Supporting the secure halting of user sessions and processes in the Linux operating system
ADA393629.pdf (2.090Mb)Abstract
One feature of a multi-level operating system is a requirement to manage multiple, simultaneous user-sessions at different levels of security. This session management is performed through a trusted path between the user and operating system. Critical to this functionality is the operating system's ability to temporarily halt dormant sessions, thereby ensuring their inability to perform any actions within the system. Only when a session must be reactivated are its processes returned to a runnable state. This thesis presents an approach for adding this "secure halting" functionality to the Linux operating system. A detailed design for modifying the Linux kernel, the core of the operating system, is given. A new module, allowing an entire session to be halted and woken up, is designed. A new process state, the "secure halt" state, is added. Additionally, the kernel's scheduling manager is modified to properly manage processes in the secure halt state. The research has led to the implementation of the design as a proof of concept. This research is meant to be used in combination with other efforts to enhance the security of the Linux operating system
Rights
This publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.Collections
Related items
Showing items related by title, author, creator and subject.
-
A FRAMEWORK FOR DETECTION AND RESPONSE TO COMMUNICATIONS AND SENSOR ANOMALIES IN NETWORKED SHIP DEFENSE SYSTEMS
(Monterey, CA; Naval Postgraduate School, 2019-12);This work addresses the need to secure and defend Navy data from communications and sensor channels that are crucial to weapon and combat systems such as the Cooperative Engagement Capability (CEC). It suggests a solution ... -
COTS Solution for Adaptive Communications Paths Using Tactical Handhelds
(Monterey, California: Naval Postgraduate SchoolMonterey, California. Naval Postgraduate School, 2019-12); NPS-19-M244-BCOTS handheld devices have multiple radios (such as Bluetooth, WiFi Direct, WiFi, Cellular 2/3/4/5G) built into them. Using all of these radios simultaneously can provide great flexibility in communications in limited yet ... -
COTS Solution for Adaptive Communications Paths Using Tactical Handhelds
(Monterey, California: Naval Postgraduate SchoolMonterey, California. Naval Postgraduate School, 2019-12); NPS-19-M244-BCOTS handheld devices have multiple radios (such as Bluetooth, WiFi Direct, WiFi, Cellular 2/3/4/5G) built into them. Using all of these radios simultaneously can provide great flexibility in communications in limited yet ...
