Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Linux Security Module: General Security Support for the Linux Kernel Presented by Chao-Sheng Lin 2005/11/1.

Published byKory Glenn Modified over 9 years ago

Similar presentations

Presentation on theme: "1 Linux Security Module: General Security Support for the Linux Kernel Presented by Chao-Sheng Lin 2005/11/1."— Presentation transcript:

1 1 Linux Security Module: General Security Support for the Linux Kernel Presented by Chao-Sheng Lin 2005/11/1

2 2 What is LSM?  “LSM” is the abbreviation of “Linux Security Modules”  A lightweight, general purpose, access control framework for the mainstream Linux kernel  Enables many different access control models to be implemented as loadable kernel modules  POSIX.1e capabilities  Security-Enhanced Linux (SELinux)  Domain and Type Enforcement(DTE)

3 3 Why LSM?  The Linux kernel only provides discretionary access controls and lacks any direct support for enhanced access control mechanisms  It is due in part to a lack of agreement within the security community on the right general solution

4 4 Outline  The Problem: Constrained Design Space  LSM Design: Mediate Access to Kernel Objects  LSM Implementation

5 5 The Problem: Constrained Design Space  Linus Torvalds specified that the security framework must be  truly generic, where using a different security model is merely a matter of loading a different kernel module  conceptually simple, minimally invasive, and efficient  able to support the existing POSIX.1e capabilities logic as an optional security module  The problem is  to unify the functional needs of as many security projects as possible  minimizes the impact on the Linux kernel

6 6 LSM Design: Mediate Access to Kernel Objects

7 7 LSM Design: Mediate Access to Kernel Objects (Cont.)  The basic abstraction of the LSM interface is to mediate access to internal kernel objects  A hook makes a call to a function that the LSM module must provide  The system call interface provides an abstraction for user space to interact with the kernel, and is a tempting location to mediate access  LSM allows modules to mediate access to kernel objects by placing hooks in the kernel code just ahead of the access

8 8 LSM Implementation  The LSM kernel patch modifies the kernel in five primary ways  Add opaque security fields to certain kernel data structures  The patch inserts calls to security hook function at various points within the kernel code  The patch adds a generic security system call  The patch provides functions to allow kernel modules to register and unregister themselves as security modules  The patch moves most the capabilities logic into an optional security module

9 9 Implementation – 1 Opaque security fields  Enable security modules to associate security information with kernel objects by modifying the kernel data structure  Handled by the security modules  An alloc_security hook and a free_security hook are defined that permit the security module to allocate and free security data  Other hooks are provided to permit the security module to update the security data as necessary  Note that LSM does not provide any locking for the security fields; such locking must be performedby the security module

10 10 Implementation – 2 Calls to Security Hook Functions

11 11 Implementation – 2 Calls to Security Hook Functions  LSM provides a set of calls to security hooks to manage the security fields of kernel objects.  It also provides a set of calls to security hooks to mediate access to these objects  Both set of hook functions are called via function pointers in a global security_ops table

12 12 Implementation – 3 Security System Call  LSM provides a general security system call that allows security modules to implement new calls for security-aware applications.  Most security modules that want to provide new calls can place their call implementations in this hook function

13 13 Implementation – 4 Registering Security Modules  When a security module is loaded, it must register itself with the LSM framework by calling the register_security function  If a security module is unloaded, it must unregister with the framework using unregister_security

14 14 Implementation – 5 Capabilities  The Linux kernel currently provides support for a subset of POSIX.1e capabilities  One of the requirements for the LSM project was to move this functionality to an optional security module  The LSM project has developed a capabilities security module and migrated much of the core capabilities logic into it

15 15 Task Hooks  LSM provides a set of task hooks that enable security modules to manage process security information and to control process operations  Task hooks provide control over inter-process operations, such as kill, as well as control over privileged operations on the current process, such as setuid

16 16 Task Hooks  Program loading hooks  IPC hooks  Filesystem hooks  Network hooks  Module hooks  System hooks

17 17 Module Hooks and System Hooks  Module hooks  Used to control the kernel operations that create, initialize, and delete kernel modules  System hooks  Used to control system operations, such as setting the system hostname, accessing I/O ports, and configuring process accounting

18 18 Conclusions  The LSM project exists to ease the barrier to entry by providing a standard loadable module interface for security enhancements  LSM provides an interface that is rich enough to enable a wide variety of security modules  LSM is currently implemented as a patch to the standard Linux kernel

Download ppt "1 Linux Security Module: General Security Support for the Linux Kernel Presented by Chao-Sheng Lin 2005/11/1."

Similar presentations

Chapter 12 File Management Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Operating Systems: Internals and Design Principles,

Chapter 12 File Management Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Operating Systems: Internals and Design Principles,
IO-Lite: A Unified I/O Buffering and Caching System Vivek S. Pai, Peter Drusche Willy and Zwaenepoel 산업공학과 조희권.

IO-Lite: A Unified I/O Buffering and Caching System Vivek S. Pai, Peter Drusche Willy and Zwaenepoel 산업공학과 조희권.
File Management Chapter 12. File Management File management system is considered part of the operating system Input to applications is by means of a file.

File Management Chapter 12. File Management File management system is considered part of the operating system Input to applications is by means of a file.
Introduction Characteristics of USB System Model What needs to be done Platform Issues Conceptual Issues Timeline USB Monitoring Final Presentation 10.

Introduction Characteristics of USB System Model What needs to be done Platform Issues Conceptual Issues Timeline USB Monitoring Final Presentation 10.
Chapter 9 Building a Secure Operating System for Linux.

Chapter 9 Building a Secure Operating System for Linux.
19: Protection1 PROTECTION Protection is the mechanism for controlling access to computer resources. Security concerns the physical integrity of the system.

19: Protection1 PROTECTION Protection is the mechanism for controlling access to computer resources. Security concerns the physical integrity of the system.
Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition, Chapter 14: Protection.

Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition, Chapter 14: Protection.
Chapter 13 Embedded Systems

Chapter 13 Embedded Systems
Block devices and Linux Linux has a generic block device layer with which all filesystems will interact. SCSI is no different in this regard – it registers.

Block devices and Linux Linux has a generic block device layer with which all filesystems will interact. SCSI is no different in this regard – it registers.
1 File Management Chapter 12. 2 File Management File management system consists of system utility programs that run as privileged applications Input to.

1 File Management Chapter File Management File management system consists of system utility programs that run as privileged applications Input to.
Microkernels: Mach and L4

Microkernels: Mach and L4
Students:Gilad Goldman Lior Kamran Supervisor:Mony Orbach Mid-Semester Presentation Spring 2005 Network Sniffer.

Students:Gilad Goldman Lior Kamran Supervisor:Mony Orbach Mid-Semester Presentation Spring 2005 Network Sniffer.
Figure 1.1 Interaction between applications and the operating system.

Figure 1.1 Interaction between applications and the operating system.
Common System Components

Common System Components
Comparative Operating Systems Understanding the Kernel Structure Prashant Thuppala.

Comparative Operating Systems Understanding the Kernel Structure Prashant Thuppala.
1 Chapter 13 Embedded Systems Embedded Systems Characteristics of Embedded Operating Systems.

1 Chapter 13 Embedded Systems Embedded Systems Characteristics of Embedded Operating Systems.
Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition Chapter 2: Operating-System Structures Modified from the text book.

Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition Chapter 2: Operating-System Structures Modified from the text book.
File Management Chapter 12.

File Management Chapter 12.
Copyright Arshi Khan1 System Programming Instructor Arshi Khan.

Copyright Arshi Khan1 System Programming Instructor Arshi Khan.
Linux Security.

Linux Security.

Similar presentations

Ads by Google