Supporting the secure halting of user sessions and processes in the Linux operating system
Brock, Jerome P.
Clark, Paul C.
Irvine, Cynthia E.
MetadataShow full item record
One feature of a multi-level operating system is a requirement to manage multiple, simultaneous user-sessions at different levels of security. This session management is performed through a trusted path between the user and operating system. Critical to this functionality is the operating system's ability to temporarily halt dormant sessions, thereby ensuring their inability to perform any actions within the system. Only when a session must be reactivated are its processes returned to a runnable state. This thesis presents an approach for adding this "secure halting" functionality to the Linux operating system. A detailed design for modifying the Linux kernel, the core of the operating system, is given. A new module, allowing an entire session to be halted and woken up, is designed. A new process state, the "secure halt" state, is added. Additionally, the kernel's scheduling manager is modified to properly manage processes in the secure halt state. The research has led to the implementation of the design as a proof of concept. This research is meant to be used in combination with other efforts to enhance the security of the Linux operating system
Showing items related by title, author, creator and subject.
Anderson, Kevin S.; Murphy, David J. (2001-06);This thesis examines the limits to on-board training and readiness imposed upon the submarine community by manual data collection and record systems. It proposes an integration of web-based applications under the Balanced ...
Smith, Kevin R. (Monterey, California. Naval Postgraduate School, 2002-03);Security engineering requires a combination of features and assurance to provide confidence that security policy is correctly enforced. Rigorous engineering principles are applicable across a broad range of systems. The ...
Nguyen, Thuy D.; Levin, Timothy E.; Irvine, Cynthia E.; Benzel, Terry V.; Bhaskara, Ganesha (Monterey, California. Naval Postgraduate School, 2006-09); NPS-CS-06-014This document describes a set of preliminary high level security requirements for the SecureCore hardware base (SCHW). A SecureCore (SC) component is anticipated to be a mobile networked device capable of operating in ...