Stephen Johnson

Applicability of low water-mark mandatory access control security in Linux-based advanced networked consumer electronics

Linux is an open source operating system that is rapidly gaining popularity in consumer electronic devices, especially in digital audio and video devices. However, with its success in the market, there is a greater need for security. We present a Trojan attack scenario that compromises the security of a Linux-based networked appliance. Then, we demonstrate how a simple low water-mark mandatory access control (LOMAC) module can protect the system against such attacks. However, LOMAC implements this access control by interposition at the kernels system call interface and uses implicit attribute mapping to map security attributes to files, which is invasive. We present a LOMAC implementation as a Linux security module (LSM), a new framework for providing standard interfaces to loadable security modules for the Linux kernel.

An operating system security method for integrity and privacy protection in consumer electronics

Linux is an open source operating system that is rapidly gaining popularity in consumer electronic devices. It has started being deployed in mobile phones and digital audio and video devices. However, with its success in the market, there is a greater need for security. The traditional Discretionary Access Control (DAC) model does not provide adequate security support. Mandatory Access Control (MAC) models can provide additional security in addition to the DAC scheme. However, some of the existing MAC schemes are too complex to be used in embedded devices, while others are simple yet do not provide fine-grained access control. In this paper, we present a MAC model that grants subjects permissions based on their past behavior. It is simple but it also provides a fine-grained access control to the operating system. With its small footprint, it can be applied to various systems, including embedded devices.