Linux Security

Only available on StudyMode
  • Download(s) : 141
  • Published : January 30, 2013
Open Document
Text Preview
Contents

1. Introduction1
1.1 Problem Statement1
1.2 What Is Security?1
1.3 OS Protection and Security2
1.4 Assets and their Vulnerabilities2
1.5 Protection3
1.6 Intruders3
1.7 Malicious Software3
1.8 Trusted Systems4
1.9 Protection and Security Design Principles4
1.10 The Unix/Linux Security Model5
1.10.1Properties of the Unix Superuser5
1.10.2The Unix Security Model — Groups6
1.10.3Protection For Unix Files and Directories6
1.10.4The Meaning of Permissions6
1.10.5Changing File and Directory Permissions7
1.11 Access control lists (ACLs)8
1.11.1Access Tokens and User Rights8
1.11.2The Discretionary Access Control List8
1.11.3The System Access Control List9
2. Background and Motivation10
2.1 Background10
2.2 What is Clustering?10
2.2.1 Advantages of clustering11
2.2.2 Applications of Clustering11
2.2.3 Getting Started With Linux Cluster11
2.2.4 Cluster Components11
2.3 Motivation12
3. Literature Survey13
3.1 Security Models13
3.1.1 Access Control Matrix13
3.1.2 Bell-La Padula14
3.1.3 GFAC14
3.1.4 Domain and Type Enforcement15
3.1.5 FLASK16
3.1.6 DSI17
3.2 Security Mechanisms17
3.2.1 Discretionary Access Control18
3.2.2 Mandatory Access Control18
3.2.3 Role-Based Access Control18
3.2.4 Reference Monitor18
3.3 Other Concepts19
3.3.1 Separation of Mechanism and Policy19
4. Implementation20
4.1 System Design20
4.2 Hardware And Software Requirement20
4.2.1 Software requirement21
5. Conclusion22
References23

List of Tables and Figures
Table 3.1: Example of an access control matrix with two subjects and two objects

Figure 3.1: Overview of the Generalized Framework for Access Control (GFAC) architecture Figure 3.2: Overview of the Flux Advanced Security Kernel (FLASK) architecture Figure 4.1 System Model for security module


1. Introduction
1.1Problem Statement
Traditionally, the telecom industry uses clusters to meet its carrier-grade requirements of high availability, reliability, and scalability. To answer the need for advanced security feature a on Linux clusters in telecom world Distributed Security infrastructure is implemented. In Distributed Architecture, the security server is responsible for passing the security policy to security module.

This paper presents an approach for distributed security architecture that supports advanced security mechanisms for current and future security needs, targeted for carrier-class application servers running on clustered systems.

Our work targets implementing security mechanisms for soft real-time distributed carrier grade applications running on large-scale Linux clusters. These clusters are dedicated to run only one application. They must provide five nines availability (99.999% uptime) that includes hardware upgrade and maintenance and operating system and applications upgrades. In such clusters, software and hardware configurations are under the tight control of administrators. The communications between the nodes inside the cluster and to external computers are restricted.

1.2 What Is Security?
Broadly, security can be viewed as several layers of mechanisms designed to enforce proper use of a given system. Here are five layers of interest to us:

Application: The ultimate purpose of an operating system is to allow users to run application programs. The security problem at this layer is to insure that application programs perform as required. (For example, issues of statistical database security, which address methods to keep users from inferring information about specific subjects from a statistical data base, fall into this category.)

Supervision: Operating systems are manipulated by humans. At this layer, we are concerned with providing straightforward tools must be provided which easily allow appropriate authorities to correctly specify security conditions. Tools may also be needed to report on actions that users take while...
tracking img