next up previous
Next: Design and Implementation Up: Linux Security Module Framework Previous: Abstract


Introduction

Security is a chronic and growing problem: as more systems (and more money) go on line, the motivation to attack rises. Linux is not immune to this threat: the ``many eyes make shallow bugs" argument [25] not withstanding, Linux systems do experience a large number of software vulnerabilities.

An important way to mitigate software vulnerabilities is through effective use of access controls. Discretionary access controls ( root, user-IDs and mode bits) are adequate for user management of their own privacy, but are not sufficient to protect systems from attack. Extensive research in non-discretionary access control models has been done for over thirty years [2,26,18,10,16,5,20] but there has been no real consensus on which is the one true access control model. Because of this lack of consensus, there are many patches to the Linux kernel that provide enhanced access controls [7,11,12,14,17,19,24,20,32] but none of them are a standard part of the Linux kernel.

The Linux Security Modules (LSM) [30,27,31] project seeks to solve this Tower of Babel [1] quandary by providing a general-purpose framework for security policy modules. This allows many different access control models to be implemented as loadable kernel modules, enabling multiple threads of security policy engine development to proceed independently of the main Linux kernel. A number of existing enhanced access control implementations, including POSIX.1e capabilities [29], SELinux, Domain and Type Enforcement (DTE) [14] and Linux Intrusion Detection System (LIDS) [17] have already been adapted to use the LSM framework.

The remainder of this paper is organized as follows. Section 2 presents the LSM design and implementation. Section 3 gives a detailed look at the LSM interface. Section 4 describes the impact LSM has on performance and security, including a look at some projects that have been ported to LSM so far. Section 5 presents our conclusions.


next up previous
Next: Design and Implementation Up: Linux Security Module Framework Previous: Abstract
James Morris
2002-07-09