Automated process classification framework using SELinux security context

Stringent Quality of Service requirements from operating systems led to several extensions to the existing systems. These extensions aim at classifying the processes in a system at runtime to provide differentiated Quality of Service. Also there are many other applications which do need classification of processes for their working. The methods used for identifying the processes and grouping them, by different extensions have been ad-hoc. Enabling several of such extensions adds to the complexity of administering a system. We propose an automated mechanism to classify processes using some persistent characteristics of a process. We use persistent tokens (security contexts) added to all kernel objects by Security Enhanced Linux. We present the overall problem as three sub-problems viz., Notification, Classification and Enforcement. The proposed solution solves Notification and Classification problems. Enforcement is left to the specific application that uses the framework.