Stringent quality of service requirements from operating systems led to several extensions to the existing systems. These extensions aim at classifying the processes in a system at runtime to provide differentiated Quality of Service. Also there are many other applications which do need classification of processes for their working. The methods used for identifying the processes and grouping them, by different extensions have been ad-hoc. Enabling several of such extensions adds to the complexity of administering a system. We propose an automated mechanism to classify processes using some persistent characteristics of a process. We use persistent tokens (security contexts) added to all kernel objects by Security Enhanced Linux. We present the overall problem as three sub-problems viz., Notification, Classification and Enforcement. The proposed solution solves Notification and Classification problems. Enforcement is left to the specific application that uses the framework.
[1]
Hubertus Franke,et al.
Class-based Prioritized Resource Control in Linux
,
2003
.
[2]
David Caplan,et al.
SELinux by Example: Using Security Enhanced Linux (Prentice Hall Open Source Software Development Series)
,
2006
.
[3]
James P Anderson,et al.
Computer Security Technology Planning Study
,
1972
.
[4]
Mike Hibler,et al.
The Flask Security Architecture: System Support for Diverse Security Policies
,
1999,
USENIX Security Symposium.
[5]
Hubertus Franke,et al.
Improving Linux resource control using CKRM
,
2010
.
[6]
Hubertus Franke,et al.
CKRM: Class-based Prioritized Resource Control in Linux
,
2003
.