SlideShare una empresa de Scribd logo

Process behaviour modelling using lsm

I
iaemedu
1 de 8
Descargar para leer sin conexión
INTERNATIONALComputer Volume OF COMPUTER ENGINEERING – International Journal of JOURNAL 3, Issueand Technology (IJCET), ISSN 0976 6367(Print), ISSN 0976 – 6375(Online) Engineering 3, October-December (2012), © IAEME & TECHNOLOGY (IJCET) ISSN 0976 – 6367(Print) ISSN 0976 – 6375(Online) Volume 3, Issue 3, October - December (2012), pp. 369-376 IJCET © IAEME: www.iaeme.com/ijcet.asp Journal Impact Factor (2012): 3.9580 (Calculated by GISI) ©IAEME www.jifactor.com PROCESS BEHAVIOUR MODELLING USING LSM S. Ravi Sankar1, Y. Swapna2 1 (Faculty, CSE Department, National Institute of Technology, Goa, India, srs@nitgoa.ac.in) 2 (Faculty, CSE Department, National Institute of Technology, Goa, India, spr@nitgoa.ac.in) ABSTRACT Computer security is a chronic and growing problem, even for Linux, as evidenced by the seemingly endless stream of software security vulnerabilities. Security research has produced numerous access control mechanisms that help improve system security; however, there is little consensus on the best solution. Because of this lack of consensus, there are many patches to the Linux kernel that provide enhanced access controls but none of them are a standard part of the Linux kernel. The Linux Security Modules (LSM) seeks to solve this by providing a general purpose framework for security policy modules. This allows many different access control models to be implemented as loadable kernel modules. Just before the kernel would access the internal object, an LSM hook makes an out-call to the module posing the question “Is this access ok with you?” The module processes this policy question and returns either “yes” or “no.” In this paper we are modeling process behaviour using LSM, a brief overview of existing security modules. The behaviour of process is checked with LSM Hooks and functions, right before kernel tries to access/take up the task. If it matches the expected operation, then it returns success and task will be continued. If an error value is returned, the task will not start. Keywords: Security, LSM, SELinux, LSM Hook 1. INTRODUCTION Security is a chronic and growing problem, as more systems (and more money) go on line, the motivation to attack rises. Linux is not immune to this threat, Linux systems do experience a large number of software vulnerabilities. At the 2001 Linux Kernel Summit, NSA developers presented their work on Security-Enhanced Linux (SELinux) [3] and emphasized the need for enhanced security support in the main Linux kernel. In the ensuing discussion, a consensus was reached that a general access-control framework for the Linux kernel was needed. This approach would allow different security models to work without modifying the main kernel code. 369
International Journal of Computer Engineering and Technology (IJCET), ISSN 0976 – 6367(Print), ISSN 0976 – 6375(Online) Volume 3, Issue 3, October-December (2012), © IAEME Out of this discussion grew the Linux Security Module (LSM) Project [6, 4, 7]. A number of developers worked together to create a framework of kernel hooks that would allow many security models to work as loadable kernel modules. This allows many different access control models to be implemented as loadable kernel modules, enabling multiple threads of security policy engine development to proceed independently of the main Linux kernel. A number of existing enhanced access control implementations, including POSIX.1e capabilities [5], SELinux [3], Domain and Type Enforcement (DTE)[1] and Linux Intrusion Detection System (LIDS)[9] have already been adapted to use the LSM framework. During the 2002 Linux Kernel Summit, the technical description of the project was presented, and the first portion of the LSM framework appeared in the 2.5.29 kernel release. Further kernel releases contained more portions of the LSM framework. 2. RELATED WORK This section provides an overview of the Linux Security Modules (LSM) framework. The LSM framework adds security fields to kernel data structures and inserts calls to hook functions at critical points in the kernel code to manage the security fields and to perform access control. It also adds functions for registering and unregistering security modules. Extended attribute handlers for a new security namespace were added to file systems to support new file security attributes, and a /proc/pid/attr subdirectory was introduced to provide user space access to new process security attributes. The LSM security fields are simply void* pointers. For process and program execution security information, security fields were added to struct task_struct and struct linux_binprm. For file system security information, a security field was added to struct super_block [2]. Each LSM hook is a function pointer in a global table, security_ops. This table is a security_operations structure as defined by include/linux/security.h. Detailed documentation for each hook is included in this header file. The hooks are grouped into logical sets based on the kernel object (e.g. task, inode, file, sock, etc) as well as some miscellaneous hooks for system operations[4]. A register_security function (in security/security.c) is provided to allow a security module to set security_ops to refer to its own hook functions, and an unregister_security function is provided to revert security_ops to the dummy module hooks[2]. Most of its functionality can now be implemented using the extended attribute support and /proc/pid/attrinterface, as mentioned above. 2.1. LSM Architecture This section provides an overview of the SELinux security module internal architecture as shown in the fig.1. The module code is located within the security/SELinux subdirectory of the kernel tree. The security server provides general interfaces for obtaining security policy decisions, enabling the rest of the module to remain independent of the specific security policies used. These interfaces are defined in the include/security.h header file under the SELinux module directory. 370
International Journal of Computer Engineering and Technology (IJCET), ISSN 0976 – 6367(Print), ISSN 0976 – 6375(Online) Volume 3, Issue 3, October-December (2012), © IAEME Fig.1: LSM Architecture Having discussed the high-level design philosophies of LSM we now turn to the implementation of the LSM interface. At the core, the LSM interface is a large table of functions, which by default are populated with calls that implement the traditional super user Discretionary Access Control (DAC) policy. The module writer is then responsible for providing implementations of the functions that they care about. In [8], the different types of hooks which LSM provides have been explained. 3. METHODOLOGY One of the most interesting applications of LSM appears when process permissions are based on the process behaviour profile. In this paper we are modelling the behaviour of a process using LSM. For this, in order to implement the LSM module and use the security structure, we have to disable the NSA security flag after the kernel is compiled and configuring the modules. By this we can implement our own security Module with the help of the structure Linux security plug-in located in /usr /src /linux-2.6...... /include /linux /security.h. At first we insert a module to the kernel which checks the file permissions and the behaviour of the user application or process with a demon which holds the execution behaviour of that particular process. The module consists of the struct security_operations structure which checks the file permissions and socket operation of our particular application. File permission function detects our present running application and traces the behaviour like open, read etc. System calls which will be checked with the demon continually and the status is returned to the module for every system call. If the call is matched demon will return yes to continue the process and keeps on checking remaining calls. Suppose the call is not matched with the one in demon it returns NO to the module and informs there is some deviation or abnormal behaviour of process, immediately the module will terminate the process from executing. In order to show the process behaviour we used the open system calls and a socket to model it. Here we treat socket call as abnormal behaviour, as in most cases malfunctioning processes try to communicate, and terminate the process whenever this call is made. Remaining for the open calls the process should run normally and module allows it execute. 371
International Journal of Computer Engineering and Technology (IJCET), ISSN 0976 – 6367(Print), ISSN 0976 – 6375(Online) Volume 3, Issue 3, October-December (2012), © IAEME The user application or the process which we are modelling first opens a file, create a socket, then close the file and socket. The demon consists of a while loop which continually checks the calls which are sent by module and returns the status accordingly. This function is called whenever the kernel wants to determine if a specific file can be accessed at this moment in time. A security module can look at the file, check whether the current user has proper authority and possibly refuse to grant it. int f_socket(int family, int type, int protocol, int kern) { if( strcmp(current->comm,"app")==0 ) { printk(KERN_ALERT"in socket create function after strcmpn"); strcpy(kbuf,"socket"); up(&semr); down_interruptible(&semw); if(status=='n') { printk("process behaviour is suspicious , will be abortedn"); return -1; } } return 0; } Fig.2: Flow chart of Process Behaviour Modelling 372
International Journal of Computer Engineering and Technology (IJCET), ISSN 0976 – 6367(Print), ISSN 0976 – 6375(Online) Volume 3, Issue 3, October-December (2012), © IAEME 4. IMPLEMENTATION An implementation of flexible access control architecture in the Linux kernel has been developed. It is useful and effective for developing Linux security enhancements. int reg,ureg; int f_per (struct file *file,int mask); int f_ioctl (struct file * file, unsigned int cmd,unsigned long arg); //extern int register_security (struct security_operations *ops); //extern int unregister_security (struct security_operations *ops); //int char_ioctl(struct inode *, struct file *, unsigned int, unsigned long); //int (*file_ioctl) (struct file * file, unsigned int cmd,unsigned long arg): struct security_operations secop= { .file_permission = f_per, .file_ioctl = f_ioctl, }; int init_module(void) { printk(KERN_ALERT"in init functionn"); reg = register_security(&secop); if(reg!=0) { printk(KERN_ALERT"register security failedn"); return -1; } return 0; } void cleanup_module(void) { printk(KERN_ALERT"in exit functionn"); ureg=unregister_security(&secop); if(ureg!=0) { printk(KERN_ALERT"unregister security failedn"); } } int f_per (struct file *file,int mask) { if( strcmp(current->comm,"app")==0 ) { printk(KERN_ALERT"in file permission function after strcmpn"); printk(KERN_ALERT"path =%sn",file->f_dentry->d_iname); } return 0; } int f_ioctl(struct file * file, unsigned int cmd,unsigned long arg) 373
International Journal of Computer Engineering and Technology (IJCET), ISSN 0976 – 6367(Print), ISSN 0976 – 6375(Online) Volume 3, Issue 3, October-December (2012), © IAEME { int number=10,ret; if( strcmp(current->comm,"app")==0 ) { switch(cmd) { case readioctl: ret=copy_to_user((int *)arg,&number,sizeof(number)); if(ret!=0) { printk("no of bytes not copied is %dn",ret); } printk("the number sent to demon is %d n",number); break; default: printk("invalid choice n"); } } return 0; } 5. RESULTS Experiments were conducted to test and evaluate the effectiveness of the proposed approach to provide security. This section presents and details the experiments undertaken and the results achieved. Fig. 3: Inserting LSM Module Fig.4: Running Daemon Process 374
International Journal of Computer Engineering and Technology (IJCET), ISSN 0976 – 6367(Print), ISSN 0976 – 6375(Online) Volume 3, Issue 3, October-December (2012), © IAEME Fig.5: Running Application Fig.6: Status Info from Daemon to LSM Module Fig. 7: Intercepting System calls to monitor process behavior In the above fig.3, using insmod command LSM module has been added to the kernel. Before adding LSM module, we have to disable the NSA security flag after the kernel is compiled and configuring the modules. By this we can implement our own security Module with the help of the structure Linux security plug-in located in /usr /src /linux-2.6...... /include /linux /security.h. 375
International Journal of Computer Engineering and Technology (IJCET), ISSN 0976 – 6367(Print), ISSN 0976 – 6375(Online) Volume 3, Issue 3, October-December (2012), © IAEME Now the inserted module to the kernel checks the file permissions and the behaviour of the user application (fig.5) with a demon process (fig.4) which holds the execution behaviour of that particular process. File permission function detects our present running application and traces the behaviour like open, read etc. System calls which will be checked with the demon continually and the status is returned to the module for every system call as shown in the fig. 6 and 7.If the process is suspicious then terminate it from running state or else continue the process execution. 6. CONCLUSION There are probably other methods of taking an existing running program and spawning a root process that this module does not catch. The proposed approach would be useful for researchers in this area. Anybody who depends on a Linux security module (such as SELinux) is depending on comprehensive checking within the kernel. Some work in this area could do a lot to increase the level of trust which can be placed in LSM-based modules. The implemented LSM meets these criteria. The patch is relatively small, and the performance data in shows that the LSM patch imposes nearly zero overhead. The broad suite of security products from around the world that have been implemented for LSM shows that the LSM API is useful and effective for developing Linux security enhancements. REFERENCES [1] Serge Hallyn and Phil Kearns. Domain and Type Enforcement for Linux. In Proceedings of the 4th Annual Linux Showcase and Conference, October 2000. [2] Stephen Smalley, Wayne Salamon, and Chris Vance. Implementing SELinux as a Linux Security Module. http://www.nsa.gov, December 2001. [3] Peter Loscocco and Stephen Smalley. Integrating Flexible Support for Security Policies into the Linux Operating System. In Proceedings of the FREENIX Track: 2001 USENIX Annual Technical Conference (FREENIX ’01), June 2001. [4] Stephen Smalley, Timothy Fraser, and Chris Vance. Linux Security Modules: General Security Hooks for Linux. http://lsm.immunix.org/, September 2001. [5] Winfried Trumper. Summary about POSIX.1e. http://wt.xpilot.org/publications/posix.1e, July 1999. [6] WireX Communications. Linux Security Module. http://lsm.immunix.org/, April 2001. [7] Chris Wright, Crispin Cowan, Stephen Smalley, James Morris, and Greg Kroah-Hartman. Linux Security Modules: General Security Support for the Linux Kernel. In USENIX Security Symposium, San Francisco, CA, August 2002. [8] Chris Wright and Crispin Cowan, Stephen Smalley, James Morris and Greg Kroah-Hartman, Linux Security Module Framework DARPA 2002 . [9] Linux Intrusion Detection System. World-wide web page available at http://www.lids.org. 376

Recomendados

F0341026029
F0341026029F0341026029
F0341026029inventionjournals
 
Factors Affecting the System Safety || Linux
Factors Affecting the System Safety || LinuxFactors Affecting the System Safety || Linux
Factors Affecting the System Safety || LinuxZain Abid
 
Object Oriented Secure Modeling using SELinux Trusted Operating System
Object Oriented Secure Modeling using SELinux Trusted Operating SystemObject Oriented Secure Modeling using SELinux Trusted Operating System
Object Oriented Secure Modeling using SELinux Trusted Operating SystemEswar Publications
 
Evaluation of Authentication Mechanisms in Control Plane Applications for Sof...
Evaluation of Authentication Mechanisms in Control Plane Applications for Sof...Evaluation of Authentication Mechanisms in Control Plane Applications for Sof...
Evaluation of Authentication Mechanisms in Control Plane Applications for Sof...Siyabonga Masuku
 
Unified Security Plugin for Opendaylight Controller
Unified Security Plugin for Opendaylight ControllerUnified Security Plugin for Opendaylight Controller
Unified Security Plugin for Opendaylight ControllerSaikat Chaudhuri
 
The Design of Convoluted Kernel Architectural Framework for Trusted Systems –...
The Design of Convoluted Kernel Architectural Framework for Trusted Systems –...The Design of Convoluted Kernel Architectural Framework for Trusted Systems –...
The Design of Convoluted Kernel Architectural Framework for Trusted Systems –...rahulmonikasharma
 
Tinysec
TinysecTinysec
TinysecDhara Ladumor
 
WIRELESS COMPUTING AND IT ECOSYSTEMS
WIRELESS COMPUTING AND IT ECOSYSTEMSWIRELESS COMPUTING AND IT ECOSYSTEMS
WIRELESS COMPUTING AND IT ECOSYSTEMScscpconf
 

Recomendados

F0341026029
F0341026029F0341026029
F0341026029inventionjournals
 
Factors Affecting the System Safety || Linux
Factors Affecting the System Safety || LinuxFactors Affecting the System Safety || Linux
Factors Affecting the System Safety || LinuxZain Abid
 
Object Oriented Secure Modeling using SELinux Trusted Operating System
Object Oriented Secure Modeling using SELinux Trusted Operating SystemObject Oriented Secure Modeling using SELinux Trusted Operating System
Object Oriented Secure Modeling using SELinux Trusted Operating SystemEswar Publications
 
Evaluation of Authentication Mechanisms in Control Plane Applications for Sof...
Evaluation of Authentication Mechanisms in Control Plane Applications for Sof...Evaluation of Authentication Mechanisms in Control Plane Applications for Sof...
Evaluation of Authentication Mechanisms in Control Plane Applications for Sof...Siyabonga Masuku
 
Unified Security Plugin for Opendaylight Controller
Unified Security Plugin for Opendaylight ControllerUnified Security Plugin for Opendaylight Controller
Unified Security Plugin for Opendaylight ControllerSaikat Chaudhuri
 
The Design of Convoluted Kernel Architectural Framework for Trusted Systems –...
The Design of Convoluted Kernel Architectural Framework for Trusted Systems –...The Design of Convoluted Kernel Architectural Framework for Trusted Systems –...
The Design of Convoluted Kernel Architectural Framework for Trusted Systems –...rahulmonikasharma
 
Tinysec
TinysecTinysec
TinysecDhara Ladumor
 
WIRELESS COMPUTING AND IT ECOSYSTEMS
WIRELESS COMPUTING AND IT ECOSYSTEMSWIRELESS COMPUTING AND IT ECOSYSTEMS
WIRELESS COMPUTING AND IT ECOSYSTEMScscpconf
 
P01
P01P01
P01Oscar Monge-España
 
BsidesSP: Pentesting in SDN - Owning the Controllers
BsidesSP: Pentesting in SDN - Owning the ControllersBsidesSP: Pentesting in SDN - Owning the Controllers
BsidesSP: Pentesting in SDN - Owning the ControllersRoberto Soares
 
Ijnsa050214
Ijnsa050214Ijnsa050214
Ijnsa050214IJNSA Journal
 
Employee trust based industrial device
Employee trust based industrial deviceEmployee trust based industrial device
Employee trust based industrial deviceIJNSA Journal
 
EMPLOYEE TRUST BASED INDUSTRIAL DEVICE DEPLOYMENT AND INITIAL KEY ESTABLISHMENT
EMPLOYEE TRUST BASED INDUSTRIAL DEVICE DEPLOYMENT AND INITIAL KEY ESTABLISHMENTEMPLOYEE TRUST BASED INDUSTRIAL DEVICE DEPLOYMENT AND INITIAL KEY ESTABLISHMENT
EMPLOYEE TRUST BASED INDUSTRIAL DEVICE DEPLOYMENT AND INITIAL KEY ESTABLISHMENTIJNSA Journal
 
50120140502015
5012014050201550120140502015
50120140502015IAEME Publication
 
Paper4
Paper4Paper4
Paper4Kestone
 
Secure masid secure multi agent system for intrusion detection-2
Secure masid secure multi agent system for intrusion detection-2Secure masid secure multi agent system for intrusion detection-2
Secure masid secure multi agent system for intrusion detection-2IAEME Publication
 
www.ijerd.com
www.ijerd.comwww.ijerd.com
www.ijerd.comIJERD Editor
 
An explicit trust model towards better system security
An explicit trust model towards better system securityAn explicit trust model towards better system security
An explicit trust model towards better system securitycsandit
 
Enhanced Authentication Mechanism in WLAN via MMBSPS
Enhanced Authentication Mechanism in WLAN via MMBSPSEnhanced Authentication Mechanism in WLAN via MMBSPS
Enhanced Authentication Mechanism in WLAN via MMBSPSRAJESH DUVVURU
 
Update On The Cern. Computing And Network Infrastructure For Controls. (Cnic)...
Update On The Cern. Computing And Network Infrastructure For Controls. (Cnic)...Update On The Cern. Computing And Network Infrastructure For Controls. (Cnic)...
Update On The Cern. Computing And Network Infrastructure For Controls. (Cnic)...ESS BILBAO
 
A Security Analysis Framework Powered by an Expert System
A Security Analysis Framework Powered by an Expert SystemA Security Analysis Framework Powered by an Expert System
A Security Analysis Framework Powered by an Expert SystemCSCJournals
 
IRJET- Public Key Infrastructure (PKI) Understanding for Vxworks RTOS using A...
IRJET- Public Key Infrastructure (PKI) Understanding for Vxworks RTOS using A...IRJET- Public Key Infrastructure (PKI) Understanding for Vxworks RTOS using A...
IRJET- Public Key Infrastructure (PKI) Understanding for Vxworks RTOS using A...IRJET Journal
 
A holistic Control Flow Integrity
A holistic Control Flow IntegrityA holistic Control Flow Integrity
A holistic Control Flow IntegrityMohammad Golyani
 
Attacking SDN infrastructure: Are we ready for the next gen networking
Attacking SDN infrastructure: Are we ready for the next gen networkingAttacking SDN infrastructure: Are we ready for the next gen networking
Attacking SDN infrastructure: Are we ready for the next gen networkingPriyanka Aash
 
Analysis of monolithic and microkernel architectures
Analysis of monolithic and microkernel architecturesAnalysis of monolithic and microkernel architectures
Analysis of monolithic and microkernel architecturesShakil Ahmed
 
Ea33762765
Ea33762765Ea33762765
Ea33762765IJERA Editor
 
Effect of sub classes on the accuracy of the classified image
Effect of sub classes on the accuracy of the classified imageEffect of sub classes on the accuracy of the classified image
Effect of sub classes on the accuracy of the classified imageiaemedu
 
Design and simulation of high speed cmos
Design and simulation of high speed cmosDesign and simulation of high speed cmos
Design and simulation of high speed cmosiaemedu
 
Dc dc converter for ultracapacitor boosted electric vehicle
Dc dc converter for ultracapacitor boosted electric vehicleDc dc converter for ultracapacitor boosted electric vehicle
Dc dc converter for ultracapacitor boosted electric vehicleiaemedu
 
A computationally efficient method to find transformed residue
A computationally efficient method to find transformed residueA computationally efficient method to find transformed residue
A computationally efficient method to find transformed residueiaemedu
 

Más contenido relacionado

La actualidad más candente

BsidesSP: Pentesting in SDN - Owning the Controllers
BsidesSP: Pentesting in SDN - Owning the ControllersBsidesSP: Pentesting in SDN - Owning the Controllers
BsidesSP: Pentesting in SDN - Owning the ControllersRoberto Soares
 
Employee trust based industrial device
Employee trust based industrial deviceEmployee trust based industrial device
Employee trust based industrial deviceIJNSA Journal
 
EMPLOYEE TRUST BASED INDUSTRIAL DEVICE DEPLOYMENT AND INITIAL KEY ESTABLISHMENT
EMPLOYEE TRUST BASED INDUSTRIAL DEVICE DEPLOYMENT AND INITIAL KEY ESTABLISHMENTEMPLOYEE TRUST BASED INDUSTRIAL DEVICE DEPLOYMENT AND INITIAL KEY ESTABLISHMENT
EMPLOYEE TRUST BASED INDUSTRIAL DEVICE DEPLOYMENT AND INITIAL KEY ESTABLISHMENTIJNSA Journal
 
Secure masid secure multi agent system for intrusion detection-2
Secure masid secure multi agent system for intrusion detection-2Secure masid secure multi agent system for intrusion detection-2
Secure masid secure multi agent system for intrusion detection-2IAEME Publication
 
An explicit trust model towards better system security
An explicit trust model towards better system securityAn explicit trust model towards better system security
An explicit trust model towards better system securitycsandit
 
Enhanced Authentication Mechanism in WLAN via MMBSPS
Enhanced Authentication Mechanism in WLAN via MMBSPSEnhanced Authentication Mechanism in WLAN via MMBSPS
Enhanced Authentication Mechanism in WLAN via MMBSPSRAJESH DUVVURU
 
Update On The Cern. Computing And Network Infrastructure For Controls. (Cnic)...
Update On The Cern. Computing And Network Infrastructure For Controls. (Cnic)...Update On The Cern. Computing And Network Infrastructure For Controls. (Cnic)...
Update On The Cern. Computing And Network Infrastructure For Controls. (Cnic)...ESS BILBAO
 
A Security Analysis Framework Powered by an Expert System
A Security Analysis Framework Powered by an Expert SystemA Security Analysis Framework Powered by an Expert System
A Security Analysis Framework Powered by an Expert SystemCSCJournals
 
IRJET- Public Key Infrastructure (PKI) Understanding for Vxworks RTOS using A...
IRJET- Public Key Infrastructure (PKI) Understanding for Vxworks RTOS using A...IRJET- Public Key Infrastructure (PKI) Understanding for Vxworks RTOS using A...
IRJET- Public Key Infrastructure (PKI) Understanding for Vxworks RTOS using A...IRJET Journal
 
A holistic Control Flow Integrity
A holistic Control Flow IntegrityA holistic Control Flow Integrity
A holistic Control Flow IntegrityMohammad Golyani
 
Attacking SDN infrastructure: Are we ready for the next gen networking
Attacking SDN infrastructure: Are we ready for the next gen networkingAttacking SDN infrastructure: Are we ready for the next gen networking
Attacking SDN infrastructure: Are we ready for the next gen networkingPriyanka Aash
 
Analysis of monolithic and microkernel architectures
Analysis of monolithic and microkernel architecturesAnalysis of monolithic and microkernel architectures
Analysis of monolithic and microkernel architecturesShakil Ahmed
 

La actualidad más candente (18)

P01
P01P01
P01
 
BsidesSP: Pentesting in SDN - Owning the Controllers
BsidesSP: Pentesting in SDN - Owning the ControllersBsidesSP: Pentesting in SDN - Owning the Controllers
BsidesSP: Pentesting in SDN - Owning the Controllers
 
Ijnsa050214
Ijnsa050214Ijnsa050214
Ijnsa050214
 
Employee trust based industrial device
Employee trust based industrial deviceEmployee trust based industrial device
Employee trust based industrial device
 
EMPLOYEE TRUST BASED INDUSTRIAL DEVICE DEPLOYMENT AND INITIAL KEY ESTABLISHMENT
EMPLOYEE TRUST BASED INDUSTRIAL DEVICE DEPLOYMENT AND INITIAL KEY ESTABLISHMENTEMPLOYEE TRUST BASED INDUSTRIAL DEVICE DEPLOYMENT AND INITIAL KEY ESTABLISHMENT
EMPLOYEE TRUST BASED INDUSTRIAL DEVICE DEPLOYMENT AND INITIAL KEY ESTABLISHMENT
 
50120140502015
5012014050201550120140502015
50120140502015
 
Paper4
Paper4Paper4
Paper4
 
Secure masid secure multi agent system for intrusion detection-2
Secure masid secure multi agent system for intrusion detection-2Secure masid secure multi agent system for intrusion detection-2
Secure masid secure multi agent system for intrusion detection-2
 
www.ijerd.com
www.ijerd.comwww.ijerd.com
www.ijerd.com
 
An explicit trust model towards better system security
An explicit trust model towards better system securityAn explicit trust model towards better system security
An explicit trust model towards better system security
 
Enhanced Authentication Mechanism in WLAN via MMBSPS
Enhanced Authentication Mechanism in WLAN via MMBSPSEnhanced Authentication Mechanism in WLAN via MMBSPS
Enhanced Authentication Mechanism in WLAN via MMBSPS
 
Update On The Cern. Computing And Network Infrastructure For Controls. (Cnic)...
Update On The Cern. Computing And Network Infrastructure For Controls. (Cnic)...Update On The Cern. Computing And Network Infrastructure For Controls. (Cnic)...
Update On The Cern. Computing And Network Infrastructure For Controls. (Cnic)...
 
A Security Analysis Framework Powered by an Expert System
A Security Analysis Framework Powered by an Expert SystemA Security Analysis Framework Powered by an Expert System
A Security Analysis Framework Powered by an Expert System
 
IRJET- Public Key Infrastructure (PKI) Understanding for Vxworks RTOS using A...
IRJET- Public Key Infrastructure (PKI) Understanding for Vxworks RTOS using A...IRJET- Public Key Infrastructure (PKI) Understanding for Vxworks RTOS using A...
IRJET- Public Key Infrastructure (PKI) Understanding for Vxworks RTOS using A...
 
A holistic Control Flow Integrity
A holistic Control Flow IntegrityA holistic Control Flow Integrity
A holistic Control Flow Integrity
 
Attacking SDN infrastructure: Are we ready for the next gen networking
Attacking SDN infrastructure: Are we ready for the next gen networkingAttacking SDN infrastructure: Are we ready for the next gen networking
Attacking SDN infrastructure: Are we ready for the next gen networking
 
Analysis of monolithic and microkernel architectures
Analysis of monolithic and microkernel architecturesAnalysis of monolithic and microkernel architectures
Analysis of monolithic and microkernel architectures
 
Ea33762765
Ea33762765Ea33762765
Ea33762765
 

Destacado

Effect of sub classes on the accuracy of the classified image
Effect of sub classes on the accuracy of the classified imageEffect of sub classes on the accuracy of the classified image
Effect of sub classes on the accuracy of the classified imageiaemedu
 
Design and simulation of high speed cmos
Design and simulation of high speed cmosDesign and simulation of high speed cmos
Design and simulation of high speed cmosiaemedu
 
Dc dc converter for ultracapacitor boosted electric vehicle
Dc dc converter for ultracapacitor boosted electric vehicleDc dc converter for ultracapacitor boosted electric vehicle
Dc dc converter for ultracapacitor boosted electric vehicleiaemedu
 
A computationally efficient method to find transformed residue
A computationally efficient method to find transformed residueA computationally efficient method to find transformed residue
A computationally efficient method to find transformed residueiaemedu
 
Nimble@itcecnogrid novel toolkit for computing weather
Nimble@itcecnogrid novel toolkit for computing weatherNimble@itcecnogrid novel toolkit for computing weather
Nimble@itcecnogrid novel toolkit for computing weatheriaemedu
 
Advanced agriculture system
Advanced agriculture systemAdvanced agriculture system
Advanced agriculture systemiaemedu
 
Reduced rcs uhf rfid gosper and hilbert tag antennas no restriction
Reduced rcs uhf rfid gosper and hilbert tag antennas no restrictionReduced rcs uhf rfid gosper and hilbert tag antennas no restriction
Reduced rcs uhf rfid gosper and hilbert tag antennas no restrictioniaemedu
 
Development of economized shaking platforms for seismic testing of scaled models
Development of economized shaking platforms for seismic testing of scaled modelsDevelopment of economized shaking platforms for seismic testing of scaled models
Development of economized shaking platforms for seismic testing of scaled modelsiaemedu
 
Sample size determination for classification of eeg signals using power analy...
Sample size determination for classification of eeg signals using power analy...Sample size determination for classification of eeg signals using power analy...
Sample size determination for classification of eeg signals using power analy...iaemedu
 

Destacado (9)

Effect of sub classes on the accuracy of the classified image
Effect of sub classes on the accuracy of the classified imageEffect of sub classes on the accuracy of the classified image
Effect of sub classes on the accuracy of the classified image
 
Design and simulation of high speed cmos
Design and simulation of high speed cmosDesign and simulation of high speed cmos
Design and simulation of high speed cmos
 
Dc dc converter for ultracapacitor boosted electric vehicle
Dc dc converter for ultracapacitor boosted electric vehicleDc dc converter for ultracapacitor boosted electric vehicle
Dc dc converter for ultracapacitor boosted electric vehicle
 
A computationally efficient method to find transformed residue
A computationally efficient method to find transformed residueA computationally efficient method to find transformed residue
A computationally efficient method to find transformed residue
 
Nimble@itcecnogrid novel toolkit for computing weather
Nimble@itcecnogrid novel toolkit for computing weatherNimble@itcecnogrid novel toolkit for computing weather
Nimble@itcecnogrid novel toolkit for computing weather
 
Advanced agriculture system
Advanced agriculture systemAdvanced agriculture system
Advanced agriculture system
 
Reduced rcs uhf rfid gosper and hilbert tag antennas no restriction
Reduced rcs uhf rfid gosper and hilbert tag antennas no restrictionReduced rcs uhf rfid gosper and hilbert tag antennas no restriction
Reduced rcs uhf rfid gosper and hilbert tag antennas no restriction
 
Development of economized shaking platforms for seismic testing of scaled models
Development of economized shaking platforms for seismic testing of scaled modelsDevelopment of economized shaking platforms for seismic testing of scaled models
Development of economized shaking platforms for seismic testing of scaled models
 
Sample size determination for classification of eeg signals using power analy...
Sample size determination for classification of eeg signals using power analy...Sample size determination for classification of eeg signals using power analy...
Sample size determination for classification of eeg signals using power analy...
 

Similar a Process behaviour modelling using lsm

2009-08-11 IBM Teach the Teachers (IBM T3), Linux Security Overview
2009-08-11 IBM Teach the Teachers (IBM T3), Linux Security Overview2009-08-11 IBM Teach the Teachers (IBM T3), Linux Security Overview
2009-08-11 IBM Teach the Teachers (IBM T3), Linux Security OverviewShawn Wells
 
Kernel security of Systems
Kernel security of SystemsKernel security of Systems
Kernel security of SystemsJamal Jamali
 
3.Secure Design Principles And Process
3.Secure Design Principles And Process3.Secure Design Principles And Process
3.Secure Design Principles And Processphanleson
 
A UML Profile for Security and Code Generation
A UML Profile for Security and Code Generation A UML Profile for Security and Code Generation
A UML Profile for Security and Code Generation IJECEIAES
 
LCJ2010-KaiGai-sepgsql
LCJ2010-KaiGai-sepgsqlLCJ2010-KaiGai-sepgsql
LCJ2010-KaiGai-sepgsqlKohei KaiGai
 
Performance evaluation of network security protocols on open source and micro...
Performance evaluation of network security protocols on open source and micro...Performance evaluation of network security protocols on open source and micro...
Performance evaluation of network security protocols on open source and micro...Alexander Decker
 
Performance evaluation of network security protocols on open source and micro...
Performance evaluation of network security protocols on open source and micro...Performance evaluation of network security protocols on open source and micro...
Performance evaluation of network security protocols on open source and micro...Alexander Decker
 
ARCHITECTURE OF A IDENTITY BASED FIREWALL SYSTEM
ARCHITECTURE OF A IDENTITY BASED FIREWALL SYSTEMARCHITECTURE OF A IDENTITY BASED FIREWALL SYSTEM
ARCHITECTURE OF A IDENTITY BASED FIREWALL SYSTEMIJNSA Journal
 
IRJET- An EFficiency and Privacy-Preserving Biometric Identification Scheme i...
IRJET- An EFficiency and Privacy-Preserving Biometric Identification Scheme i...IRJET- An EFficiency and Privacy-Preserving Biometric Identification Scheme i...
IRJET- An EFficiency and Privacy-Preserving Biometric Identification Scheme i...IRJET Journal
 
Linux Assignment 3
Linux Assignment 3Linux Assignment 3
Linux Assignment 3Diane Allen
 
IRJET- Secure Data Protection in Cloud Computing
IRJET- Secure Data Protection in Cloud ComputingIRJET- Secure Data Protection in Cloud Computing
IRJET- Secure Data Protection in Cloud ComputingIRJET Journal
 
Object Oriented Programming
Object Oriented ProgrammingObject Oriented Programming
Object Oriented ProgrammingPatricia Viljoen
 
CISSP Certification- Security Engineering-part1
CISSP Certification- Security Engineering-part1CISSP Certification- Security Engineering-part1
CISSP Certification- Security Engineering-part1Hamed Moghaddam
 
Secure modelling schema of distributed information
Secure modelling schema of distributed informationSecure modelling schema of distributed information
Secure modelling schema of distributed informationiaemedu
 
Secure modelling schema of distributed information access management in cloud...
Secure modelling schema of distributed information access management in cloud...Secure modelling schema of distributed information access management in cloud...
Secure modelling schema of distributed information access management in cloud...iaemedu
 
Secure modelling schema of distributed information access management in cloud...
Secure modelling schema of distributed information access management in cloud...Secure modelling schema of distributed information access management in cloud...
Secure modelling schema of distributed information access management in cloud...iaemedu
 
Secure modelling schema of distributed information access management in cloud...
Secure modelling schema of distributed information access management in cloud...Secure modelling schema of distributed information access management in cloud...
Secure modelling schema of distributed information access management in cloud...iaemedu
 

Similar a Process behaviour modelling using lsm (20)

2009-08-11 IBM Teach the Teachers (IBM T3), Linux Security Overview
2009-08-11 IBM Teach the Teachers (IBM T3), Linux Security Overview2009-08-11 IBM Teach the Teachers (IBM T3), Linux Security Overview
2009-08-11 IBM Teach the Teachers (IBM T3), Linux Security Overview
 
Kernel security of Systems
Kernel security of SystemsKernel security of Systems
Kernel security of Systems
 
3.Secure Design Principles And Process
3.Secure Design Principles And Process3.Secure Design Principles And Process
3.Secure Design Principles And Process
 
A UML Profile for Security and Code Generation
A UML Profile for Security and Code Generation A UML Profile for Security and Code Generation
A UML Profile for Security and Code Generation
 
LCJ2010-KaiGai-sepgsql
LCJ2010-KaiGai-sepgsqlLCJ2010-KaiGai-sepgsql
LCJ2010-KaiGai-sepgsql
 
Performance evaluation of network security protocols on open source and micro...
Performance evaluation of network security protocols on open source and micro...Performance evaluation of network security protocols on open source and micro...
Performance evaluation of network security protocols on open source and micro...
 
Performance evaluation of network security protocols on open source and micro...
Performance evaluation of network security protocols on open source and micro...Performance evaluation of network security protocols on open source and micro...
Performance evaluation of network security protocols on open source and micro...
 
ARCHITECTURE OF A IDENTITY BASED FIREWALL SYSTEM
ARCHITECTURE OF A IDENTITY BASED FIREWALL SYSTEMARCHITECTURE OF A IDENTITY BASED FIREWALL SYSTEM
ARCHITECTURE OF A IDENTITY BASED FIREWALL SYSTEM
 
PPT_Compiled
PPT_CompiledPPT_Compiled
PPT_Compiled
 
Security Center.pdf
Security Center.pdfSecurity Center.pdf
Security Center.pdf
 
9.system analysis
9.system analysis9.system analysis
9.system analysis
 
IRJET- An EFficiency and Privacy-Preserving Biometric Identification Scheme i...
IRJET- An EFficiency and Privacy-Preserving Biometric Identification Scheme i...IRJET- An EFficiency and Privacy-Preserving Biometric Identification Scheme i...
IRJET- An EFficiency and Privacy-Preserving Biometric Identification Scheme i...
 
Linux Assignment 3
Linux Assignment 3Linux Assignment 3
Linux Assignment 3
 
IRJET- Secure Data Protection in Cloud Computing
IRJET- Secure Data Protection in Cloud ComputingIRJET- Secure Data Protection in Cloud Computing
IRJET- Secure Data Protection in Cloud Computing
 
Object Oriented Programming
Object Oriented ProgrammingObject Oriented Programming
Object Oriented Programming
 
CISSP Certification- Security Engineering-part1
CISSP Certification- Security Engineering-part1CISSP Certification- Security Engineering-part1
CISSP Certification- Security Engineering-part1
 
Secure modelling schema of distributed information
Secure modelling schema of distributed informationSecure modelling schema of distributed information
Secure modelling schema of distributed information
 
Secure modelling schema of distributed information access management in cloud...
Secure modelling schema of distributed information access management in cloud...Secure modelling schema of distributed information access management in cloud...
Secure modelling schema of distributed information access management in cloud...
 
Secure modelling schema of distributed information access management in cloud...
Secure modelling schema of distributed information access management in cloud...Secure modelling schema of distributed information access management in cloud...
Secure modelling schema of distributed information access management in cloud...
 
Secure modelling schema of distributed information access management in cloud...
Secure modelling schema of distributed information access management in cloud...Secure modelling schema of distributed information access management in cloud...
Secure modelling schema of distributed information access management in cloud...
 

Más de iaemedu

Tech transfer making it as a risk free approach in pharmaceutical and biotech in
Tech transfer making it as a risk free approach in pharmaceutical and biotech inTech transfer making it as a risk free approach in pharmaceutical and biotech in
Tech transfer making it as a risk free approach in pharmaceutical and biotech iniaemedu
 
Integration of feature sets with machine learning techniques
Integration of feature sets with machine learning techniquesIntegration of feature sets with machine learning techniques
Integration of feature sets with machine learning techniquesiaemedu
 
Effective broadcasting in mobile ad hoc networks using grid
Effective broadcasting in mobile ad hoc networks using gridEffective broadcasting in mobile ad hoc networks using grid
Effective broadcasting in mobile ad hoc networks using gridiaemedu
 
Effect of scenario environment on the performance of mane ts routing
Effect of scenario environment on the performance of mane ts routingEffect of scenario environment on the performance of mane ts routing
Effect of scenario environment on the performance of mane ts routingiaemedu
 
Adaptive job scheduling with load balancing for workflow application
Adaptive job scheduling with load balancing for workflow applicationAdaptive job scheduling with load balancing for workflow application
Adaptive job scheduling with load balancing for workflow applicationiaemedu
 
Survey on transaction reordering
Survey on transaction reorderingSurvey on transaction reordering
Survey on transaction reorderingiaemedu
 
Semantic web services and its challenges
Semantic web services and its challengesSemantic web services and its challenges
Semantic web services and its challengesiaemedu
 
Website based patent information searching mechanism
Website based patent information searching mechanismWebsite based patent information searching mechanism
Website based patent information searching mechanismiaemedu
 
Revisiting the experiment on detecting of replay and message modification
Revisiting the experiment on detecting of replay and message modificationRevisiting the experiment on detecting of replay and message modification
Revisiting the experiment on detecting of replay and message modificationiaemedu
 
Prediction of customer behavior using cma
Prediction of customer behavior using cmaPrediction of customer behavior using cma
Prediction of customer behavior using cmaiaemedu
 
Performance analysis of manet routing protocol in presence
Performance analysis of manet routing protocol in presencePerformance analysis of manet routing protocol in presence
Performance analysis of manet routing protocol in presenceiaemedu
 
Performance measurement of different requirements engineering
Performance measurement of different requirements engineeringPerformance measurement of different requirements engineering
Performance measurement of different requirements engineeringiaemedu
 
Mobile safety systems for automobiles
Mobile safety systems for automobilesMobile safety systems for automobiles
Mobile safety systems for automobilesiaemedu
 
Efficient text compression using special character replacement
Efficient text compression using special character replacementEfficient text compression using special character replacement
Efficient text compression using special character replacementiaemedu
 
Agile programming a new approach
Agile programming a new approachAgile programming a new approach
Agile programming a new approachiaemedu
 
Adaptive load balancing techniques in global scale grid environment
Adaptive load balancing techniques in global scale grid environmentAdaptive load balancing techniques in global scale grid environment
Adaptive load balancing techniques in global scale grid environmentiaemedu
 
A survey on the performance of job scheduling in workflow application
A survey on the performance of job scheduling in workflow applicationA survey on the performance of job scheduling in workflow application
A survey on the performance of job scheduling in workflow applicationiaemedu
 
A survey of mitigating routing misbehavior in mobile ad hoc networks
A survey of mitigating routing misbehavior in mobile ad hoc networksA survey of mitigating routing misbehavior in mobile ad hoc networks
A survey of mitigating routing misbehavior in mobile ad hoc networksiaemedu
 
A novel approach for satellite imagery storage by classify
A novel approach for satellite imagery storage by classifyA novel approach for satellite imagery storage by classify
A novel approach for satellite imagery storage by classifyiaemedu
 
A self recovery approach using halftone images for medical imagery
A self recovery approach using halftone images for medical imageryA self recovery approach using halftone images for medical imagery
A self recovery approach using halftone images for medical imageryiaemedu
 

Más de iaemedu (20)

Tech transfer making it as a risk free approach in pharmaceutical and biotech in
Tech transfer making it as a risk free approach in pharmaceutical and biotech inTech transfer making it as a risk free approach in pharmaceutical and biotech in
Tech transfer making it as a risk free approach in pharmaceutical and biotech in
 
Integration of feature sets with machine learning techniques
Integration of feature sets with machine learning techniquesIntegration of feature sets with machine learning techniques
Integration of feature sets with machine learning techniques
 
Effective broadcasting in mobile ad hoc networks using grid
Effective broadcasting in mobile ad hoc networks using gridEffective broadcasting in mobile ad hoc networks using grid
Effective broadcasting in mobile ad hoc networks using grid
 
Effect of scenario environment on the performance of mane ts routing
Effect of scenario environment on the performance of mane ts routingEffect of scenario environment on the performance of mane ts routing
Effect of scenario environment on the performance of mane ts routing
 
Adaptive job scheduling with load balancing for workflow application
Adaptive job scheduling with load balancing for workflow applicationAdaptive job scheduling with load balancing for workflow application
Adaptive job scheduling with load balancing for workflow application
 
Survey on transaction reordering
Survey on transaction reorderingSurvey on transaction reordering
Survey on transaction reordering
 
Semantic web services and its challenges
Semantic web services and its challengesSemantic web services and its challenges
Semantic web services and its challenges
 
Website based patent information searching mechanism
Website based patent information searching mechanismWebsite based patent information searching mechanism
Website based patent information searching mechanism
 
Revisiting the experiment on detecting of replay and message modification
Revisiting the experiment on detecting of replay and message modificationRevisiting the experiment on detecting of replay and message modification
Revisiting the experiment on detecting of replay and message modification
 
Prediction of customer behavior using cma
Prediction of customer behavior using cmaPrediction of customer behavior using cma
Prediction of customer behavior using cma
 
Performance analysis of manet routing protocol in presence
Performance analysis of manet routing protocol in presencePerformance analysis of manet routing protocol in presence
Performance analysis of manet routing protocol in presence
 
Performance measurement of different requirements engineering
Performance measurement of different requirements engineeringPerformance measurement of different requirements engineering
Performance measurement of different requirements engineering
 
Mobile safety systems for automobiles
Mobile safety systems for automobilesMobile safety systems for automobiles
Mobile safety systems for automobiles
 
Efficient text compression using special character replacement
Efficient text compression using special character replacementEfficient text compression using special character replacement
Efficient text compression using special character replacement
 
Agile programming a new approach
Agile programming a new approachAgile programming a new approach
Agile programming a new approach
 
Adaptive load balancing techniques in global scale grid environment
Adaptive load balancing techniques in global scale grid environmentAdaptive load balancing techniques in global scale grid environment
Adaptive load balancing techniques in global scale grid environment
 
A survey on the performance of job scheduling in workflow application
A survey on the performance of job scheduling in workflow applicationA survey on the performance of job scheduling in workflow application
A survey on the performance of job scheduling in workflow application
 
A survey of mitigating routing misbehavior in mobile ad hoc networks
A survey of mitigating routing misbehavior in mobile ad hoc networksA survey of mitigating routing misbehavior in mobile ad hoc networks
A survey of mitigating routing misbehavior in mobile ad hoc networks
 
A novel approach for satellite imagery storage by classify
A novel approach for satellite imagery storage by classifyA novel approach for satellite imagery storage by classify
A novel approach for satellite imagery storage by classify
 
A self recovery approach using halftone images for medical imagery
A self recovery approach using halftone images for medical imageryA self recovery approach using halftone images for medical imagery
A self recovery approach using halftone images for medical imagery
 

Process behaviour modelling using lsm

  • 1. INTERNATIONALComputer Volume OF COMPUTER ENGINEERING – International Journal of JOURNAL 3, Issueand Technology (IJCET), ISSN 0976 6367(Print), ISSN 0976 – 6375(Online) Engineering 3, October-December (2012), © IAEME & TECHNOLOGY (IJCET) ISSN 0976 – 6367(Print) ISSN 0976 – 6375(Online) Volume 3, Issue 3, October - December (2012), pp. 369-376 IJCET © IAEME: www.iaeme.com/ijcet.asp Journal Impact Factor (2012): 3.9580 (Calculated by GISI) ©IAEME www.jifactor.com PROCESS BEHAVIOUR MODELLING USING LSM S. Ravi Sankar1, Y. Swapna2 1 (Faculty, CSE Department, National Institute of Technology, Goa, India, srs@nitgoa.ac.in) 2 (Faculty, CSE Department, National Institute of Technology, Goa, India, spr@nitgoa.ac.in) ABSTRACT Computer security is a chronic and growing problem, even for Linux, as evidenced by the seemingly endless stream of software security vulnerabilities. Security research has produced numerous access control mechanisms that help improve system security; however, there is little consensus on the best solution. Because of this lack of consensus, there are many patches to the Linux kernel that provide enhanced access controls but none of them are a standard part of the Linux kernel. The Linux Security Modules (LSM) seeks to solve this by providing a general purpose framework for security policy modules. This allows many different access control models to be implemented as loadable kernel modules. Just before the kernel would access the internal object, an LSM hook makes an out-call to the module posing the question “Is this access ok with you?” The module processes this policy question and returns either “yes” or “no.” In this paper we are modeling process behaviour using LSM, a brief overview of existing security modules. The behaviour of process is checked with LSM Hooks and functions, right before kernel tries to access/take up the task. If it matches the expected operation, then it returns success and task will be continued. If an error value is returned, the task will not start. Keywords: Security, LSM, SELinux, LSM Hook 1. INTRODUCTION Security is a chronic and growing problem, as more systems (and more money) go on line, the motivation to attack rises. Linux is not immune to this threat, Linux systems do experience a large number of software vulnerabilities. At the 2001 Linux Kernel Summit, NSA developers presented their work on Security-Enhanced Linux (SELinux) [3] and emphasized the need for enhanced security support in the main Linux kernel. In the ensuing discussion, a consensus was reached that a general access-control framework for the Linux kernel was needed. This approach would allow different security models to work without modifying the main kernel code. 369
  • 2. International Journal of Computer Engineering and Technology (IJCET), ISSN 0976 – 6367(Print), ISSN 0976 – 6375(Online) Volume 3, Issue 3, October-December (2012), © IAEME Out of this discussion grew the Linux Security Module (LSM) Project [6, 4, 7]. A number of developers worked together to create a framework of kernel hooks that would allow many security models to work as loadable kernel modules. This allows many different access control models to be implemented as loadable kernel modules, enabling multiple threads of security policy engine development to proceed independently of the main Linux kernel. A number of existing enhanced access control implementations, including POSIX.1e capabilities [5], SELinux [3], Domain and Type Enforcement (DTE)[1] and Linux Intrusion Detection System (LIDS)[9] have already been adapted to use the LSM framework. During the 2002 Linux Kernel Summit, the technical description of the project was presented, and the first portion of the LSM framework appeared in the 2.5.29 kernel release. Further kernel releases contained more portions of the LSM framework. 2. RELATED WORK This section provides an overview of the Linux Security Modules (LSM) framework. The LSM framework adds security fields to kernel data structures and inserts calls to hook functions at critical points in the kernel code to manage the security fields and to perform access control. It also adds functions for registering and unregistering security modules. Extended attribute handlers for a new security namespace were added to file systems to support new file security attributes, and a /proc/pid/attr subdirectory was introduced to provide user space access to new process security attributes. The LSM security fields are simply void* pointers. For process and program execution security information, security fields were added to struct task_struct and struct linux_binprm. For file system security information, a security field was added to struct super_block [2]. Each LSM hook is a function pointer in a global table, security_ops. This table is a security_operations structure as defined by include/linux/security.h. Detailed documentation for each hook is included in this header file. The hooks are grouped into logical sets based on the kernel object (e.g. task, inode, file, sock, etc) as well as some miscellaneous hooks for system operations[4]. A register_security function (in security/security.c) is provided to allow a security module to set security_ops to refer to its own hook functions, and an unregister_security function is provided to revert security_ops to the dummy module hooks[2]. Most of its functionality can now be implemented using the extended attribute support and /proc/pid/attrinterface, as mentioned above. 2.1. LSM Architecture This section provides an overview of the SELinux security module internal architecture as shown in the fig.1. The module code is located within the security/SELinux subdirectory of the kernel tree. The security server provides general interfaces for obtaining security policy decisions, enabling the rest of the module to remain independent of the specific security policies used. These interfaces are defined in the include/security.h header file under the SELinux module directory. 370
  • 3. International Journal of Computer Engineering and Technology (IJCET), ISSN 0976 – 6367(Print), ISSN 0976 – 6375(Online) Volume 3, Issue 3, October-December (2012), © IAEME Fig.1: LSM Architecture Having discussed the high-level design philosophies of LSM we now turn to the implementation of the LSM interface. At the core, the LSM interface is a large table of functions, which by default are populated with calls that implement the traditional super user Discretionary Access Control (DAC) policy. The module writer is then responsible for providing implementations of the functions that they care about. In [8], the different types of hooks which LSM provides have been explained. 3. METHODOLOGY One of the most interesting applications of LSM appears when process permissions are based on the process behaviour profile. In this paper we are modelling the behaviour of a process using LSM. For this, in order to implement the LSM module and use the security structure, we have to disable the NSA security flag after the kernel is compiled and configuring the modules. By this we can implement our own security Module with the help of the structure Linux security plug-in located in /usr /src /linux-2.6...... /include /linux /security.h. At first we insert a module to the kernel which checks the file permissions and the behaviour of the user application or process with a demon which holds the execution behaviour of that particular process. The module consists of the struct security_operations structure which checks the file permissions and socket operation of our particular application. File permission function detects our present running application and traces the behaviour like open, read etc. System calls which will be checked with the demon continually and the status is returned to the module for every system call. If the call is matched demon will return yes to continue the process and keeps on checking remaining calls. Suppose the call is not matched with the one in demon it returns NO to the module and informs there is some deviation or abnormal behaviour of process, immediately the module will terminate the process from executing. In order to show the process behaviour we used the open system calls and a socket to model it. Here we treat socket call as abnormal behaviour, as in most cases malfunctioning processes try to communicate, and terminate the process whenever this call is made. Remaining for the open calls the process should run normally and module allows it execute. 371
  • 4. International Journal of Computer Engineering and Technology (IJCET), ISSN 0976 – 6367(Print), ISSN 0976 – 6375(Online) Volume 3, Issue 3, October-December (2012), © IAEME The user application or the process which we are modelling first opens a file, create a socket, then close the file and socket. The demon consists of a while loop which continually checks the calls which are sent by module and returns the status accordingly. This function is called whenever the kernel wants to determine if a specific file can be accessed at this moment in time. A security module can look at the file, check whether the current user has proper authority and possibly refuse to grant it. int f_socket(int family, int type, int protocol, int kern) { if( strcmp(current->comm,"app")==0 ) { printk(KERN_ALERT"in socket create function after strcmpn"); strcpy(kbuf,"socket"); up(&semr); down_interruptible(&semw); if(status=='n') { printk("process behaviour is suspicious , will be abortedn"); return -1; } } return 0; } Fig.2: Flow chart of Process Behaviour Modelling 372
  • 5. International Journal of Computer Engineering and Technology (IJCET), ISSN 0976 – 6367(Print), ISSN 0976 – 6375(Online) Volume 3, Issue 3, October-December (2012), © IAEME 4. IMPLEMENTATION An implementation of flexible access control architecture in the Linux kernel has been developed. It is useful and effective for developing Linux security enhancements. int reg,ureg; int f_per (struct file *file,int mask); int f_ioctl (struct file * file, unsigned int cmd,unsigned long arg); //extern int register_security (struct security_operations *ops); //extern int unregister_security (struct security_operations *ops); //int char_ioctl(struct inode *, struct file *, unsigned int, unsigned long); //int (*file_ioctl) (struct file * file, unsigned int cmd,unsigned long arg): struct security_operations secop= { .file_permission = f_per, .file_ioctl = f_ioctl, }; int init_module(void) { printk(KERN_ALERT"in init functionn"); reg = register_security(&secop); if(reg!=0) { printk(KERN_ALERT"register security failedn"); return -1; } return 0; } void cleanup_module(void) { printk(KERN_ALERT"in exit functionn"); ureg=unregister_security(&secop); if(ureg!=0) { printk(KERN_ALERT"unregister security failedn"); } } int f_per (struct file *file,int mask) { if( strcmp(current->comm,"app")==0 ) { printk(KERN_ALERT"in file permission function after strcmpn"); printk(KERN_ALERT"path =%sn",file->f_dentry->d_iname); } return 0; } int f_ioctl(struct file * file, unsigned int cmd,unsigned long arg) 373
  • 6. International Journal of Computer Engineering and Technology (IJCET), ISSN 0976 – 6367(Print), ISSN 0976 – 6375(Online) Volume 3, Issue 3, October-December (2012), © IAEME { int number=10,ret; if( strcmp(current->comm,"app")==0 ) { switch(cmd) { case readioctl: ret=copy_to_user((int *)arg,&number,sizeof(number)); if(ret!=0) { printk("no of bytes not copied is %dn",ret); } printk("the number sent to demon is %d n",number); break; default: printk("invalid choice n"); } } return 0; } 5. RESULTS Experiments were conducted to test and evaluate the effectiveness of the proposed approach to provide security. This section presents and details the experiments undertaken and the results achieved. Fig. 3: Inserting LSM Module Fig.4: Running Daemon Process 374
  • 7. International Journal of Computer Engineering and Technology (IJCET), ISSN 0976 – 6367(Print), ISSN 0976 – 6375(Online) Volume 3, Issue 3, October-December (2012), © IAEME Fig.5: Running Application Fig.6: Status Info from Daemon to LSM Module Fig. 7: Intercepting System calls to monitor process behavior In the above fig.3, using insmod command LSM module has been added to the kernel. Before adding LSM module, we have to disable the NSA security flag after the kernel is compiled and configuring the modules. By this we can implement our own security Module with the help of the structure Linux security plug-in located in /usr /src /linux-2.6...... /include /linux /security.h. 375
  • 8. International Journal of Computer Engineering and Technology (IJCET), ISSN 0976 – 6367(Print), ISSN 0976 – 6375(Online) Volume 3, Issue 3, October-December (2012), © IAEME Now the inserted module to the kernel checks the file permissions and the behaviour of the user application (fig.5) with a demon process (fig.4) which holds the execution behaviour of that particular process. File permission function detects our present running application and traces the behaviour like open, read etc. System calls which will be checked with the demon continually and the status is returned to the module for every system call as shown in the fig. 6 and 7.If the process is suspicious then terminate it from running state or else continue the process execution. 6. CONCLUSION There are probably other methods of taking an existing running program and spawning a root process that this module does not catch. The proposed approach would be useful for researchers in this area. Anybody who depends on a Linux security module (such as SELinux) is depending on comprehensive checking within the kernel. Some work in this area could do a lot to increase the level of trust which can be placed in LSM-based modules. The implemented LSM meets these criteria. The patch is relatively small, and the performance data in shows that the LSM patch imposes nearly zero overhead. The broad suite of security products from around the world that have been implemented for LSM shows that the LSM API is useful and effective for developing Linux security enhancements. REFERENCES [1] Serge Hallyn and Phil Kearns. Domain and Type Enforcement for Linux. In Proceedings of the 4th Annual Linux Showcase and Conference, October 2000. [2] Stephen Smalley, Wayne Salamon, and Chris Vance. Implementing SELinux as a Linux Security Module. http://www.nsa.gov, December 2001. [3] Peter Loscocco and Stephen Smalley. Integrating Flexible Support for Security Policies into the Linux Operating System. In Proceedings of the FREENIX Track: 2001 USENIX Annual Technical Conference (FREENIX ’01), June 2001. [4] Stephen Smalley, Timothy Fraser, and Chris Vance. Linux Security Modules: General Security Hooks for Linux. http://lsm.immunix.org/, September 2001. [5] Winfried Trumper. Summary about POSIX.1e. http://wt.xpilot.org/publications/posix.1e, July 1999. [6] WireX Communications. Linux Security Module. http://lsm.immunix.org/, April 2001. [7] Chris Wright, Crispin Cowan, Stephen Smalley, James Morris, and Greg Kroah-Hartman. Linux Security Modules: General Security Support for the Linux Kernel. In USENIX Security Symposium, San Francisco, CA, August 2002. [8] Chris Wright and Crispin Cowan, Stephen Smalley, James Morris and Greg Kroah-Hartman, Linux Security Module Framework DARPA 2002 . [9] Linux Intrusion Detection System. World-wide web page available at http://www.lids.org. 376