In this paper, we present an approach, sup-ported by software tools, for maintaining the correctness of the Linux Security Modules (LSM) framework (the LSM community is aiming for inclusion in Linux 2.5). The LSM framework consists of a set of function call hooks placed at locations in the Linux kernel that enable greater control of user-level pro-cesses ’ use of kernel functionality, such as is necessary to enforce mandatory access control. However, the placement of LSM hooks within the kernel means that kernel modifications may inadvertently introduce security holes. Funda-mentally, our approach consists of complemen-tary static and runtime analysis; runtime anal-ysis determines the authorization requirements and static analysis verifies ...
In current extensible monolithic operating systems, load-able kernel modules (LKM) have unrestricted...
The proliferation of kernel mode malware and rootkits over the last decade is one of the most critic...
Code injection continues to pose a serious threat to com-puter systems. Among existing solutions,W⊕X...
Computer security is a chronic and growing problem, even for Linux, as evidenced by the seemingly en...
Computer security is a chronic and growing problem, even for Linux, as evidenced by the seemingly en...
Security is a problem of trust. Having a system that offers services to Internet and that can be tru...
The access control mechanisms of existing mainstream operating systems are inadequate to provide str...
The Linux Security Modules (LSM) framework is a set of authorization hooks for implementing flexible...
Abstract—Monitoring a process and its file I/O behaviors is important for security inspection for a ...
Until the availability of Kernel 2.6 the Linux op-erating system lacked general support to integrate...
International audienceInformation Flow Control at Operating System (OS) level features interesting p...
In systems with shared resources, authorization pol-icy enforcement ensures that these resources are...
The economy of mechanism security principle states that program design should be kept as small and s...
The vast majority of hosts on the Internet, including mobile clients, are running one of three commo...
The purpose of this final year project was to study the Linux security mechanism. The aim was to lea...
In current extensible monolithic operating systems, load-able kernel modules (LKM) have unrestricted...
The proliferation of kernel mode malware and rootkits over the last decade is one of the most critic...
Code injection continues to pose a serious threat to com-puter systems. Among existing solutions,W⊕X...
Computer security is a chronic and growing problem, even for Linux, as evidenced by the seemingly en...
Computer security is a chronic and growing problem, even for Linux, as evidenced by the seemingly en...
Security is a problem of trust. Having a system that offers services to Internet and that can be tru...
The access control mechanisms of existing mainstream operating systems are inadequate to provide str...
The Linux Security Modules (LSM) framework is a set of authorization hooks for implementing flexible...
Abstract—Monitoring a process and its file I/O behaviors is important for security inspection for a ...
Until the availability of Kernel 2.6 the Linux op-erating system lacked general support to integrate...
International audienceInformation Flow Control at Operating System (OS) level features interesting p...
In systems with shared resources, authorization pol-icy enforcement ensures that these resources are...
The economy of mechanism security principle states that program design should be kept as small and s...
The vast majority of hosts on the Internet, including mobile clients, are running one of three commo...
The purpose of this final year project was to study the Linux security mechanism. The aim was to lea...
In current extensible monolithic operating systems, load-able kernel modules (LKM) have unrestricted...
The proliferation of kernel mode malware and rootkits over the last decade is one of the most critic...
Code injection continues to pose a serious threat to com-puter systems. Among existing solutions,W⊕X...