Browse > Article

Implementation and Evaluation of Multi-level Secure Linux  

손형길 (행정자치부 행정망운영)
박태규 (한서대학교 컴퓨터정보학과)
이금석 (동국대학교 컴퓨터공학과)
Publication Information
Journal of KIISE:Computing Practices and Letters / v.9, no.3, 2003 , pp. 311-321 More about this Journal
Abstract
A current firewall or IDS (intrusion detection system) of the network level suffers from many vulnerabilities in internal computing servers. For a secure Linux implementation using system call hooking, this paper defines two requirements such as the multi-level security function of TCSEC B1 and a prevention of hacking attacks. This paper evaluates the secure Linux implemented in terms of the mandatory access control, anti-hacking and performance overhead, and thus shows the security, stability and availability of the multi-level secure Linux. At the kernel level this system protects various hacking attacks such as using Setuid programs, inserting back-door and via-attacks. The performance degradation is an average 1.18% less than other secure OS product.
Keywords
Secure Linux; Security Kernel; Multi-level Security;
Citations & Related Records
연도 인용수 순위
  • Reference
1 Immunix, http://immunix.org/
2 Bell. D. and Lapadula, 'Secure Computer System: Mathematical Foundations and Model,' MITRE Report MTR 2547, v2 Nov 1973
3 R. Magnus et al, LINUX KERNEL INTERNALS, 1999
4 Peter A. Loscocco et al., The Inevitability of Failure: The Flawed Assumption of Security in Modem Computing Environments, 21st NISSC, 1998
5 Sue Hildreth, ASP Security: Why Firewall Are Not Enough, http://www.ebizQ.net, 2001.2
6 ISO/IEC lTCl/SC27, Information Technology-Security Techniques - Security Information Object, N2315, 1999
7 Thomas H. Ptacek et al., Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection, NAI Lab., 1998.1
8 Http://www.police.go.kr 경찰청 사이버테러 대응센터 보도자료
9 ISO/lEC 15408 Common Criteria, commoncriteria.org 1999. 8
10 http://www.radium.ncsc.mil/tpep/epl
11 Dixie B. Baker, Fortresses Built Upon Sand, ACM Proc. of the New Security Paradigms Work-shop, 1996   DOI
12 Charles P. Pfleeger, Security in Computing, PTR, 1997
13 DoD, Trusted Computer System Evaluation Criteria, DoD 5200.28. STD, 1985
14 D. D. Downs et al., 'Issues in Discretionary Access Control,' Proc. of IEEE Symposium on Security and Privacy, pp. 208-218, 1985   DOI
15 Charles W. Flink II et al., 'System V/MLS Labeling and Mandatory Policy Alternatives,' Proc. of USENIX-Winter'89, pp. 413-427, 1989
16 Security Enhanced Linux, http://www.nsa.gov/selinux
17 Paul C. Clark, Policy-Enhanced Linux, 23rd NISSC, 2000
18 Federal Register/Vol.65, No.10/Rules & Regulationt(Part III: Dept. of Commerce, Bureau of Export Administration, Revision to Encryption Items;Interim Final Rule, Jan. 14, 2000)
19 Computer Associates, eTrust Access Control for UNIX, 2001
20 IEEE Std 1003.2c-Draft standard fot Information Technology Portable Operating System Interface(POSIX) Part 2: Shell and Utilities : Protection and Control Interfaces
21 http://www.cs.utah.edu/flux/fluke