Advertisement

A Comparison Between ConSA and Current Linux Security Implementations

  • Alexandre Hardy
  • Martin S. Olivier
Part of the IFIP — The International Federation for Information Processing book series (IFIPAICT, volume 87)

Abstract

There are many extensions to the Linux security model that are available. ConSA [1] aims to provide a configurable architecture, and should allow many security systems to be implemented. A prototype ConSA system has been implemented in Linux. This paper will examine how ConSA relates to currently available Linux security extensions.

Keywords

Access Control Security Security Model 

References

  1. [1]
    M. S. Olivier, Towards a Configurable Security Architecture, Data and Knowledge Engineering, To appear.Google Scholar
  2. [2]
    D. E. Bell and L. J. LaPadula, “Secure computer system: unified exposition and Multics interpretation”, Rep. ESD-TR-75–306, March 1976, MITRE CorporationCrossRefGoogle Scholar
  3. [3]
    The Linux-PAM System Administrators’ Guide, Andrew G. Morgan, 1998Google Scholar
  4. [4]
    Inside Unix, Chris Hare, Emmett Dunlaney, George Eckel, Steven Lee, Lee Ray, New Riders Publishing, 1994Google Scholar
  5. [5]
    The Linux Kernel book, Remy Card, Eric Dumas, Frank Mevel, Wiley, 1997Google Scholar
  6. [6]
    Confining Root Programs with Domain and Type Enforcement, USENIX UNIX Security Symposium, 1996Google Scholar
  7. [7]
    Practical Domain and Type Enforcement for UNIX, L. Badger, D. F. Sterne, D. L. Sherman, K. M. Walker, S. A. Haghighat, IEEE Symposium on Security and Privacy, 1995Google Scholar
  8. [8]
    A Domain and Type Enforcement UNIX Prototype, IEEE Symposium on Security and Privacy, 5th USENIX UNIX Security SymposiumGoogle Scholar
  9. [9]
    Controlling Network Communication with Domain and Type Enforcement, L. Badger, D. F. Sterne, D. L. Sherman, K. M. Walker, S. A. Haghighat, S. L. Murphy, Proceedings of the 1995 National Information Systems Security conference.Google Scholar
  10. [10]
    The Controlled Application Set Paradigm for Trusted Systems, D. F. Sterne, Glenn S. Benson, Proceedings of the 1995 National Information Systems Security conference.Google Scholar
  11. [11]
    Rule Set Based Access Control as proposed in the ‘Generalized Framework for Access Control’, Amon Ott, Masters Thesis, 1997Google Scholar
  12. [12]
    From a Formal Privacy Model to its Implementation, Simone Fischer-Hübner, Amon Ott, National Information Systems Security Conference, 1998Google Scholar
  13. [13]
    Design Specification: An Implementation of Access Control Lists for Linux, http://students.dwc.edu/frival/acl/acldesign.htmlGoogle Scholar
  14. [14]
    The Linux Trustees Project, http://www.braysystems.com/linux/trustees.htmlGoogle Scholar
  15. [15]
    Group ACL for ext2 in LiVE, http://aerobee.informatik.uni-bremen.de/acLeng.htmlGoogle Scholar
  16. [16]
    LOMAC - Low Water-Mark Mandatory Access Control User’s Manual v0.2, Tim Fraser, NAI Labs, 1999Google Scholar
  17. [17]
    The Single UNIXR Specification, Version 2, The Open Group, 1997, www.opengroup.orgGoogle Scholar

Copyright information

© IFIP International Federation for Information Processing 2002

Authors and Affiliations

  • Alexandre Hardy
    • 1
  • Martin S. Olivier
    • 1
  1. 1.Computer ScienceRand Afrikaans UniversityJohannesburgSouth Africa

Personalised recommendations