Linux Security Modules Enhancements : Module Stacking Framework and TCP State Transition Hooks for State-Driven NIDS

Until the availability of Kernel 2.6 the Linux operating system lacked general support to integrate security mechanisms into the kernel. The Linux Security Module Framework (LSM) was designed to overcome this limitation. Although LSM provides a solid baseline for kernel security, it lacks important features. In this paper two of these limitations are addressed: First a framework-managed module stacking mechanism is proposed that allows multiple security policies to be present in the kernel at the same time. The second aspect this paper deals with is the addition of LSM hooks to the Linux TCP layer. This extension was chosen because it allows the implementation of a State-Based Network Intrusion Detection Mechanism which is outlined at the end of the article.

[1]  Wayne Salamon,et al.  Implementing SELinux as a Linux Security Module , 2003 .

[2]  Bogdan M. Wilamowski,et al.  The Transmission Control Protocol , 2005, The Industrial Information Technology Handbook.

[3]  Crispin Cowan,et al.  Linux Security Module Framework , 2002 .

[4]  Crispin Cowan,et al.  Linux security modules: general security support for the linux kernel , 2002, Foundations of Intrusion Tolerant Systems, 2003 [Organically Assured and Survivable Information Systems].

[5]  Stephen Smalley,et al.  Integrating Flexible Support for Security Policies into the Linux Operating System , 2001, USENIX Annual Technical Conference, FREENIX Track.

[6]  Udo Payer State-driven stack-based network intrusion detection system , 2003, Proceedings of the 7th International Conference on Telecommunications, 2003. ConTEL 2003..