There are a wide variety of projects aimed at improving the security of Linux kernels using interposition and/or MAC. Examples include Generic Software Wrappers [10], the recent Linux port of Janus [12], Kernel Hypervisors [20], LIDS [28], Malcolm Beattie's MAC [4], Medusa DS9 [29], Pitbull LX [2], RSBAC [22], SAIC DTE [24], Security-Enhanced Linux [17], Immunix/Subdomain [7], VXE [14], and William&Mary DTE [13].
Different projects emphasize different goals. Table 3 compares these projects according to several criteria. The first two criteria deal with implementation: Those projects that modify the kernel source receive a mark in the patch column, those that use an LKM receive a mark in the module column. The last three criteria deal with features: Projects that seek to provide general support for kernel security extension through system call interposition receive a mark in the general wrappers column. Those that provide MAC functionality are marked in the access control column. Finally, those that provide or are bundled with other useful security functionality, such as intrusion detection, are marked in the intrusion detection column. The projects that have the most relevance to LOMAC's goal of encouraging adoption by decreasing the overall cost of use are the four that avoid modifying kernel source.
Of these projects, Generic Software Wrappers and Kernel Hypervisors seek to provide general support for kernel extensions. Conceivably, LOMAC could be implemented in the frameworks they provide. The remaining two, Pitbull LX and Janus, attempt only to implement a single form of MAC, as LOMAC does. Pitbull LX and Janus provide protection by confining potentially dangerous applications according to the principle of Least Privilege [25]. They lessen their impact on UNIX compatibility by confining only certain applications, rather than applying their controls to every process on the system.
Each of these four LKM-based approaches has the potential to provide a very small overall cost of use, particularly if they were distributed in a form that lessened administrative overhead and did not overly disrupt typical usage patterns,
In the wake of the 2001 Linux Kernel Summit, several organizations have begun efforts to improve the Linux kernel's support for security enhancements like LOMAC. The TrustedBSD project [27] is also developing similar improvements for the FreeBSD kernel. The aspect of these efforts that is most relevant to LOMAC is their plan to provide a new means of gaining supervisory control over kernel operations. The Linux efforts are concentrating on placing ``hooks'' at strategic points inside the kernel. These hooks will transfer control to security modules like LOMAC, allowing them to make access control decisions. It is reasonable to expect a future version of LOMAC based on these hooks to perform better than the present one; placing the hooks inside the kernel has the potential to eliminate the need for much of the operation-prediction and buffer-copying overhead imposed by interposition at the system call interface.
Fortunately, LOMAC's architecture has strong separation between the interposition-based interface and the rest of the LOMAC LKM. When such hooks become standard kernel features, this separation will allow LOMAC to discard its present interposition-based interface and make use of them.