Design patterns: elements of reusable object-oriented software
Design patterns: elements of reusable object-oriented software
Message filters for object-oriented systems
Software—Practice & Experience
SIGMETRICS '97 Proceedings of the 1997 ACM SIGMETRICS international conference on Measurement and modeling of computer systems
Characteristics of application software maintenance
Communications of the ACM
An empirical study of operating systems errors
SOSP '01 Proceedings of the eighteenth ACM symposium on Operating systems principles
Remus: a security-enhanced operating system
ACM Transactions on Information and System Security (TISSEC)
Linux Security Modules: General Security Support for the Linux Kernel
Proceedings of the 11th USENIX Security Symposium
Janus: an Approach for Confinement of Untrusted Applications
Janus: an Approach for Confinement of Untrusted Applications
Pattern Classification (2nd Edition)
Pattern Classification (2nd Edition)
Robust Real-Time Face Detection
International Journal of Computer Vision
Categorization of Common Coupling and Its Application to the Maintainability of the Linux Kernel
IEEE Transactions on Software Engineering
Kernel korner: kprobes-a kernel debugger
Linux Journal
Using Continuous Biometric Verification to Protect Interactive Login Sessions
ACSAC '05 Proceedings of the 21st Annual Computer Security Applications Conference
Nooks: an architecture for reliable device drivers
EW 10 Proceedings of the 10th workshop on ACM SIGOPS European workshop
Cohesion Analysis in Linux Kernel
APSEC '06 Proceedings of the XIII Asia Pacific Software Engineering Conference
Improving host security with system call policies
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Exploiting concurrency vulnerabilities in system call wrappers
WOOT '07 Proceedings of the first USENIX workshop on Offensive Technologies
Journal of Cognitive Neuroscience
Object-oriented wrappers for the Linux kernel
Software—Practice & Experience
Reflections on the virtues of modularity: a case study in linux security modules
Software—Practice & Experience
| Hi-index | 0.01 |
Various mechanisms for hardening the Linux kernel (for example, enforcing system call policies, device driver failure recovery, protection against exploitation of bugs in code) are proposed in the literature. The main problem with these mechanisms is that, they require changes in the kernel code leading to the possibility of introducing new bugs and hence increasing the testing time. We propose a message filter model as an extension to object-oriented wrappers for the Linux kernel, to dynamically provide various filtering capabilities to the kernel. This model works as a comprehensive framework for specifying system call policies, handling device driver faults, protecting the kernel against exploits of bugs in code etc, without modifying the existing kernel code. This considerably reduces the possibility of creating new bugs in the kernel code. We have integrated policies for system call interception and device driver failure handling, into the Linux kernel (2.6.9), using message filter model. Our experiments show that the overhead due to our filter objects is very low, making it a useful mechanism for providing filtering capabilities to the Linux kernel. Copyright © 2010 John Wiley & Sons, Ltd.