|
hi,I am researching on how to cooperate multiple security
modules in LSM.
As we know, LSM provide stacker module to stack modules. This
way have
shortcoming. Stacker can not handle the relationship between
different modules.
Now I want to find a way that can compose multiple security
modules. Different
modules have different relationship on a LSM hook. The
realtion include: and,
or, override. I think that a configure file about
the relationship between modules
can be set up first. When boot up, kernel read this configure
file and check it.
When a hook is called, the return value comes from
the composing result.
But the problems are:
(1) How to detemine the relationship between modules on a
hooks? In policy
specifications on high-level, there are meta-policy. But
how can this meta-policy
come from in LSM? The high-level security module can
be DAC, MAC, RBAC, TE.
(2) How to orginaze the kernel modules in LSM, such
as arrays, or list? If using
arrays, how to know the max of array? If using
list, it is not flexible.
I do not know whether my purpose is expressed
clearly. I am wondering about this
work now. Pls give me some hints.
_
__
|\/ \/ ______
Yuan Chunyang (Ph.D
candidate)
\| . . || |\\\\\ Open System &
Chinese Information Processing Center
( ( oo))| |
------ Institute of Software , Chinese Academy of Sciences
/ \ \| | |||| P.O.Box
8718 Beijing
100080
P.R.China
(___\^^^^^|_|___|||| Email: chunyang03@xxxxxx
| 