Reflections on the virtues of modularity: a case study in linux security modules

Authors:
Andrew Blaich;Douglas Thain;Aaron Striegel
Affiliations:
Department of Computer Science and Engineering, University of Notre Dame, Notre Dame, IN 46556, U.S.A.;Department of Computer Science and Engineering, University of Notre Dame, Notre Dame, IN 46556, U.S.A.;Department of Computer Science and Engineering, University of Notre Dame, Notre Dame, IN 46556, U.S.A.
Venue:
Software—Practice & Experience
Year:
2009

Citing 0
Cited 1

Message filters for hardening the Linux kernel

Software—Practice & Experience

Quantified Score

Hi-index	0.00

Visualization

Abstract

Developing a modular system that properly supports a range of security models is challenging. The work presented here details our experiences with the modular Linux security framework called Linux Security Modules, or LSMs. Throughout our experiences we discovered that the developers of the LSM framework made certain tradeoffs for speed and simplicity during implementation, and consequently leaving the framework incomplete. Our experiences show at which points the theory of the LSM differs from reality, and details how these differences play out when developing and using a custom LSM. Copyright © 2009 John Wiley & Sons, Ltd.