2009-04-08

[转贴]完整性度量框架(The Integrity Measurement Architecture)

One of the many new features in the 2.6.11 kernel was a driver for "trusted platform module" (TPM) chips. This driver made the low-level capabilities of TPM chips available, but gave no indication of what sort of applications were envisioned for those capabilities. Reiner Sailer of IBM has now taken the next step with a set of patches implementing the "Integrity Measurement Architecture" (IMA) for Linux using TPM.
IMA is a remote attestation mechanism, designed to be able to convince a remote party that a system is running (nothing but) a set of known and approved executables. It is set up as a security module, and works by hooking into the mmap() operation. Whenever a file is mapped in an executable mode (which is what happens when a program is run or a sharable library is mapped), the IMA hook will first perform and save an SHA1 hash of the file. On request, the IMA module can produce a list of all programs run and their corresponding hash values. This list can be examined by a (possibly remote) program to ensure that no unknown or known-vulnerable applications have been run.

If a hostile application has managed to take over the system, however, it will be in a position to corrupt the list from the IMA module, rendering that list useless. This is where the TPM chip comes in. The TPM contains a set of "platform configuration registers" (PCRs) which are accessible to the the rest of the system only in very specific ways. The PCRs can be reset to zero only when the system hardware itself is reset. The host system can pass data to the TPM which is to be included in a given PCR; the TPM then computes a hash with the new information and stores the value in the PCR. A given set of values, if sent to a PCR in any order, will, at the end, yield the same final hash value. The TPM can provide that value on request; it can also be made to sign the hash value using a top-secret key hidden deeply within its tamper-proof packaging.

The IMA module works by sending each hash it computes to a PCR on the TPM chip. When it provides the list of executables and hash values, it can also obtain and hand over a signed hash from the TPM. A remote party can then recompute the hash, compare it to what the TPM produced, and verify that the provided list is accurate. It is still possible for an intruder to corrupt the list, but it will then fail to match the hash from the TPM. It thus should be possible to remotely detect a compromised system.

Of course, if an attacker can gain control of the kernel at boot time, before the IMA module has been initialized, the entire battle has been lost. The TPM designers have thought of this possibility, however; it is possible to set up hardware so that it will not boot a system in the first place unless the TPM approves of the code to be booted.

There are numerous possible applications of this sort of capability. In a highly secured network, systems could refuse to talk to each other until each proves that it is running only approved software. Financial web sites could, if given access to this information, refuse access from systems running browsers with known security problems. The less flexible sort of Linux support provider could refuse to work on systems which have run programs which are not on The List Of Supported Applications. Corporate IT departments could get verifiable lists of which programs have run on each system. DRM-enabled software could refuse to unlock its valuable intellectual property if the system looks suspicious. And so on.

In the short term, however, this code looks like it will need some work before it will be considered seriously for inclusion. James Morris has questioned the security module implementation, arguing that this functionality should be implemented directly in the kernel. Loading the IMA module also makes it impossible to use any other security module (such as SELinux), which may not enhance the overall security of the system. And Greg Kroah-Hartman was unimpressed with the quality of the code in general:

Wow, for such a small file, every single function was incorrect. And you abused sysfs in a new and interesting way that I didn't think was even possible. I think this is two new records you have set here, congratulations.

The IMA authors have now gone off to rework things. At some point, however, it seems likely that this sort of functionality will be available in Linux. Whether it will then be used to increase or restrict the freedom of Linux users remains to be seen.
来源:http://lwn.net/Articles/137306/

阅读全文...

2009-04-02

[转贴]怎样写好一篇学习体会

“领览一片,盯住一点,深掘一眼,引出一泉。”这是怎样写好一篇学习体会文章的感受。
我曾从事过几年的中学语文教学。教学中,指导学生写作文是不可少的,其中指导学生写学习体会,自然也是重要内容之一。往往教学完一篇文章后,有的就要求学生写写读后感;有时也结合时事政治,学习一篇政治理论方面的文章后,也要求学生写学习体会。后来,我又在行政单位从事办公室工作,时有中心任务,学习了重要文件,中央领导的重要讲话,要办宣传窗,也要按照上级要求写写学习心得体会。究竟教学过多少学生写过这样的东西,究竟自己写过多少这方面的文章,我也无法准确地统计出来。
写学习体会,自然是要通过学习后才写自己体会出的感受。在从事行政工作中,有时写的学习体会也不排除带有领导授意性的政治观点,但主要还是要有自己的思想认识。通过多年来的学习和写作生活积累,我认为写学习体会有几个方面要注意。这也仅仅是我个人的感受,不一定正确,也不一定合符所有人的观点。我之所以把它整理成文,想到网上发出来,其目的是看能不能给需要写学习体会的人提供一点具有小小价值的参考,为初学写学习体会的人给予一点小小的帮助。若能如此,就足够了。
要写好一篇学习体会,我认为有如下几个方面应该把握好:
一要领览一片。写学习体会,首先就要学习。要学习才有体会,而且必须把要学的东西学好。只有学好了,你才有要写体会的冲动。有时由于感受极深,才觉得不写一点感受不行。“领”就是首先要学习的主要对象,必须学习的中心内容。“领 ”就是要用重点引领其它。既然有领,后面就有跟的东西,所以还有“览一片”。当你蒙发了要写感受的冲动时,你就立即写的话,也不一定写得好。有时有冲动,有感受,但真动起笔来,却又无话可说了。这是什么原因?原因有两个:一是这种冲动还是原始的蒙胧的,思维还不清晰;二是没有做到“览一片”而束缚了思维和语言的范围。“览一片”,就是要围绕“领”学的内容,学习一系列相关的东西。诗词歌赋也好,杂文小说也好,上级文件也好,政治理论文章也好,要打算写学习体会,就必须先沉下去学懂学通中心内容,然后再把有关辅助性的书籍、材料也学一些,浏览一些。这样,你开始写东西时就有了源泉,不至于语言枯竭。
学是前提,思是关键。学了的东西不思考,是写不出有价值的东西来的。孔子说:“学而不思则罔,思而不学则殆。”这就说明学与思是紧密相连的,二者缺一不可。只有把学了的东西进行思维、梳理、串联,才能使自己有一个清醒的认识,才能产生感受,才能说出感受。
二要盯住一点。“盯”的意思是要求瞄准、抓住。“一点”就是指某一个观点,某一个方面。这就告诉我们:写学习体会的口径要小,一定要小!多中心即无中心,面面俱到就面面难到。一双手只能捉一条鱼,抓多了就抓不住,说不全。你学习一篇文章,你认为有许多方面的感受,那你就从感受最深的一点开始,先写出这一方面的感受,然后再另起炉灶,写第二个方面的感受,绝不要堆在一起,用一篇学习体会就硬要把所有的感受写完。如果只用一篇体会就要把你学习的所有感受写完,那你所写的东西很容易变为你所学的文章的注脚或诠释,别人也很难看出是你的体会。不要看到一地珠宝就眼花缭乱,一下子就要全部一手抓来。你只能是一件一件地拿,一件一件地装。只有这样你才能有条不紊地收入囊中。这就告诉我们一个很浅显的道理:写学习体会一定要口径小,择其一而为之。
三要深掘一眼。你的语言材料准备充足了,角度定好了,再就是要围绕你所选择的角度去串联相关的材料。要把你学习的那一重点材料作为中心,把你所浏览的那一系列材料作为辅佐。打个比方说,就好象做一串珍珠项链,项链的顶端是一颗最大的珍珠或宝石,围绕这颗大珍珠或宝石的是其它的小珍珠。你就是要把这颗大珍珠或宝石放到最显眼的位置,再用一根线把所有的小珍珠穿起来,串成一根链条,镶在这颗大珍珠或宝石的周边。“深掘一眼”就是要在一个“洞眼”里深挖。使你所表达的一个中心观点有充分的佐证材料,使你的观点不会孤立无助,使你所写的学习体会不会单调乏味。从而使你所写的东西内容丰富、充实。
四要引出一泉。“泉”是比喻,是把有价值的东西比喻为“甘泉”。这是立足点或者说出发点,也是关键点。你写一篇学习体会的目的是什么,落脚点是什么?有何价值?仅仅是为了完成领导交给你的任务吗?如果是这样,那有多大价值呢?你写的学习体会是要给别人看的,要让别人学习你的体会,赞同你的学识,判别你对所学的东西的深度,为别人提供语言的借鉴,观点的共鸣。让别人学习你的体会和感受价值,才是写学习体会的真正意义所在。所谓“引出一泉”是要在重点学习和博览群书的前提下,在拽住一个集中点,串联一串材料的过程中,抓住它的最有价值的东西。有价值的观点和材料,一旦被你巧妙地串联起来,组成一串美丽漂亮的珍珠项链,自然就会给人以美的享受。你所引出的“泉”越甘甜越好,也就是说,你所提炼的观点和运用的材料越有价值越好!
“领览一片”是前提;“盯住一点”是必需;“深掘一眼”是关键;“引出一泉”是看点。
这就是我认为要写好学习体会的四个关键要素。
来源:http://blog.readnovel.com/blog/htm/do_showone/tid_759432.html

阅读全文...

[转帖]怎样写好演讲稿

演讲稿,很难写好。其原因何在?就是人们对演讲的人的素质要求太高。它不仅仅是要求演讲人的气质,它还要求演讲内容的集中,语言的精炼,语气的味道。
要使听众集中精力,津津有味地听完你的演讲,不是矮子看戏的随声附和,而是发自内心的共鸣,那就要求演讲稿本身具有吸引力。我在写作演讲稿的实践中,有过成功与失败。有的能博得听众的一致认同与赞赏,有的虽然没有反感,但给人的感觉却“不怎么样”,有的甚至使人生厌。我很留心听众的反应,经常搜集一些反馈信息,进行对比分析,目的是想找出其原因,以利写作的进步。我分析觉得听众的感觉是一台无形的天平,能准确地称出演讲稿的分量。感觉好的,是因为具有演讲稿的必备要素,感觉不好的是因为演讲稿有其欠缺。怎么样的演讲稿才是最好的呢?根据我的体会,主要在如下几个方面要有较好的体现。
一是宜主题集中。演讲稿的主题必须集中,这是演讲的第一要求。你的主题多了,听众就很难把握你要表达的思想内容与思想感情。因此,一次演讲,只能表达一个主题。你如果想表达多个主题,不妨写出多篇演讲稿,作几次发言表达。这样的效果会好得多。不仅仅是演讲,其实在许多言语表达的场合,都宜一事一议,一话一说。这样会观点鲜明,主题明确,听众容易接受。演讲稿就是这样,集中说一事,听众的思想才不会散开,才会随着你的演讲表达的思想转移,才会被你的思想所牵动。所以说演讲稿主题的集中是第一位的。
二是宜短小精悍。演讲稿切忌长篇大作,最受欢迎的是短小精悍。长篇大作,泛泛而言,听起来淡而无味。短小精悍,字字珠玑,能给人耳目一新。一般演讲,虽然也要相视内容而定,但切忌拖得很长,只需用几分钟时间,就能迅速结束,其效果往往比长篇大作要好得多。所以我认为:短小精悍是演讲稿的必备要素。
三是宜风趣幽默。演讲稿有了集中的主题,又要求短小精悍,那么凭什么征服听众?这是一个关键的问题。我认为,语言的风趣幽默是至关重要的。人的气质固然重要,但相对语言来讲,就在其次了。语言的表述才是最重要的。语言的表达要征服听众,关键在于风趣幽默。有了风趣幽默的语言,才能给听众一种美的享受。如何风趣幽默?这里面有很大的学问。如果要写出高质量的演讲稿,就要有必备的文学素养。其中,有两个方面是必须注意的:一是组织语言的技巧。演讲稿的语言表达,语句不宜长,以短句为主最好。二是运用恰到好处的修辞方法。其实,这也是语言的一种技巧。演讲的语言要求简短有力,要用气势征服人,要用幽默征服人。适当地运用修辞,是很重要的。语言的排比句能增添气势;语言的比喻句能打动人心。贴切的比喻,能给人有很大的想象空间,容易使人产生联想,容易引人入胜。
当然,要使语言风趣幽默,还有很多表达方式,修辞也是多方面的。运用俗语、谚语,是一种方式,引用古今中外的典故,也是一种不错的方法。还有很多的表述形式,在这里也不能一话述全。
概而言之,要写好演讲稿,以上所说的三个方面是很重要的,也可以说是三个必备要素。当然,这也是我的一孔之见。对于任何一种事物,都是仁者见仁,智者见智的!
来源:http://blog.readnovel.com/blog/htm/do_showone/tid_759431.html

阅读全文...