At
http://www.pgp.com/research/nailabs/secure-execution/lomac.aspthere is a paper on lomac:
It seems to be easily installed. Could it be useful for e-smith?
hc
Several projects have demonstrated that kernel-resident Mandatory
Access Control (MAC) mechanisms can protect the integrity of Free
UNIX systems from malicious code and users. However, implementations
of these mechanisms have traditionally required invasive kernel
modifications, sometimes coupled with supporting modifications of
user-space utilities, as well. This requirement has hindered the
adoption of MAC mechanisms in the mainstream Free UNIX community.
Adoption has been further discouraged by the difficulty of starting small and evolving towards a complete MAC solution - in general,
the complete set of extensive modifications must be made before
MAC can provide any useful protection.
LOMAC is an attempt to make an easily-adoptable form of MAC integrity protection available to the Free UNIX community without the discouraging necessity of kernel modifications. LOMAC implements a simple form
of MAC integrity protection based on Biba's Low Water-Mark model
in a Linux Loadable Kernel Module (LKM). Although it trades off
some of the advanced MAC features found in traditional MAC implementations,
LOMAC provides useful integrity protection without any modifications
to the kernel, applications, or their existing configurations. LOMAC
is designed to be compatible with existing software, and ships with
a one-size-fits-all default configuration. LOMAC may be used to
harden currently-deployed Linux systems simply by loading the LKM
into the kernel shortly after boot time.
0 Replies
2121 Views