| This article is mainly about the design and implement of a Linux security module manager (SMM), which is a basic platform to stack multi Linux security modules.In the Linux world, there are a number of security projects, which handle with the security problem of OS. To give the programmers a standard framework to increase the security of Linux, a Linux Security Module (LSM) Framework is developed. After that almost all the security projects are recoded to meet the LSM framework, so that these projects can insert into the LSM framework. But the LSM framework only support single independent security module and the strategy of single security module may be unilateral. The way, which gathers numbers of Linux security modules and combines various security strategies, will be beneficial to increase the Linux security.Base on the above situations, we develop a Linux Security Module Manager (SMM), which can stack several security modules in single OS. In this paper, we have done the following works.Firstly, base on the analysis of the implement of the LSM framework, we develop the Security Module Manager (SMM). The SMM is a module which can handle multi modules stack and gather different security strategies in different modules.Secondly, as multi module detecting increase the system call's time cost, we introduce a P/T First Working procedure Optimize Algorithm. This algorithm can reduce the average time cost of system calls. Further more, we discuss the SMM Cache mechanism to increase the SMM's time efficiency.At last, we introduce security policy, which was a simple way to let SMM to be much more flexible and meet the need of different security levels. |
PDF Full Text Request