|
Linux Security Modules (LSM) is a framework that allows the Linux kernel to support a variety of computer security models while avoiding favoritism toward any single security implementation. The framework is licensed under the terms of the GNU General Public License and is standard part of the Linux kernel since Linux 2.6. AppArmor, SELinux, Smack and TOMOYO Linux are the currently accepted modules in the official kernel. == Design == LSM was designed to provide the specific needs of everything needed to successfully implement a mandatory access control module, while imposing the fewest possible changes to the Linux kernel. LSM avoids the approach of system call interposition as used in Systrace because it does not scale to multiprocessor kernels and is subject to TOCTTOU (race) attacks. Instead, LSM inserts "hooks" (upcalls to the module) at every point in the kernel where a user-level system call is about to result in access to an important internal kernel object such as inodes and task control blocks. The project is narrowly scoped to solve the problem of access control to avoid imposing a large and complex change patch on the mainstream kernel. It is not intended as a general "''hook''" or "''upcall''" mechanism, nor does it support Operating system-level virtualization. LSM's access control goal is very closely related to the problem of system auditing, but is subtly different. Auditing requires that every attempt at access be recorded. LSM cannot deliver that, because it would require a great many more hooks, so as to detect cases where the kernel "''short circuits''" failing system calls and returns an error code before getting near significant objects. The LSM design is described in the paper ''Linux Security Modules: General Security Support for the Linux Kernel''〔(【引用サイトリンク】title=Linux Security Modules: General Security Support for the Linux Kernel )〕 presented at USENIX Security 2002.〔(【引用サイトリンク】title=11th USENIX Security Symposium )〕 At the same conference was the paper ''Using CQUAL for Static Analysis of Authorization Hook Placement''〔(【引用サイトリンク】title=Using CQUAL for Static Analysis of Authorization Hook Placement )〕 which studied automatic static analysis of the kernel code to verify that all of the necessary hooks have actually been inserted into the Linux kernel. 抄文引用元・出典: フリー百科事典『 ウィキペディア(Wikipedia)』 ■ウィキペディアで「Linux Security Modules」の詳細全文を読む スポンサード リンク
|