Under Linux The Lkm Security Analysis And Improvement Of Study

In recent years, Linux operating system develops very fast because of its outstanding performance, stability, flexibility and extensibility brought by its characteristic of opening source code. More and more business products begin to adopt Linux system as their software platform.In order to solve the extensibility of monolithic kernel, Linux introduces LKM which makes it more modularization. But it doesn't deal with security of LKM thoroughly. Even evolving into version 2.6, kernel still doesn't have special interfaces reserved for security module; it results in many security problems. All the while, it is a most active field of attack which runs in kernel using LKM. LKM's security mechanism is not emphasized in spite of its extension of kernel module and running in kernel. So simple detecting tools are not compatible with Linux, its extensibility is not excellent, it can't use behavior character of loading of LKM to detect and prevent evil module.Because of the importance of LKM's security to Linux kernel, the thesis combines new security characteristic of the latest version of Linux, analyzes attacking methods using LKM, summarizes LKM's security characteristic, uses the latest production of security OS, brings improving plan of LKM's security. The main work includes:1. Analyze and summarize knowledge of special operations of attack using LKM;2. Realize attacking method based of LKM, for example, hijacking of system calls and IDT, injecting of LKM, hiding of module, and give its solution in kernel version 2.6;3. Summarize LKM's limitation and key problem;4. Analyze LSM frame and SELinux's effect to LKM;5. Summarize the limitation of LSM security module and give improving plan of LSM which bases on SELinux;6. Realize the plan which solving LKM's security problem.In conclusion, the contents of LKM's security, which are analyzed and summarized in this thesis, provide good information for LKM's detecting and recovery. At the same time, the improving plan gives an effective and extensible solution for LKM's security and leaves good framework for subsequent research.