Hardening linux processes : extending Grsecurity to integrate system call filters and namespaces
"The area Of Linux sandboxing has various developments in recent years with the introduction of operating system containers and the ever present need to harden the security of applications. Two of the more prominent technologies that have been used when creating sandboxes are namespaces and sys...
- Autores:
-
Derby Cardona, David
- Tipo de recurso:
- Fecha de publicación:
- 2016
- Institución:
- Universidad de los Andes
- Repositorio:
- Séneca: repositorio Uniandes
- Idioma:
- eng
- OAI Identifier:
- oai:repositorio.uniandes.edu.co:1992/13914
- Acceso en línea:
- http://hdl.handle.net/1992/13914
- Palabra clave:
- Redes de computadores
Seguridad en computadores
LINUX (Sistema operacional para computador)
Ingeniería
- Rights
- openAccess
- License
- http://creativecommons.org/licenses/by-nc-nd/4.0/
id |
UNIANDES2_6ce6530a76c228a74697ff52c33f5c1b |
---|---|
oai_identifier_str |
oai:repositorio.uniandes.edu.co:1992/13914 |
network_acronym_str |
UNIANDES2 |
network_name_str |
Séneca: repositorio Uniandes |
repository_id_str |
|
spelling |
Al consultar y hacer uso de este recurso, está aceptando las condiciones de uso establecidas por los autores.http://creativecommons.org/licenses/by-nc-nd/4.0/info:eu-repo/semantics/openAccesshttp://purl.org/coar/access_right/c_abf2Rueda Rodríguez, Sandra Julieta1da4858e-26fc-42a9-88f0-dbe0a1705059400Derby Cardona, Davidd12daf4f-a0e0-4d33-b1fe-69a38f2f5913500Gómez Díaz, Rafael EnriqueMolina Molina, Fabián Alejandro2018-09-28T11:01:47Z2018-09-28T11:01:47Z2016http://hdl.handle.net/1992/13914u753947.pdfinstname:Universidad de los Andesreponame:Repositorio Institucional Sénecarepourl:https://repositorio.uniandes.edu.co/"The area Of Linux sandboxing has various developments in recent years with the introduction of operating system containers and the ever present need to harden the security of applications. Two of the more prominent technologies that have been used when creating sandboxes are namespaces and system call filters... This work proposes to use these two technologies to enforce the Principle of Leas/ Privilege on every process on a system. The solution extends a Grsecurity hardened Linux kernel and allows the user to define security policies for each process which permit them to behave intended. The presented demonstrate the effectiveness of the extended Linux kernel and its impact on performance. The results provide a basis that may be built upon to deliver a comprehensive solution that would be appealing for in real world environments". Tomado del abstractMagíster en Ingeniería de Sistemas y ComputaciónMaestría70 hojasapplication/pdfengUniversidad de los AndesMaestría en Ingeniería de Sistemas y ComputaciónFacultad de IngenieríaDepartamento de Ingeniería de Sistemas y Computacióninstname:Universidad de los Andesreponame:Repositorio Institucional SénecaHardening linux processes : extending Grsecurity to integrate system call filters and namespacesTrabajo de grado - Maestríainfo:eu-repo/semantics/masterThesishttp://purl.org/coar/version/c_970fb48d4fbd8a85Texthttp://purl.org/redcol/resource_type/TMRedes de computadoresSeguridad en computadoresLINUX (Sistema operacional para computador)IngenieríaPublicationORIGINALu753947.pdfapplication/pdf546398https://repositorio.uniandes.edu.co/bitstreams/d924e95f-4a9a-4ea6-9917-f72fc52afdf2/download1256a429715a4e2c036bcb0a7a3fe302MD51TEXTu753947.pdf.txtu753947.pdf.txtExtracted texttext/plain139450https://repositorio.uniandes.edu.co/bitstreams/648cd787-a95e-4675-968a-c579c4e0312e/download74d73eca19dac52fce991c3181e69a6eMD54THUMBNAILu753947.pdf.jpgu753947.pdf.jpgIM Thumbnailimage/jpeg7004https://repositorio.uniandes.edu.co/bitstreams/36eab54f-bf34-4791-a749-bcaedfaa8894/download8aba6d4a1c4c5ac099cb5b9acf309fb8MD551992/13914oai:repositorio.uniandes.edu.co:1992/139142023-10-10 18:09:03.642http://creativecommons.org/licenses/by-nc-nd/4.0/open.accesshttps://repositorio.uniandes.edu.coRepositorio institucional Sénecaadminrepositorio@uniandes.edu.co |
dc.title.es_CO.fl_str_mv |
Hardening linux processes : extending Grsecurity to integrate system call filters and namespaces |
title |
Hardening linux processes : extending Grsecurity to integrate system call filters and namespaces |
spellingShingle |
Hardening linux processes : extending Grsecurity to integrate system call filters and namespaces Redes de computadores Seguridad en computadores LINUX (Sistema operacional para computador) Ingeniería |
title_short |
Hardening linux processes : extending Grsecurity to integrate system call filters and namespaces |
title_full |
Hardening linux processes : extending Grsecurity to integrate system call filters and namespaces |
title_fullStr |
Hardening linux processes : extending Grsecurity to integrate system call filters and namespaces |
title_full_unstemmed |
Hardening linux processes : extending Grsecurity to integrate system call filters and namespaces |
title_sort |
Hardening linux processes : extending Grsecurity to integrate system call filters and namespaces |
dc.creator.fl_str_mv |
Derby Cardona, David |
dc.contributor.advisor.none.fl_str_mv |
Rueda Rodríguez, Sandra Julieta |
dc.contributor.author.none.fl_str_mv |
Derby Cardona, David |
dc.contributor.jury.none.fl_str_mv |
Gómez Díaz, Rafael Enrique Molina Molina, Fabián Alejandro |
dc.subject.keyword.es_CO.fl_str_mv |
Redes de computadores Seguridad en computadores LINUX (Sistema operacional para computador) |
topic |
Redes de computadores Seguridad en computadores LINUX (Sistema operacional para computador) Ingeniería |
dc.subject.themes.none.fl_str_mv |
Ingeniería |
description |
"The area Of Linux sandboxing has various developments in recent years with the introduction of operating system containers and the ever present need to harden the security of applications. Two of the more prominent technologies that have been used when creating sandboxes are namespaces and system call filters... This work proposes to use these two technologies to enforce the Principle of Leas/ Privilege on every process on a system. The solution extends a Grsecurity hardened Linux kernel and allows the user to define security policies for each process which permit them to behave intended. The presented demonstrate the effectiveness of the extended Linux kernel and its impact on performance. The results provide a basis that may be built upon to deliver a comprehensive solution that would be appealing for in real world environments". Tomado del abstract |
publishDate |
2016 |
dc.date.issued.es_CO.fl_str_mv |
2016 |
dc.date.accessioned.none.fl_str_mv |
2018-09-28T11:01:47Z |
dc.date.available.none.fl_str_mv |
2018-09-28T11:01:47Z |
dc.type.spa.fl_str_mv |
Trabajo de grado - Maestría |
dc.type.coarversion.fl_str_mv |
http://purl.org/coar/version/c_970fb48d4fbd8a85 |
dc.type.driver.spa.fl_str_mv |
info:eu-repo/semantics/masterThesis |
dc.type.content.spa.fl_str_mv |
Text |
dc.type.redcol.spa.fl_str_mv |
http://purl.org/redcol/resource_type/TM |
dc.identifier.uri.none.fl_str_mv |
http://hdl.handle.net/1992/13914 |
dc.identifier.pdf.none.fl_str_mv |
u753947.pdf |
dc.identifier.instname.spa.fl_str_mv |
instname:Universidad de los Andes |
dc.identifier.reponame.spa.fl_str_mv |
reponame:Repositorio Institucional Séneca |
dc.identifier.repourl.spa.fl_str_mv |
repourl:https://repositorio.uniandes.edu.co/ |
url |
http://hdl.handle.net/1992/13914 |
identifier_str_mv |
u753947.pdf instname:Universidad de los Andes reponame:Repositorio Institucional Séneca repourl:https://repositorio.uniandes.edu.co/ |
dc.language.iso.es_CO.fl_str_mv |
eng |
language |
eng |
dc.rights.uri.*.fl_str_mv |
http://creativecommons.org/licenses/by-nc-nd/4.0/ |
dc.rights.accessrights.spa.fl_str_mv |
info:eu-repo/semantics/openAccess |
dc.rights.coar.spa.fl_str_mv |
http://purl.org/coar/access_right/c_abf2 |
rights_invalid_str_mv |
http://creativecommons.org/licenses/by-nc-nd/4.0/ http://purl.org/coar/access_right/c_abf2 |
eu_rights_str_mv |
openAccess |
dc.format.extent.es_CO.fl_str_mv |
70 hojas |
dc.format.mimetype.es_CO.fl_str_mv |
application/pdf |
dc.publisher.none.fl_str_mv |
Universidad de los Andes |
dc.publisher.program.es_CO.fl_str_mv |
Maestría en Ingeniería de Sistemas y Computación |
dc.publisher.faculty.es_CO.fl_str_mv |
Facultad de Ingeniería |
dc.publisher.department.es_CO.fl_str_mv |
Departamento de Ingeniería de Sistemas y Computación |
publisher.none.fl_str_mv |
Universidad de los Andes |
dc.source.es_CO.fl_str_mv |
instname:Universidad de los Andes reponame:Repositorio Institucional Séneca |
instname_str |
Universidad de los Andes |
institution |
Universidad de los Andes |
reponame_str |
Repositorio Institucional Séneca |
collection |
Repositorio Institucional Séneca |
bitstream.url.fl_str_mv |
https://repositorio.uniandes.edu.co/bitstreams/d924e95f-4a9a-4ea6-9917-f72fc52afdf2/download https://repositorio.uniandes.edu.co/bitstreams/648cd787-a95e-4675-968a-c579c4e0312e/download https://repositorio.uniandes.edu.co/bitstreams/36eab54f-bf34-4791-a749-bcaedfaa8894/download |
bitstream.checksum.fl_str_mv |
1256a429715a4e2c036bcb0a7a3fe302 74d73eca19dac52fce991c3181e69a6e 8aba6d4a1c4c5ac099cb5b9acf309fb8 |
bitstream.checksumAlgorithm.fl_str_mv |
MD5 MD5 MD5 |
repository.name.fl_str_mv |
Repositorio institucional Séneca |
repository.mail.fl_str_mv |
adminrepositorio@uniandes.edu.co |
_version_ |
1812133977997180928 |