Contents

• Abstract
• Introduction
  • Motivation
  • Project Aims
  • Project Outcomes
  • Conventions
  • Report Layout
  
  
• OS Security Background
  • Introduction
  • Attacks - Facts
    • Facts
    • Types of Attacks
    • Attack Anatomy
  • OS Background
    • Discretionary Access Controls
    • Authorizations
    • Default OS configuration
  • Securing OS
    • Mandatory Access Control (MAC)
    • Least Privilege principle
  • Conclusion
  
  
• LinSec Security Architecture
  • Introduction
    • LinSec Design Aims
    • Chapter Layout
  • LinSec Capability Model
    • Definition and Background
    • POSIX 1003.6 and Capabilities
    • Overview
    • Executable File Capabilities
    • User Capabilities
    • User Capability Groups
    • Process Capabilities
    • Global Bounds
    • Capability Inheritance Algorithm
    • Capability-Based System Boot Monitor
    • Capability-Based Process Protection
    • INET Socket Capability-Based Protection
    • New Capabilities Introduced
    • LD_PRELOAD Attack
  • LinSec Filesystem Access Domains
    • Background and Definition
    • Overview
    • Access Domain Elements
    • Access Domain Groups
    • Executable File ADs
    • User Access Domains
    • Process Access Domains
    • Access Domain Inheritance
    • File System Access Domain Access Control
  • LinSec IP Labeling
    • Background
    • Overview
    • IPL Elements
    • IPL Groups
    • Executable File IPL
    • Process IPL
    • IPL Inheritance
    • IPL Access Control
  • Summary: LinSec Mandatory Security Policy
    • Overview
    • Capability Model
    • File System Access Domains
    • IP Labeling
    • LinSec Mandatory Security Policy Specification
  
  
• Implementation
  • Introduction
    • Chapter Contents
    • Prerequisites
    • Implementation Overview
    • Chapter Layout
  • Linux Kernel Analysis
  • LinSec Configuration Data
  • LinSec Configuration Process
  • LinSec Data Structures
  • SMP Issues
  • LinSec Lifetime
  • LinSec Capability Model
    • Linux Legacy
    • Executable File Capabilities
    • User Capabilities
    • Capability Inheritance Algorithm
    • Linux Process Ownership Model Problem
    • User Capability Revocation
    • Process Information Hiding
  • LinSec Filesystem Access Domains
    • Executable File Access Domains
    • Access Domain Representation
    • Access Domain Inheritance
    • User Access Domain Revocation
    • Access Domain Access Control
  • LinSec Socket Access Control
    • Socket Access Control Information Storage
    • Socket Access Control Algorithm
  • LinSec IP Labeling
    • IP Labeling Information Storage
    • IP Labeling Access Control Algorithm
  • Exec and Setuid
  • Userspace Administrative Tools
  • Summary
  
  
• Testing
  • Introduction
  • Test Criteria
  • Test Process
  • Test Environment
  • Summary
  
  
• LinSec Benchmarking
  • Introduction
  • Benchmark Target
  • Benchmark Structure
  • Benchmark Environment
  • Benchmark Results
    • Host A
    • Host B
  • Conclusion
  
  
• Conclusion
  • Project Summary
  • LinSec Future
  • Project Scope
  
  
• Systems Manual
  • Introduction
  • Software Requirements
  • Step I - Patching the Kernel
  • Step II - Configuring and Compiling the Kernel
  • Step III - Installing and Running the Kernel
  
  
• Users Manual
• November Project Plan
• Interim Report
• LinSec Source Code
  • Introduction
  • The Source Code
  
  
• Bibliography