|
5th Annual Linux Showcase & Conference — Abstract
Pp. 15-26 of the Proceedings
A Secure Linux Platform
Nigel Edwards, Joubert Berger, Tse Huong Choo, Hewlett-Packard
Abstract
This paper describes "HP Secure OS Software for
Linux" (HP-LX) Ð a version of Linux that
incorporates modifications into the kernel to improve
security. A common attack strategy is to exploit a
bug in a service causing it to execute code that
downloads additional executables, and overwrites
existing system executables and web pages. If the
attack is in the form of a "worm", it will then probe
the network looking for new targets.
This paper argues that incorporating additional
features into the underlying operating system best
resists such attacks. HP-LX has mechanisms that
contain a process within a known part of the system
and place severe limits on the damage that can be
caused by attacks. These mechanisms restrict
communication to constrain the ability to interfere
with and probe the network or other processes. They
protect the file system and can prevent even root
from overwriting files. In addition HP-LX has
extensive auditing mechanisms for detecting
compromised processes.
- View the full text of this paper in
HTML form and
PDF form.
- If you need the latest Adobe Acrobat Reader, you can download it from Adobe's site.
- To become a USENIX Member, please see our Membership Information.
|
Need help? Use our Contacts page.
