Alexandria Germes Professor Christopher Frenz IASP 321 1 December 2014 Linux Security Modules The Linux operating system has many different parts to it that make it run, but has three primary components, the kernel, system library, and the system utility. The kernel is the core component of the operating system; it interacts directly with the hardware and provides low level service to the upper layer components of the operating system. Without the kernel, the operating system would not work. With a component as important as the kernel, there has to be a way to keep it and the entire operating system safe and secure. While many operating systems have their own security systems in place, Linux has one that is truly unique. This is where the …show more content…
An interface to hold all the security functions had to be added to the kernel. Inserts that would allow calls to the security functions were added to various parts of the kernel code. Functions to allow the security modules to register and unregister as the user decided were also added. Lastly, the capabilities logic in the kernel had to be changed to be an optional security module itself. The function interface of the LSM contains all the functions for the LSM, including all the hooks that the LSM system uses. It also has the file security.h which is used to define security functions as function pointers. It also defines the set of static functions used to correspond to security calls in the system. The LSM inserts call to security functions at vital points of the kernel to perform access control and manage the security points. Security fields, which are set by the security module, were also added to the kernel, these security fields are used by the module for labeling (Tosun). When it comes to the functions that allow the modules to be registered, the modules must be registered using the security functions. A primary module must be registered and then secondary modules can be registered (Cowan). The primary module must decide if it wants to stack the modules. The primary module also becomes responsible for composing the access control decisions from the secondary modules. The capabilities logic became a partitioning of all root privilege; these capabilities are implemented under three bitmaps, the inheritable, the permitted, and the effective. In the end, the kernel will check to see which bit is appropriate for the privileged operation (Tosun). The LSM framework, how it was created and implemented, and how it works are just part of the LSM system. The actual security modules of the system are what