| With the excellent features of performance, stability, flexibility, expansibility and low cost, Linux has been wildly used in the computer industry. But in the area of security, Linux kernel only provide the classic access control of UNIX and the capabilities mechanism of POSIX.1e, which blocks development and application of Linux. As to this problem, this paper discusses the security of Linux, especially the access control of file system.Linux Security Module (LSM) provides a flexible and general framework for the enhanced access control in the kernel. It modifies the Linux kernel from five main areas. It doesn't provide any security policy itself, But it provides a general security system to security module which will realize the security policy. Firstly this paper gives an introduction about the importance of the security of operating system, and presents the current threats of operating system and research situation on this area. Then it discusses the LSM from generation of LSM, thinking of design and realization. LIDS improves the security of Linux from the thinking of Loadable Kernel Module (LKM), it subdivides the access control granularity of Linux, limits the super user's priority. Linux Intrusion Detction System (LIDS) provides Linux with secure mechanism for access control. Finally, a detailed analysis of LIDS found deficiencies in its design function. To further refinement LIDS granularity of access control, in the original design improvement strategies based on the time and based on user ID, group ID were give out, and a specific design method is provided. |
PDF Full Text Request