Hardening linux processes : extending Grsecurity to integrate system call filters and namespaces

"The area Of Linux sandboxing has various developments in recent years with the introduction of operating system containers and the ever present need to harden the security of applications. Two of the more prominent technologies that have been used when creating sandboxes are namespaces and sys...

Full description

Autores:
Derby Cardona, David
Tipo de recurso:
Fecha de publicación:
2016
Institución:
Universidad de los Andes
Repositorio:
Séneca: repositorio Uniandes
Idioma:
eng
OAI Identifier:
oai:repositorio.uniandes.edu.co:1992/13914
Acceso en línea:
http://hdl.handle.net/1992/13914
Palabra clave:
Redes de computadores
Seguridad en computadores
LINUX (Sistema operacional para computador)
Ingeniería
Rights
openAccess
License
http://creativecommons.org/licenses/by-nc-nd/4.0/
id UNIANDES2_6ce6530a76c228a74697ff52c33f5c1b
oai_identifier_str oai:repositorio.uniandes.edu.co:1992/13914
network_acronym_str UNIANDES2
network_name_str Séneca: repositorio Uniandes
repository_id_str
spelling Al consultar y hacer uso de este recurso, está aceptando las condiciones de uso establecidas por los autores.http://creativecommons.org/licenses/by-nc-nd/4.0/info:eu-repo/semantics/openAccesshttp://purl.org/coar/access_right/c_abf2Rueda Rodríguez, Sandra Julieta1da4858e-26fc-42a9-88f0-dbe0a1705059400Derby Cardona, Davidd12daf4f-a0e0-4d33-b1fe-69a38f2f5913500Gómez Díaz, Rafael EnriqueMolina Molina, Fabián Alejandro2018-09-28T11:01:47Z2018-09-28T11:01:47Z2016http://hdl.handle.net/1992/13914u753947.pdfinstname:Universidad de los Andesreponame:Repositorio Institucional Sénecarepourl:https://repositorio.uniandes.edu.co/"The area Of Linux sandboxing has various developments in recent years with the introduction of operating system containers and the ever present need to harden the security of applications. Two of the more prominent technologies that have been used when creating sandboxes are namespaces and system call filters... This work proposes to use these two technologies to enforce the Principle of Leas/ Privilege on every process on a system. The solution extends a Grsecurity hardened Linux kernel and allows the user to define security policies for each process which permit them to behave intended. The presented demonstrate the effectiveness of the extended Linux kernel and its impact on performance. The results provide a basis that may be built upon to deliver a comprehensive solution that would be appealing for in real world environments". Tomado del abstractMagíster en Ingeniería de Sistemas y ComputaciónMaestría70 hojasapplication/pdfengUniversidad de los AndesMaestría en Ingeniería de Sistemas y ComputaciónFacultad de IngenieríaDepartamento de Ingeniería de Sistemas y Computacióninstname:Universidad de los Andesreponame:Repositorio Institucional SénecaHardening linux processes : extending Grsecurity to integrate system call filters and namespacesTrabajo de grado - Maestríainfo:eu-repo/semantics/masterThesishttp://purl.org/coar/version/c_970fb48d4fbd8a85Texthttp://purl.org/redcol/resource_type/TMRedes de computadoresSeguridad en computadoresLINUX (Sistema operacional para computador)IngenieríaPublicationORIGINALu753947.pdfapplication/pdf546398https://repositorio.uniandes.edu.co/bitstreams/d924e95f-4a9a-4ea6-9917-f72fc52afdf2/download1256a429715a4e2c036bcb0a7a3fe302MD51TEXTu753947.pdf.txtu753947.pdf.txtExtracted texttext/plain139450https://repositorio.uniandes.edu.co/bitstreams/648cd787-a95e-4675-968a-c579c4e0312e/download74d73eca19dac52fce991c3181e69a6eMD54THUMBNAILu753947.pdf.jpgu753947.pdf.jpgIM Thumbnailimage/jpeg7004https://repositorio.uniandes.edu.co/bitstreams/36eab54f-bf34-4791-a749-bcaedfaa8894/download8aba6d4a1c4c5ac099cb5b9acf309fb8MD551992/13914oai:repositorio.uniandes.edu.co:1992/139142023-10-10 18:09:03.642http://creativecommons.org/licenses/by-nc-nd/4.0/open.accesshttps://repositorio.uniandes.edu.coRepositorio institucional Sénecaadminrepositorio@uniandes.edu.co
dc.title.es_CO.fl_str_mv Hardening linux processes : extending Grsecurity to integrate system call filters and namespaces
title Hardening linux processes : extending Grsecurity to integrate system call filters and namespaces
spellingShingle Hardening linux processes : extending Grsecurity to integrate system call filters and namespaces
Redes de computadores
Seguridad en computadores
LINUX (Sistema operacional para computador)
Ingeniería
title_short Hardening linux processes : extending Grsecurity to integrate system call filters and namespaces
title_full Hardening linux processes : extending Grsecurity to integrate system call filters and namespaces
title_fullStr Hardening linux processes : extending Grsecurity to integrate system call filters and namespaces
title_full_unstemmed Hardening linux processes : extending Grsecurity to integrate system call filters and namespaces
title_sort Hardening linux processes : extending Grsecurity to integrate system call filters and namespaces
dc.creator.fl_str_mv Derby Cardona, David
dc.contributor.advisor.none.fl_str_mv Rueda Rodríguez, Sandra Julieta
dc.contributor.author.none.fl_str_mv Derby Cardona, David
dc.contributor.jury.none.fl_str_mv Gómez Díaz, Rafael Enrique
Molina Molina, Fabián Alejandro
dc.subject.keyword.es_CO.fl_str_mv Redes de computadores
Seguridad en computadores
LINUX (Sistema operacional para computador)
topic Redes de computadores
Seguridad en computadores
LINUX (Sistema operacional para computador)
Ingeniería
dc.subject.themes.none.fl_str_mv Ingeniería
description "The area Of Linux sandboxing has various developments in recent years with the introduction of operating system containers and the ever present need to harden the security of applications. Two of the more prominent technologies that have been used when creating sandboxes are namespaces and system call filters... This work proposes to use these two technologies to enforce the Principle of Leas/ Privilege on every process on a system. The solution extends a Grsecurity hardened Linux kernel and allows the user to define security policies for each process which permit them to behave intended. The presented demonstrate the effectiveness of the extended Linux kernel and its impact on performance. The results provide a basis that may be built upon to deliver a comprehensive solution that would be appealing for in real world environments". Tomado del abstract
publishDate 2016
dc.date.issued.es_CO.fl_str_mv 2016
dc.date.accessioned.none.fl_str_mv 2018-09-28T11:01:47Z
dc.date.available.none.fl_str_mv 2018-09-28T11:01:47Z
dc.type.spa.fl_str_mv Trabajo de grado - Maestría
dc.type.coarversion.fl_str_mv http://purl.org/coar/version/c_970fb48d4fbd8a85
dc.type.driver.spa.fl_str_mv info:eu-repo/semantics/masterThesis
dc.type.content.spa.fl_str_mv Text
dc.type.redcol.spa.fl_str_mv http://purl.org/redcol/resource_type/TM
dc.identifier.uri.none.fl_str_mv http://hdl.handle.net/1992/13914
dc.identifier.pdf.none.fl_str_mv u753947.pdf
dc.identifier.instname.spa.fl_str_mv instname:Universidad de los Andes
dc.identifier.reponame.spa.fl_str_mv reponame:Repositorio Institucional Séneca
dc.identifier.repourl.spa.fl_str_mv repourl:https://repositorio.uniandes.edu.co/
url http://hdl.handle.net/1992/13914
identifier_str_mv u753947.pdf
instname:Universidad de los Andes
reponame:Repositorio Institucional Séneca
repourl:https://repositorio.uniandes.edu.co/
dc.language.iso.es_CO.fl_str_mv eng
language eng
dc.rights.uri.*.fl_str_mv http://creativecommons.org/licenses/by-nc-nd/4.0/
dc.rights.accessrights.spa.fl_str_mv info:eu-repo/semantics/openAccess
dc.rights.coar.spa.fl_str_mv http://purl.org/coar/access_right/c_abf2
rights_invalid_str_mv http://creativecommons.org/licenses/by-nc-nd/4.0/
http://purl.org/coar/access_right/c_abf2
eu_rights_str_mv openAccess
dc.format.extent.es_CO.fl_str_mv 70 hojas
dc.format.mimetype.es_CO.fl_str_mv application/pdf
dc.publisher.none.fl_str_mv Universidad de los Andes
dc.publisher.program.es_CO.fl_str_mv Maestría en Ingeniería de Sistemas y Computación
dc.publisher.faculty.es_CO.fl_str_mv Facultad de Ingeniería
dc.publisher.department.es_CO.fl_str_mv Departamento de Ingeniería de Sistemas y Computación
publisher.none.fl_str_mv Universidad de los Andes
dc.source.es_CO.fl_str_mv instname:Universidad de los Andes
reponame:Repositorio Institucional Séneca
instname_str Universidad de los Andes
institution Universidad de los Andes
reponame_str Repositorio Institucional Séneca
collection Repositorio Institucional Séneca
bitstream.url.fl_str_mv https://repositorio.uniandes.edu.co/bitstreams/d924e95f-4a9a-4ea6-9917-f72fc52afdf2/download
https://repositorio.uniandes.edu.co/bitstreams/648cd787-a95e-4675-968a-c579c4e0312e/download
https://repositorio.uniandes.edu.co/bitstreams/36eab54f-bf34-4791-a749-bcaedfaa8894/download
bitstream.checksum.fl_str_mv 1256a429715a4e2c036bcb0a7a3fe302
74d73eca19dac52fce991c3181e69a6e
8aba6d4a1c4c5ac099cb5b9acf309fb8
bitstream.checksumAlgorithm.fl_str_mv MD5
MD5
MD5
repository.name.fl_str_mv Repositorio institucional Séneca
repository.mail.fl_str_mv adminrepositorio@uniandes.edu.co
_version_ 1812133977997180928