| Based on various research results and practical experiences, this paper presents a new design model to build a modulized secure OS kernel loadable from the application level. The project named KNumen has been developed to realize this new model on Linux system. Practical experience shows that KNumen is simple, strong, configurable, portable, and at the same time easy to use and maintain. Especially, users are required to authenticate through digital certificate. Security administrator can make flexible combinations of security modules according to practical security requirements, and administrate the system remotely by using graphical interfaces.Being compact in its architecture, KNumen is devided into three main parts: Enforcement, Decision and Security Policy Database. Enforcement facilities intercept system calls from application programs, transform them into decision requests and enforce the decision results. The kernel mechanisms to be runtime-loadable and modulized are mainly built on the callback function interfaces provided by the decision facility. And various security policies are implemented inside the security modules. Security Policy Database is where security policies are stored, independent of any underlying file systems.In order to improve system performance, a general cache to preserve access control information is built upon split trees inside the secure kernel. It has been proved that the usage of cache can effectively overcome the performance deficiencies. Further more, the authentication mechanism based on digital certificate intensified the security and reliability of the whole system. Users have their own public and private keys. They can remotely authenticate and login by using certificate files, then buid up a trusted and secure network connection to the target machine.Among the implemented security modules in KNumen, are well known ones, like Mac, Acl and Audit modules, as well as specially designed ones, like Important Process Protection and Trusted Program Authorization modules. Actually, the potential security modules which can be implemented are far more than these. And there are still many problems to be solved and the whole system is required to be optimized. These are all the work waiting to be done in the future.The idea put forward by this paper intend to open a new approach to build secure OS kernels. The effectiveness of this approach is proved by practical systems, making it a solid ground for future research and development in this direction.
|
PDF Full Text Request