Benchmark Target

From LinSec design (Chapter 4) and implementation (Chapter 5) it can be observed that Linux kernel mechanisms most affected by the alterations are:

• executing a binary (do_execve function),
• changing ownership of a process (setXuid family of functions), and
• file system access control.

It can, thus, be expected that these mechanisms bare most of the performance degradation.

Other Linux kernel mechanisms, like eg. INET networking code, are also affected but to a much lesser extent and as such are not considered in the performed series of benchmarks.

Furthermore, process ownership change mechanism are not bechmarked as well since:

• As can be seen from Section 5.12, LinSec mechanisms triggered by process ownership change are largely subset of the mechanisms triggered by do_execve.
• Calls to setXuid family of functions are very rare compared to the number of invocations of the other two mechanisms. Moreover, by introduction of mandatory security policy it is reasonable to expect that setXuid functionality will become obsolete.

Therefore, benchmarking performed concentrates on assessing performance degradation of do_execve and the fs access control mechanisms.