Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

A realization method of linux kernel parallel lsm framework

An implementation method and framework technology, applied in the field of Linux kernel parallel LSM framework implementation, to achieve the effects of equal status, simple configuration management, and convenient comprehensive use

Inactive Publication Date: 2019-10-01
INST OF INFORMATION ENG CHINESE ACAD OF SCI
View PDF1 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

The main security module provides security domains and hook function pointers to the secondary security modules. The main disadvantage of this is that when the secondary security modules play a role in security, how to play a role, and how to deal with the returned security judgment results, all are determined by the primary security module. strategy to make decisions

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A realization method of linux kernel parallel lsm framework
  • A realization method of linux kernel parallel lsm framework
  • A realization method of linux kernel parallel lsm framework

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0035] In order to make the object, technical solution and advantages of the present invention clearer, the present invention will be further described in detail below in conjunction with the accompanying drawings and embodiments. It should be understood that the specific embodiments described here are only used to explain the present invention, and are not intended to limit the present invention, and the present invention is also applicable to concurrent execution of Linux kernel security modules.

[0036]The implementation steps of the present invention are mainly divided into two modules: the initialization of the LSM framework and the execution of the LSM framework. In the initialization phase, the LSM framework calls the initialization functions of each security module in turn according to the kernel startup parameters, and links the hook function pointer structure of the security module with the head_list linked list; at the same time, each security module completes the i...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a method for realizing a parallel LSM (Linux Security Module) framework of a Linux kernel. The method comprises the steps of 1) adding a linked list structure in a hook function pointer structure body of the LSM framework; creating a security domain field array in the LSM framework, wherein each pointer in the security domain field array corresponds to a security domain of a security module; 2) obtaining starting parameters of a plurality of security modules according to configuration and executing corresponding initialization functions; when the security module is loaded in the kernel, allocating the hook function pointer structure body to the security module, connecting a hook function in the security module with a pointer in the structure body, and linking the security module with the hook function pointer structure body of other security module through the linked list structure; and 3) running a hook function, inserted in a system call function, of the LSM framework, and executing specific hook functions corresponding to the linked security modules in sequence. According to the method, the security modules are mutually independent and equal in status.

Description

technical field [0001] The invention relates to the field of computer operating system information security, in particular to a method for realizing a Linux kernel parallel LSM framework. Background technique [0002] LSM (Linux Security Module) is a lightweight general-purpose access framework for the kernel. It enables various security access framework models to be implemented in the form of Linux loadable kernel modules. Users can choose the appropriate security module to load into the Linux kernel according to their needs, thus greatly improving the flexibility and ease of use of the Linux security access control mechanism. In the Linux2.6 version of the kernel, LSM has officially become the standard of the Linux kernel security mechanism, and is provided to users in various Linux distributions. [0003] The most important mechanism provided by LSM for the security module is to insert calls to hook functions at some key points inside the kernel-related system call func...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): G06F21/55
Inventor 涂碧波陈克李晨
Owner INST OF INFORMATION ENG CHINESE ACAD OF SCI
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products