Project Aims

LinSec is an attempt to improve Linux [13] Operating System security by replacing the existing DAC model with a Mandatory Access Control (MAC) model and by introducing, through the MAC model, the principle of least privilege. Not only should the MAC approach help prevent possible security breaches but it should also enable the confinement of any successful breaches and thus lessen their impact on the overall system functioning.

There are currently several ongoing projects, like [34,28,9], trying to address the same issue but their acceptance has not been wide for the following reasons:

• MAC models too complex to administer.
• Substantial semantic changes to Linux behavior, raising the application compatibility issues.
• Difficulty of integration into the existing, running Linux systems.

LIDS project, for example, one of the first to provide MAC for Linux, suffers badly from ``code rot''. Numerous changes and alterations have resulted in a system difficult to understand whose behavior is full of unexpected and undocumented side effects. Once popular, today the number of people supporting LIDS is steadily decreasing.

SELinux project, on the other hand, implements a very effective MAC model and is well managed and maintained. However, it is impossible to integrate into a running Linux system. For many Linux servers on the Internet it is simply unacceptable to go offline for lengthy reinstallation and setup periods.

Apart from its academic value, one of the most important aims of LinSec is to be highly practical, efficient system and accepted by the Open Source community as such. The project is envisaged as a system that will easily integrate into the existing Linux platforms providing the highest possible level of transparency to the existing users and services by fully supporting POSIX standards and traditional Linux behavior, as long as system mandatory security policy is obeyed. The mandatory security policy itself needs to be highly flexible, reflected through its configurability.

The envisaged MAC model is largely based on modification of ideas existing in the operating systems research world for a long time but which have either never been implemented^2.2 at all (eg. IP Labeling, etc.) or have not been implemented in a similar setting (eg. file system access domains).

The scope of the individual final year project is only the kernel portion of the overall LinSec project. Userspace configuration and administrative tools are external to the project and should be developed by obeying the interface provided by the kernel code.

Linux was chosen primarily because of the widely available kernel source code and because of its widespread use in the Internet environment.

Footnotes

... implemented^2.2

as far as the author is informed.