Linux System Security Research

This paper is on study of the security of Linux.As the modern operation system ,Linux can be seen in every aspects .Linux does a good job in Server and embedded system,even in the desktop system,it gets more popular.And this is why people pay much attention to the security of Linux.This paper first analyses the relationship between LINUX and the other operation systems such as UNIX and WINDOWS. Linux is a Unix-like system,though it is compatible with UNIX,it has its own features. The difference between Linux and WINDOWS can be seen in the system architecture of the kernel.And then analyse the buffer overflow in Linux based on the DAC with the kernel sourcecode.The reason why the set_uid programs become the main threat to Linux is that the attack of it can make the attacker become the root user. Furthermore, this paper describes the principle of LSM(LINUX security module) which provides a platform for the security modules. At last jthis paper would design and program a security module with the MAC within the LSM framework.In LINUX, each entity would have a label which is used by the judge of mandatory access control.In the procedure of the module's designing,this paper uses the concept of the least privilege and the role-based access control to design the label.So the module can lessen the influence of the buffer-overflow attacks while enhances the security of the system.