ENCRYPTIoN

Encryption

[Name of the writer]

[Name of the institution]

ABSTRACT

The access control mechanisms of existing mainstream operating systems are inadequate to provide strong system security. Enhanced access control mechanisms have failed to win acceptance into mainstream operating systems due in part to a lack of consensus within the security community on the right solution. Since generalpurpose operating systems must satisfy a wide range of user requirements, any access control mechanism integrated into such a system must be capable of supporting many different access control models. The Linux Security Modules (LSM) project has developed a lightweight, general purpose, access control framework for the mainstream Linux kernel that enables many different access control models to be implemented as loadable kernel modules. A number of existing enhanced access control implementations, including Linux capabilities, Security- Enhanced Linux (SELinux), and Domain and Type Enforcement (DTE), have already been adapted to use the LSM framework. This paper presents the design Security System for Linux and implementation of LSM and discusses the challenges in providing a truly general solution that minimally impacts the Linux kernel.

TABLE OF CONTENTS

ABSTRACTii

Introduction1

Security System for Linux2

Looking for online money managemento6

Enigmail8

Hushmail8

Lockbin8

Microsoft outlook9

Conclusion12

References13

Encryption

Introduction

The critical role of Linux systems protection mechanisms in providing system security has been wellunderstood for over thirty years, yet the access control mechanisms of existing mainstream operating systems are still inadequate to provide strong security. Although many enhanced access control models and frameworks have been proposed and implemented, mainstream operating systems typically still lack support for these enhancements. In part, the absence of such enhancements is due to a lack of agreement within the security community on the right general solution. Like many other general-purpose operating systems, the Linux kernel only provides discretionary access controls and lacks any direct support for enhanced access control mechanisms. However, Linux has long supported dynamically loadable kernel modules, primarily for device drivers, but also for other components such as filesystems. In principle, enhanced access controls could be implemented as Linux kernel modules, permitting many different security models to be supported. In practice, creating effective security modules is problematic since the kernel does not provide any infrastructure to allow kernel modules to mediate access to kernel objects. As a result, kernel modules typically resort to system call interposition to control kernel operations, which has serious limitations as a method for providing access control. Furthermore, these kernel modules often require re-implementing selected kernel functionality or require a patch to the kernel to support the module, reducing much of the value of modular composition.

Hence, many projects have implemented enhanced access control frameworks or models for the Linux kernel as kernel patches. At the Linux Kernel 2.5 Summit, the NSA presented their work on Security-Enhanced Linux (SELinux), an implementation of a flexible access control architecture in the Linux kernel, and emphasized the need for such support in the mainstream Linux kernel. Linus Torvalds appeared to accept that a general access control framework for the Linux kernel is needed, but favored a new infrastructure that would provide the necessary support to kernel modules for ...