
479 +Copyright 2001-2012 Gentoo Foundation, Inc. Questions, Comments? <a class="highlight" href="http://www.gentoo.org/main/en/contact.xml">Contact us</a>.
480 +</td></tr>
481 +</table></body>
482 +</html>
Report Message
Find on MARC Find on Google Groups