1、 滨州学院 专业外文翻译 题 目 Linux security module (LSM) 系 (院) 计算机科学技术系 专 业 软件技术 班 级 2008 级 1 班 学生姓名 董强 学 号 2008110806 指导教师 赵春波 职 称 讲师 二 一一 年 五 月 八 日 滨州学院毕业设计(专业外文翻译) 1 Linux security module (LSM) Linux security module (LSM) is a lightweight Linux kernel universal access control framework. This paper introduces
2、 Linux security module (LSM) related background, design idea and realization method; And instructions on how to use Linux security module (LSM) to enhance the security of Linux system: on the one hand is for the kernel development personnel and security researchers used interface, on the other hand
3、is for ordinary users use of modules, and the specific use method. If the reader has Linux kernel and safety related background knowledge, can help to the article understood; If do not have, can read this article last reference material listed in the IBM dW on the three articles. 1. Related backgrou
4、nd introduction: why and what In recent years because of its excellent Linux system performance and stability, open source characteristic brings flexibility and expansibility, and a low cost, by the computer industry wide attention and applications. But in safety, Linux kernel provides only classic
5、UNIX independent access control (root user, the user ID, mode a security mechanism), and parts of the POSIX support 1e capabilities of the draft standards j security mechanism and the security of the system for the Linux is not enough, the impact of the Linux system further development and more exte
6、nsive application. There are many security access control model and the frame has been studied and developed to enhance the security of Linux, compares well-known have security enhancements Linux (SELinux), the domain and type enhancement (DTE), and Linux intrusion detection systems (LIDS), etc. But
7、 since no one system can get into Linux dominant position kernel become standard; And most of these systems in various forms of the kernel patch provides, use these system needs a compiler and custom kernel ability, for no kernel development experience of ordinary users, to obtain and use these syst
8、em is difficult. In 2001, the Linux kernel summit on national security agency (NSA) United States introduced them about security enhancements Linux (SELinux) work, this is a flexible access control system to achieve the Flask, when the Linux kernel Linus Torvalds founder of the Linux kernel does nee
9、d a agreed to Linux general security access control 滨州学院毕业设计(专业外文翻译) 2 framework, but he pointed out that is the best way I can load kernel modules, so that can support method of the safety of the existing various access control system. Therefore, Linux security module (LSM) came into being. Linux s
10、ecurity module (LSM) is a lightweight Linux kernel universal access control framework. It makes all sorts of different security access control model can to Linux kernel module can be loaded the form of come out, the user can realize according to its needs to choose suitable safety modules loaded int
11、o the Linux kernel, which greatly improve the Linux security access control mechanism of flexibility and accessibility. At present there are many famous enhance access control system transplanted into Linux security module (LSM) implemented, including POSIX 1e capabilities, security enhancements j S
12、ELinux), domain (Linux and type enhancement (DTE), and Linux intrusion detection systems (LIDS), etc. Although at present the Linux security module (LSM) is still as a Linux kernel patch form, but it also provides provide Linux 2.4 stable version of the series and Linux 2.5 development version of th
13、e series, and hopefully into the Linux version, and 2.6 stable meet its goals: be Linux kernel accepted as Linux kernel security mechanism standard, in every Linux release in which offers users use. 2. Introduced: let design thinking both satisfaction Linux security module (LSM) design must try to m
14、eet the requirements of two aspects: let not man who need them as little so getting in trouble; Meanwhile let those who need it so to get useful and efficient function. Linus Torvalds represented by the kernel developers to Linux security module (LSM) proposes three requirements: True universal, whe
15、n using a different security model, only need to load a different kernel modules Concept of Linux kernel, simple, efficient, and minimal effects that can support the existing POSIX 1e capabilities logic, j as an optional security module On the other hand, all sorts of different Linux security enhancements system for Linux security module (LSM) request is: can allow them to the form of loading kernel modules to achieve its security functions, and not in safety brings apparent loss, will also
