Microsoft ya gabatar da wani tsari don kwayar Linux don tabbatar da ingancin tsarin

An bayyana masu haɓaka Microsoft kwanan nan bayani game da gabatarwar hanyar IPE (Policyaddamar da Manufofin Siyasa), aiwatar da shi azaman tsarin LSM (Linux Security Module) don kwafin Linux.

A koyaushe zai yana ba ku damar ayyana cikakkiyar manufar cikakken tsarin ga dukkan tsarin, yana nuna ayyukan da suke aiki da kuma yadda za a tabbatar da ingancin abubuwan haɗin. Tare da IPE, zaka iya tantance waɗanne fayilolin zartarwa zasu iya gudana kuma tabbatar waɗannan fayilolin suna kama da sigar da aka samo asali ta hanyar tushen amintacce. An buɗe lambar a ƙarƙashin lasisin MIT.

Kwayar ta Linux tana goyan bayan LSMs da yawa, ciki har da SELinux (Linux tare da ingantaccen tsaro) da AppArmor daga cikin sanannun sanannun. Microsoft na ba da gudummawa kan Linux a matsayin tushen fasaha don shirye-shirye daban-daban kuma wannan sabon aikin ya sanya masa suna IPE (Aiwatar da Dokar Mutunci).

An tsara wannan don ƙarfafa amincin lambar don kernel na Linux, don tabbatar da cewa "duk lambar da ke gudana (ko fayilolin da ake karantawa) sun yi daidai da sigar da aka samo daga amintaccen tushe," in ji Microsoft a kan GitHub.

IPE na nufin ƙirƙirar cikakken tsarin tabbatarwa wanda aka tabbatar da amincin sa daga bootloader da kernel zuwa fayilolin aiwatarwa na ƙarshe, daidaitawa da kuma zazzagewa.

A yayin sauya fayil ko sauyawa, da IPE na iya toshe aikin ko yin rikodin gaskiyar ƙeta mutunci. Ana iya amfani da tsarin da aka gabatar a cikin firmware don na'urorin da aka saka inda ake tattara duk software da saituna kuma mai bayarwa musamman ga mai shi, misali, a cikin cibiyoyin bayanai na Microsoft, ana amfani da IPE a cikin kayan aikin bangon wuta.

Ko da yake kwaya ta Linux tuni yana da wasu kayayyaki don tabbatarwa mutunci kamar IMA.

IPE takamaiman bayar da tabbaci na lambar binary. Microsoft ya ce IPE ya bambanta da sauran LSMs ta hanyoyi da yawa waɗanda suke ba da tabbacin mutunci.

IPE kuma yana tallafawa sahihan binciken. Lokacin da aka kunna, duk abubuwan da suka faru
wanda ya wuce ka'idar IPE kuma ba'a toshe shi ba zai fitar da taron dubawa.

Wannan sabon tsarin wanda Microsoft ya gabatar, ba daidai yake da sauran tsarin tabbatar da mutunci ba, kamar IMA. Abu mai ban sha'awa game da IPE shine ya bambanta ta fuskoki da dama kuma yana cin gashin kansa daga metadata a cikin tsarin fayil, banda wannan duk kaddarorin da ke tantance ingancin ayyukan ana adana su kai tsaye a cikin kwaya.

Misali, IPE baya dogara da metadata na tsarin fayil kuma halayen da IPE ke tabbatar dasu. Hakanan, IPE baya aiwatar da kowane irin tsari don tabbatar da fayilolin sa hannun IMA. Wannan saboda kwayar Linux ɗin tana da kayan aiki don ita, kamar dm-verity.

Ina nufin hakan don tabbatar da amincin abun cikin fayil ta amfani da hashes na zane, ana amfani da hanyoyin dm-verity ko fs-verity wanda ya riga ya kasance a cikin kwaya.

Ta hanyar kwatankwacin SELinux, halaye guda biyu na aiki suna halatta kuma wajibi ne. A cikin yanayin farko, ana yin log log ne kawai yayin yin bincike, wanda, alal misali, ana iya amfani dashi don gwajin farko na yanayin.

"Ainihin, tsarin da ke amfani da IPE ba shi ne don amfanin komputa gaba daya ba kuma ba ya amfani da software ko wasu tsare-tsare na wani," in ji mai wallafa.

Bugu da ƙari, da LSM da Microsoft ke haɓakawa an tsara shi don takamaiman lamura, kamar yadda aka saka tsarin, inda tsaro shine fifiko kuma masu kula da tsarin suna cikin cikakken iko.

Masu tsarin suna iya ƙirƙirar manufofin kansu don bincika mutunci da amfani da sa hannun dm-verity don tabbatar da lambobin.

Don kammalawa, sabon aikin ya kawo sabon tsarin tsaro na Linux wanda sauran matakan ba zasu iya yi ba don kare tsarin daga aiwatar da mummunar lambar.

Finalmente Idan kanaso samun cikakken bayani game da wannan sabon tsarin waɗanda masu haɓaka Microsoft suka gabatar, za ku iya bincika bayanan A cikin mahaɗin mai zuwa. Kuna iya bincika lambar tushe ta wannan ƙirar a ciki mahada mai zuwa. 


4 comments, bar naka

Bar tsokaci

Your email address ba za a buga. Bukata filayen suna alama da *

*

*

  1. Wanda ke da alhakin bayanan: Miguel Ángel Gatón
  2. Manufar bayanan: Sarrafa SPAM, sarrafa sharhi.
  3. Halacci: Yarda da yarda
  4. Sadarwar bayanan: Ba za a sanar da wasu bayanan ga wasu kamfanoni ba sai ta hanyar wajibcin doka.
  5. Ajiye bayanai: Bayanin yanar gizo wanda Occentus Networks (EU) suka dauki nauyi
  6. Hakkoki: A kowane lokaci zaka iyakance, dawo da share bayanan ka.

  1.   Jose m

    Microsoft na tsorata ni ...

  2.   Robert m

    Microsoft yana son bincika amincin tsarin Linux? LOL. Lallai ya zama abin dariya

  3.   Rafa m

    Linux ba ya buƙatar mirdosoft.

  4.   Supercriticon m

    Duk aikinku yana da kyau sosai kuma ban raina shi ba, duniyar Linux ba ta rufe kofarta ga kowa kuma komai maraba ne idan kun hau layi daya. Peeeeeeeero Ina son yin rikici tare da na Linux na naamam, yi gwaje-gwaje, tattara ƙwayarina, sauƙaƙa su kuma nemi abubuwan ingantawa. Kuma na riga na sami ƙwai masu tsarki na uefi, cewa dole ne in sami daidaitattun abubuwa a cikin bios saboda wannan, kamar dai in sanya ƙarin shit cikin tsarin tare da bayyanannen tushe.
    Idan suna son Linux zasu kashe kuɗi na ainihi ba tare da tsammanin yin asara ba koyaushe, zasu samar da manyan shirye-shiryen masu amfani kuma zasu jiƙe a cikin ayyukan don tilasta masana'antar ta ci gaba, ganin jagora da buɗe tushen shugabanci ko rarraba albarkatu ga ayyukan kamar wayland ba wai kwarkwasa ba inda a koyaushe akwai kyawawan rubutu don kwafa fasalulluka na Linux da kuma rangwada cikin rahusa. Cewa ban yi imani da kaunar Linux wannan karya ba, na riga na gaji da yawan karya.