Reflections on the virtues of modularity: a case study in linux security modules

Developing a modular system that properly supports a range of security models is challenging. The work presented here details our experiences with the modular Linux security framework called Linux Security Modules, or LSMs. Throughout our experiences we discovered that the developers of the LSM framework made certain tradeoffs for speed and simplicity during implementation, and consequently leaving the framework incomplete. Our experiences show at which points the theory of the LSM differs from reality, and details how these differences play out when developing and using a custom LSM. Copyright © 2009 John Wiley & Sons, Ltd.

[1]  Wayne Salamon,et al.  Implementing SELinux as a Linux Security Module , 2003 .

[2]  Crispin Cowan,et al.  Linux security modules: general security support for the linux kernel , 2002, Foundations of Intrusion Tolerant Systems, 2003 [Organically Assured and Survivable Information Systems].

[3]  Paul A. Karger,et al.  Thirty years later: lessons from the Multics security evaluation , 2002, 18th Annual Computer Security Applications Conference, 2002. Proceedings..

[4]  Andrew Kusiak,et al.  Modularity in design of products and systems , 1998, IEEE Trans. Syst. Man Cybern. Part A.

[5]  F. J. Corbató,et al.  Introduction and overview of the multics system , 1965, AFIPS '65 (Fall, part I).

[6]  James Morris Networking in NSA security-enhanced Linux , 2005 .

[7]  Ori Pomerantz,et al.  The Linux Kernel Module Programming Guide , 2000 .

[8]  Douglas Thain,et al.  ENAVis: Enterprise Network Activities Visualization , 2008, LISA.

[9]  Trent Jaeger,et al.  Analyzing Integrity Protection in the SELinux Example Policy , 2003, USENIX Security Symposium.

[10]  Tal Garfinkel,et al.  Traps and Pitfalls: Practical Problems in System Call Interposition Based Security Tools , 2003, NDSS.