Next: Introduction
Up: Linux Security Module Framework
Previous: Linux Security Module Framework
Computer security is a chronic and growing problem, even for Linux,
as evidenced by the seemingly endless stream of software security
vulnerabilities. Security research has produced numerous
access control mechanisms that help improve system security; however,
there is little consensus on the best solution. Many powerful security
systems have been implemented as research prototypes or highly specialized
products, leaving systems operators with a difficult challenge: how to
utilize these advanced features, without having to throw away their
existing systems?
The Linux Security Modules (LSM) project addresses this problem
by providing the Linux kernel with a general purpose framework for
access control. LSM enables loading enhanced
security policies as kernel modules. By providing Linux with
a standard API for policy enforcement modules, the LSM project hopes to
enable widespread deployment of security hardened systems. This paper
presents the design and implementation of the LSM framework, a discussion
of performance and security impact on the kernel, and a brief overview of
existing security modules.
James Morris
2002-07-09