Generally, Linux provides user-level security policies by distinguishing root users from unprivileged users. Applications in Linux can run in either user or kernel mode. The kernel itself may be composed of two major parts, the core kernel and various loadable modules.
The Linux kernel, which is open source, is subject to various attacks by unauthorized applications in the user space. Various methods have been proposed for protecting the Linux kernel against various vulnerabilities. However, many of the proposed methods require changes to the kernel itself, leading to long testing and debugging periods, and also running the risk of introducing new bugs. For instance, attempts have been made to secure the Linux kernel by hardening it, which may include modifying the kernel or implementing loadable kernel modules. When modifying the kernel, the kernel source itself is modified to add desired functionality. While this tackles security issues at their root, this typically needs to be followed up with rigorous testing of both the modified part, as well as dependent parts of the modified part. By implementing loadable kernel modules, desired functions are provided on top of the Linux kernel in the form of dynamically loadable modules. While this saves the cumbersome task of modifying the kernel source followed by stringent testing, the kernel functionality is not modified and, as such, limitations exist.
U.S. Pat. No. 7,644,271 discloses a method and computer program product for providing enforcement of security policies for kernel module loading. File paths for shared library executable files opened by user processes are cached. When a request to load a kernel loadable module (KLM) is received, a previously cached file path for the KLM is retrieved, the file path mapping a location of an executable file from which said KLM was produced. A security policy is applied to the file path, wherein when the file path triggers a security policy rule then an action associated with a triggered rule is taken, and wherein when the file path does not trigger a security policy rule then the KLM request is allowed to proceed.
U.S. Pat. No. 7,591,003 discloses a computer system that offers Linux® compatibility and supports contemporary hardware speeds. It is designed to require no porting of common applications that run on Linux so it is easy to develop for and allows the use of a wide variety of modern development tools. The system is further designed to meet or exceed the Common Criteria EAL-5 or higher rating through incorporation of required security features, as well as a very high level of assurance for handling data at a wide range of sensitivity, e.g., classification, levels in a wide range of operational environments. This is achieved through the implementation of a layered operating system which has been designed from the ground up to enforce security, but which also supports Linux operating system functions and methods.
U.S. patent application publication no. 2011/0047542 discloses a method that, in one example implementation, includes intercepting a request associated with an execution of an object, e.g., a kernel module or a binary, in a computer configured to operate in a virtual machine environment. The request is associated with a privileged domain of the computer that operates logically below one or more operating systems. The method also includes verifying an authorization of the object by computing a checksum for the object and comparing the checksum to a plurality of stored checksums in a memory element. The execution of the object is denied if it is not authorized. In other embodiments, the method can include evaluating a plurality of entries within the memory element of the computer, wherein the entries include authorized binaries and kernel modules. In other embodiments, the method can include intercepting an attempt from a remote computer to execute code from a previously authorized binary.
U.S. patent application publication no. 2008/0022353 discloses a method and computer program product for developing a security-enhanced application that runs on a flexible and configurable mandatory access control (MAC) operating system. The security-enhanced application separates resource information from processes and processes from each other. The security-enhanced application also includes a set of rules that control information flow between the resource information and processes. The method includes the following. First, user input is received that represents at least one abstract security principle. Then, the user input is translated into policy language using a framework dictionary, wherein the policy language specifies a policy that determines allowed access for the flexible and configurable MAC operating system.