Linux Based Access Control USB Storage Devices Mechanism

With USB storage technology developed rapidly, USB storage devices are becoming more and more popular, and they bring a great convenience into the life of people. With great convenience, USB storage technology also brings great hidden trouble to the enterprise information security. Aim at current situation, this paper proposes a new data leakage protection system in the technology level to prevent data leakage which is brought by USB storage devices.In this paper, based on a deep analyze of the threat of data leakage caused by USB storage devices, we establish a threat analysis model DL-TAM for USB storage devices. And then, to against data leakage cause by USB storage devices, we propose corresponding protection strategy based on DL-TAM, and we also realize a set of defense system based on the strategy.According to the characteristic of data leakage caused by USB storage devices, the defense system we mentioned above adopts a data leakage protection strategy. The strategy uses access control before event, behavior monitor during event, log track after event to prevent the data leakage event. The defense system can be divided into two parts which are USB storage devices access control and USB storage devices behavioral data acquisition.In the aspect of access control for USB storage devices, we propose an access control technology based on the framework LSM. By using the hook that LSM framework placed in the kernel of Linux, intercept operations including mount, read, write, run and unmount, realize access control to these USB storage devices. This kind of access control technology for USB storage devices uses access control framework for Linux kernel resources, realize access control to USB storage devices. This technology compares with traditional access control technology for USB storage devices, has some merits like loaded with kernel, easy to implement and so on.In the aspect of behavioral data acquisition for USB storage devices, we also propose a behavior acquisition mechanism for USB storage devices based on LSM framework. Traditional access control for Linux and behavior records are belonging to two different systems. Based on this, access control and behavior record to a same operation may process intercept operation twice. Using this behavior acquisition technology to optimize process audit mechanism used in Linux, access control and behavior record are put into a same architecture, and this saves intercept operation once. System resource is saved effectively, and the efficiency of the system is improved.At last, this paper realizes the defense system of protection for data leakage caused by USB storage devices, and evaluates the system's function and performance. From the evaluation, it turns out that the defense system can implement access control and behavior record to USB storage devices successfully. Besides, this system's influence of Linux file system is very small.