A Mechanism To Enhance SELinux Security By Integrating Intrusion Detection

The challenge of information security arises along with the rapid development of society informatization. Access control and intrusion detection are two key technologies in this field. There is inevitable connection between access control and intrusion detection. Nowadays, however, they are implemented separately from each other and cannot work coordinately, resulting in the decrease of system security. Therefore, it is necessary to integrate access control and intrusion detection to enhance system security. SELinux is a mandatory access control system using type enforcement model developed by National Security Agency, known as the most outstanding mandatory access control system in the history of Linux. It uses type enforcement model, adopts Flask architecture and utilizes Linux Security Module framework, providing a great flexibility and adaptability. This paper proposes a security enhancements mechanism based on SELinux which integrates access control and intrusion detection, and an intrusion detection mechanism based on dual-level Markov chain and triggered by critical system call. Critical system call is a kind of system call which has great threat to the whole system.Firstly, the access control system and intrusion detection technology are studied, and the problems they exist are analyzed, so it is necessary to integrate access control and intrusion detection. Next, we have a deep discussion about access control system of SELinux and it is found that the combination of access control system and intrusion detection technology is feasible in SELinux. After analyzing the access control, intrusion detection and SELinux access control system deeply, this paper has put forward an intrusion detection mechanism based on dual-level Markov chain and triggered by critical system call. Moreover, organic combination of the access control and the Linux Security Module framework can improve the system security. In this part, this paper firstly describes its implementation framework and detection algorithm in detail, then verifies and analyzes the security mechanism by the experiment to prove its validity. Finally, the advantages and disadvantages of the mechanism are discussed.Theoretical analysis and experimental results show that the mechanism we propose is able to integrate access control and intrusion detection effectively and gets a preferable efficiency of intrusion detection, thus enhancing system security.