Linux Security

Contents

1. Introduction 1
1.1 Problem Statement 1
1.2 What Is Security? 1
1.3 OS Protection and Security 2
1.4 Assets and their Vulnerabilities 2
1.5 Protection 3
1.6 Intruders 3
1.7 Malicious Software 3
1.8 Trusted Systems 4
1.9 Protection and Security Design Principles 4
1.10 The Unix/Linux Security Model 5
1.10.1 Properties of the Unix Superuser 5
1.10.2 The Unix Security Model — Groups 6
1.10.3 Protection For Unix Files and Directories 6
1.10.4 The Meaning of Permissions 6
1.10.5 Changing File and Directory Permissions 7
1.11 Access control lists (ACLs) 8
1.11.1 Access Tokens and User Rights 8
1.11.2 The Discretionary Access Control List 8
1.11.3 The System Access Control List 9
2. Background and Motivation 10
2.1 Background 10
2.2 What is Clustering? 10
2.2.1 Advantages of clustering 11
2.2.2 Applications of Clustering 11
2.2.3 Getting Started With Linux Cluster 11
2.2.4 Cluster Components 11
2.3 Motivation 12
3. Literature Survey 13
3.1 Security Models 13
3.1.1 Access Control Matrix 13
3.1.2 Bell-La Padula 14
3.1.3 GFAC 14
3.1.4 Domain and Type Enforcement 15
3.1.5 FLASK 16
3.1.6 DSI 17
3.2 Security Mechanisms 17
3.2.1 Discretionary Access Control 18
3.2.2 Mandatory Access Control 18
3.2.3 Role-Based Access Control 18
3.2.4 Reference Monitor 18
3.3 Other Concepts 19
3.3.1 Separation of Mechanism and Policy 19
4. Implementation 20
4.1 System Design 20
4.2 Hardware And Software Requirement 20
4.2.1 Software requirement 21
5. Conclusion 22
References 23

List of Tables and Figures
Table 3.1: Example of an access control matrix with two subjects and two objects

Figure 3.1: Overview of the Generalized Framework for Access Control (GFAC) architecture
Figure 3.2: Overview of the Flux Advanced Security Kernel (FLASK) architecture
Figure 4.1 System Model for security module

1. Introduction
1.1 Problem Statement
Traditionally, the telecom industry uses clusters to meet its carrier-grade