Security 2002 Paper   
[Security '02 Tech Program Index]
Pp. 17-31 of the Proceedings | |
Next: Introduction
Linux Security Modules:
General Security Support for the Linux Kernel
Chris Wright and Crispin Cowan
WireX Communications, Inc.
chris@wirex.com, crispin@wirex.com
James Morris
Intercode Pty Ltd
jmorris@intercode.com.au
Stephen Smalley
NAI Labs, Network Associates, Inc.
sds@tislabs.com
Greg Kroah-Hartman
IBM Linux Technology Center
gregkh@us.ibm.com
Abstract:
The access control mechanisms of existing mainstream operating systems
are inadequate to provide strong system security. Enhanced access
control mechanisms have failed to win acceptance into mainstream
operating systems due in part to a lack of consensus within the
security community on the right solution. Since general-purpose
operating systems must satisfy a wide range of user requirements, any
access control mechanism integrated into such a system must be capable
of supporting many different access control models. The Linux
Security Modules (LSM) project has developed a lightweight,
general purpose, access control framework for the mainstream Linux
kernel that enables many different access control models to be
implemented as loadable kernel modules. A number of existing enhanced
access control implementations, including Linux capabilities,
Security-Enhanced Linux (SELinux), and Domain and Type Enforcement
(DTE), have already been adapted to use the LSM framework. This
paper presents the design and implementation of LSM and discusses the
challenges in providing a truly general solution that minimally impacts
the Linux kernel.
Next: Introduction
Chris Wright
2002-05-13
|