Abstract
It’s very important to study security mechanisms inside an operating system, among which access control mechanisms are indispensable for system security. Nowadays, Linux is becoming more and more popular for its excellent performance and open source philosophy. Meanwhile, access control mechanisms of Linux have been improved ceaselessly to satisfy arisen security requirements. For instance, SELinux is integrated into Linux kernel 2.6 and it can enforce a policy based on mandatory access control (MAC). However, there are still some defects in these mechanisms. In this paper, available Linux access control mechanisms are analyzed at first, while permission division principle is summarized. Then a SELinux-like MAC mechanism characteristic of cross-layered permission assignment is devised based on some popular information security models such as RBAC, DTE and etc. And a corresponding prototype system is implemented based on Linux. Finally, some preliminary test results are analyzed and further research directions are pointed out.
The research presented in this paper was performed with the support of Beijing Jiaotong University Grants for 2005SM016.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Zhai, G., Zeng, J., Ma, M., Zhang, L.: Implementation and Automatic Testing for Security Enhancement of Linux Based on Least Privilege. In: Proceedings of the 2nd International Conference on Information Security and Assurance (ISA 2008), pp. 181–186. IEEE Computer Society, Los Alamitos (2008)
Linux Introduction and POSIX Permissions and Commands, http://www.networkingprogramming.com/1024x768/linux1.html
Tu, W., Guan, H., Bai, Y.: Enhancing Access Control Function in Linux File System. Computer Applications and Software 23(2), 117–118, 119 (2006) (in Chinese)
Bacarella, M.: Taking Advantage of Linux Capabilities. Linux Journal 2002(97) (2002)
Access Control Lists in Linux, http://www.suse.de/~agruen/acl/chapter/fs_acl-en.pdf
Smalley, S., Vance, C., Salamon, W.: Implementing SELinux as a Linux Security Module, NAI Labs Report #01-043 (February 2006)
Zanin, G.: Towards a formal model for security policies specification and validation in the SELinux system. In: Proceedings on the Ninth ACM Symposium on Access Control Models and Technologies (SACMAT 2004), pp. 136–145. ACM Press, New York (2004)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Zhai, G., Li, Y. (2009). Study and Implementation of SELinux-Like Access Control Mechanism Based on Linux. In: Kim, Hk., Kim, Th., Kiumi, A. (eds) Advances in Security Technology. SecTech 2008. Communications in Computer and Information Science, vol 29. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-10240-0_5
Download citation
DOI: https://doi.org/10.1007/978-3-642-10240-0_5
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-10239-4
Online ISBN: 978-3-642-10240-0
eBook Packages: Computer ScienceComputer Science (R0)