Linux Security Modules

Linux Security Modules (LSM) is a

TOMOYO Linux

are the currently approved security modules in the official kernel.

Design

LSM was designed in order to answer all the requirements for successfully implementing a

TOCTTOU (race) attacks. Instead, LSM inserts "hooks

" (upcalls to the module) at every point in the kernel where a user-level system-call is about to result with an access to an important internal kernel-object like inodes and task control blocks.

LSM is narrowly scoped to solve the problem of

Operating system-level virtualization

.

LSM's access-control goal is very closely related to the problem of system auditing, but is subtly different. Auditing requires that every attempt at access be recorded. LSM cannot deliver this, because it would require a great many more hooks, in order to detect cases where the kernel "short circuits" failing system-calls and returns an error code before getting near significant objects.

The LSM design is described in the paper Linux Security Modules: General Security Support for the Linux Kernel^[1] presented at USENIX Security 2002.^[2] At the same conference was the paper Using CQUAL for Static Analysis of Authorization Hook Placement^[3] which studied automatic static analysis of the kernel code to verify that all of the necessary hooks have actually been inserted into the Linux kernel.

Adoption

AppArmor
SELinux
Smack
TOMOYO
Landlock^[4]

History

At the 2001 Linux Kernel Summit, the NSA proposed that SELinux be included in Linux 2.5.^[5] Linus Torvalds rejected SELinux at that time, because he observed that there are many different security projects in development, and since they all differ, the security community has not yet formed consensus on the ultimate security model. Instead, Linus charged the security community to "make it a module".

In response,

NSA, McAfee, IBM, Silicon Graphics

, and many independent contributors. LSM was ultimately accepted into the Linux kernel mainstream and was included as a standard part of Linux 2.6 in December 2003.

In 2006, some kernel developers observed that SELinux was the only widely used LSM module included in the mainstream Linux kernel source tree. If there is to be only one widely used LSM module, it was reasoned, then the indirection of LSM is unnecessary, and LSM should be removed and replaced with SELinux itself. However, there are other LSM modules maintained outside of the mainstream kernel tree (

Kernel Summit

, Linus once again asserted that LSM would stay because he does not want to arbitrate which is the best security model.

LSM is likely to remain since additional security modules

TOMOYO Linux (version 2.6.30, June 2009) and AppArmor

(version 2.6.36) were accepted in the mainline kernel.

References

^ "Linux Security Modules: General Security Support for the Linux Kernel". 2002. Retrieved 2007-02-03.
^ "11th USENIX Security Symposium". 2002. Retrieved 2007-02-03.
^ "Using CQUAL for Static Analysis of Authorization Hook Placement". 2002. Retrieved 2007-02-03.
^ Landlock: unprivileged access control
^ Stephen Smalley; Timothy Fraser; Chris Vance. "Linux Security Modules: General Security Hooks for Linux". Retrieved 2015-10-26.
^ Crispin Cowan (2001-04-11). "Linux Security Module Interface". linux-kernel mailing list. Retrieved 2007-02-03.

External links

"Source code and project statistics". Archived from the original on 2005-03-07. Retrieved 2006-02-08.
SysAdmin magazine article on BSD Secure Levels
Security Projects based on the Linux kernel

[1] "Linux Security Modules: General Security Support for the Linux Kernel". 2002. Retrieved 2007-02-03.

[2] "11th USENIX Security Symposium". 2002. Retrieved 2007-02-03.

[3] "Using CQUAL for Static Analysis of Authorization Hook Placement". 2002. Retrieved 2007-02-03.

[4] Landlock: unprivileged access control

[5] Stephen Smalley; Timothy Fraser; Chris Vance. "Linux Security Modules: General Security Hooks for Linux". Retrieved 2015-10-26.

[6] Crispin Cowan (2001-04-11). "Linux Security Module Interface". linux-kernel mailing list. Retrieved 2007-02-03.

[1]

[2]

[3]

[4]

[5]

v t e Linux
Linux kernel	History Linus's law Linux-libre Booting process Kernel oops Tux more…
Controversies	Criticism of Linux Criticism of desktop Linux GNU/Linux naming controversy Tanenbaum–Torvalds debate SCO and Linux
Distributions	General comparison Distributions list Netbook-specific comparison Distributions that run from RAM Lightweight Security-focused operating system Package manager Package format List of software package managers
Organizations	LinuxChix Linux Counter Linux Documentation Project Linux Foundation Linux Mark Institute Linux User Group (LUG)
Adoption	Adopters Desktop Embedded Gaming Mobile Range of use Linux malware
Media	DistroWatch Free Software Magazine Full Circle Linux.com Linux Format Linux Gazette Linux Journal Linux Magazine LinuxUser Ubuntu User Linux Outlaws Linux Voice LugRadio LWN.net Phoronix Revolution OS The Code
Professional related certifications	CompTIA Linux+ Linux Foundation Red Hat Ubuntu
Linux portal Free and open-source software portal Category