There are two main problems in implementing kernel-resident MAC: gaining supervisory control over kernel operations, and mapping security attributes to files. There are a range of potential solutions to these problems, each embodying a different tradeoff between features such as generality and efficiency, and costs such as incompatibility with existing software and the need for configuration. LOMAC has chosen low cost solutions in both cases. LOMAC uses interposition at the kernel's system call interface [10,11,20] to gain supervisory control. LOMAC uses implicit attribute mapping [3] to map security attributes to files. These choices may not be as supportive of generality and efficiency as alternate approaches involving direct modifications of the kernel source. However, they allow LOMAC to operate on standard Linux kernels already deployed in the field - an essential part of LOMAC's approach to encouraging adoption.
Figure 2 shows the architecture of the LOMAC LKM. The diagram shows a horizontal split between upper and lower halves. The upper half implements high-level LOMAC functionality in a kernel-independent manner, and consists of approximately 1000 lines of C code (counting only those lines containing semicolons or braces). The lower half implements a kernel-specific interface to the Linux 2.2 series of kernels, and consists of approximately 1500 lines of C code. An alternate Linux 2.0 interface was supported in the past; alternate Linux 2.4 and FreeBSD interfaces are expected in the future.