Next:
Introduction
Up:
final
Previous:
Conclusion
Contents
LinSec Security Architecture
Subsections
Introduction
LinSec Design Aims
Chapter Layout
LinSec Capability Model
Definition and Background
POSIX 1003.6 and Capabilities
Overview
Executable File Capabilities
User Capabilities
User Capability Groups
Process Capabilities
Global Bounds
Capability Inheritance Algorithm
Capability-Based System Boot Monitor
Capability-Based Process Protection
INET Socket Capability-Based Protection
New Capabilities Introduced
LD_PRELOAD Attack
LinSec Filesystem Access Domains
Background and Definition
Overview
Access Domain Elements
Access Domain Groups
Executable File ADs
User Access Domains
Process Access Domains
Access Domain Inheritance
File System Access Domain Access Control
LinSec IP Labeling
Background
Overview
IPL Elements
IPL Groups
Executable File IPL
Process IPL
IPL Inheritance
IPL Access Control
Summary: LinSec Mandatory Security Policy
Overview
Capability Model
File System Access Domains
IP Labeling
LinSec Mandatory Security Policy Specification
