Supporting the secure halting of user sessions and processes in the Linux operating system

Abstract

One feature of a multi-level operating system is a requirement to manage multiple, simultaneous user-sessions at different levels of security. This session management is performed through a trusted path between the user and operating system. Critical to this functionality is the operating system's ability to temporarily halt dormant sessions, thereby ensuring their inability to perform any actions within the system. Only when a session must be reactivated are its processes returned to a runnable state. This thesis presents an approach for adding this "secure halting" functionality to the Linux operating system. A detailed design for modifying the Linux kernel, the core of the operating system, is given. A new module, allowing an entire session to be halted and woken up, is designed. A new process state, the "secure halt" state, is added. Additionally, the kernel's scheduling manager is modified to properly manage processes in the secure halt state. The research has led to the implementation of the design as a proof of concept. This research is meant to be used in combination with other efforts to enhance the security of the Linux operating system