摘要 |
PURPOSE: A Linux security kernel is provided to intercept a system call transmitted in a kernel, to add functions needed for the system call, and to process a real time monitoring based on a recorded log-in file by implementing a security environment or a resource access control function at an OS level, not an application level. CONSTITUTION: The kernel comprises functions of a log-in control, a file or resource access control, a specific instruction or process operation control, a file variation monitor, an event generation or transmission and a logging. The log-in control function limits a log-in access in a specific time, an overlapped log-in access of the same user, the number of access users, and an access of a non-approved ID, and enables a previously registered user to get a root access right. The file or resource access control function limits a file access of a user and an access time. The specific instruction or process operation control function limits a usage of a specific instruction by some users or in a specific time, and a usage of a suid or a sgid program. The event generation or transmission function generates or transmits an event if there occurs an access against a security policy. The kernel includes a system vector table with a memory address pointer on a system call. The security kernel module(16) stores the memory address pointer of the system call in relation with a security at other location, and sets other specific memory address for performing a security operation on a kernel. So if a user process(10) performs a system call in relation with a security, the security kernel module(16) performs other specific system call, not an original system call.
|