Hardening linux processes : extending Grsecurity to integrate system call filters and namespaces

"The area Of Linux sandboxing has various developments in recent years with the introduction of operating system containers and the ever present need to harden the security of applications. Two of the more prominent technologies that have been used when creating sandboxes are namespaces and sys...

Full description

Autores:
Derby Cardona, David
Tipo de recurso:
Fecha de publicación:
2016
Institución:
Universidad de los Andes
Repositorio:
Séneca: repositorio Uniandes
Idioma:
eng
OAI Identifier:
oai:repositorio.uniandes.edu.co:1992/13914
Acceso en línea:
http://hdl.handle.net/1992/13914
Palabra clave:
Redes de computadores
Seguridad en computadores
LINUX (Sistema operacional para computador)
Ingeniería
Rights
openAccess
License
http://creativecommons.org/licenses/by-nc-nd/4.0/
Description
Summary:"The area Of Linux sandboxing has various developments in recent years with the introduction of operating system containers and the ever present need to harden the security of applications. Two of the more prominent technologies that have been used when creating sandboxes are namespaces and system call filters... This work proposes to use these two technologies to enforce the Principle of Leas/ Privilege on every process on a system. The solution extends a Grsecurity hardened Linux kernel and allows the user to define security policies for each process which permit them to behave intended. The presented demonstrate the effectiveness of the extended Linux kernel and its impact on performance. The results provide a basis that may be built upon to deliver a comprehensive solution that would be appealing for in real world environments". Tomado del abstract

Publicaciones similares