Architectural Design for a Secure Linux Operating System

被引:0
作者
Narayanan, Hari [1 ]
Radhakrishnan, Vivek [1 ]
Shiju-Sathyadevan [1 ]
Poroor, Jayaraj [2 ]
机构
[1] Amrita Univ, Amrita Ctr Cybersecur Syst & Networks, Amrita Sch Engn, Amrita Vishwa Vidyapeetham, Amritapuri, India
[2] EnergiMate, Gandhinagar, Gujarat, India
来源
2017 2ND IEEE INTERNATIONAL CONFERENCE ON WIRELESS COMMUNICATIONS, SIGNAL PROCESSING AND NETWORKING (WISPNET) | 2017年
关键词
Linux; authorization; principle of least privilege; security ticket; sandbox;
D O I
暂无
中图分类号
TM [电工技术]; TN [电子技术、通信技术];
学科分类号
0808 ; 0809 ;
摘要
Operating system security is a hot research area for the past several decades. Various security mechanisms have been introduced till now to secure the operating system. In this paper we are focusing on securing Linux operating system. Even though Linux is open source and large numbers of people are involved in developing kernel patches for security holes, there are still many malwares to exploit the existing vulnerabilities. Using our architecture we are trying to minimize the damage done by the malwares if not blocking them altogether. Our architecture is designed to ensure the principle of least privilege. Principle of least privilege guarantees that a process will get the privileges just enough to perform its task. This ensures that even if the process is compromised it can do the least damage to the system as it is running in a sandbox. Major chunk of our system is running in the user level to make it portable across the distributions. Our system uses a specially structured security ticket to provide fine grained authorization to user processes which is not currently possible in the traditional linux architecture. The security ticket is designed in such a way that it can be inherited by a child process, can be shared and is unforgeable. The core module in the system is called Secd (Secure Daemon) which authorizes all the requests and also manages the security tickets.
引用
收藏
页码:949 / 953
页数:5
相关论文
共 17 条
  • [1] [Anonymous], SECURE COMPUTING SEL
  • [2] [Anonymous], 2016, INT J CONTROL THEORY
  • [3] [Anonymous], LIN C
  • [4] [Anonymous], 2016, INT J APPL ENG RES
  • [5] [Anonymous], USENIX SEC S
  • [6] Garfinkel Tal., 2003, P NETWORK DISTRIBUTE
  • [7] Clean Application Compartmentalization with SOAAP
    Gudka, Khilan
    Watson, Robert N. M.
    Anderson, Jonathan
    Chisnall, David
    Davis, Brooks
    Laurie, Ben
    Marinos, Ilias
    Neumann, Peter G.
    Richardson, Alex
    [J]. CCS'15: PROCEEDINGS OF THE 22ND ACM SIGSAC CONFERENCE ON COMPUTER AND COMMUNICATIONS SECURITY, 2015, : 1016 - 1031
  • [8] Exploring compartmentalisation hypotheses with SOAAP
    Gudka, Khilan
    Watson, Robert N. M.
    Hand, Steven
    Laurie, Ben
    Madhavapeddy, Anil
    [J]. 2012 IEEE SIXTH INTERNATIONAL CONFERENCE ON SELF-ADAPTIVE AND SELF-ORGANIZING SYSTEMS WORKSHOPS (SASOW), 2012, : 23 - 30
  • [9] Hurtuk J, 2016, 2016 IEEE 11TH INTERNATIONAL SYMPOSIUM ON APPLIED COMPUTATIONAL INTELLIGENCE AND INFORMATICS (SACI), P75, DOI 10.1109/SACI.2016.7507343
  • [10] Jacobsen C., 2016, SIGOPS Operating Systems Review, V49, P44