版權(quán)說(shuō)明:本文檔由用戶(hù)提供并上傳,收益歸屬內(nèi)容提供方,若內(nèi)容存在侵權(quán),請(qǐng)進(jìn)行舉報(bào)或認(rèn)領(lǐng)
文檔簡(jiǎn)介
1、<p><b> 濱州學(xué)院</b></p><p><b> 專(zhuān)業(yè)外文翻譯</b></p><p><b> 二〇一一年五月八日</b></p><p> Linux security module (LSM)</p><p> Linux security
2、 module (LSM) is a lightweight Linux kernel universal access control framework. This paper introduces Linux security module (LSM) related background, design idea and realization method; And instructions on how to use Lin
3、ux security module (LSM) to enhance the security of Linux system: on the one hand is for the kernel development personnel and security researchers used interface, on the other hand is for ordinary users use of modules, a
4、nd the specific use method. If the reader has </p><p> 1. Related background introduction: why and what </p><p> In recent years because of its excellent Linux system performance and stability
5、, open source characteristic brings flexibility and expansibility, and a low cost, by the computer industry wide attention and applications. But in safety, Linux kernel provides only classic UNIX independent access contr
6、ol (root user, the user ID, mode a security mechanism), and parts of the POSIX support 1e capabilities of the draft standards j security mechanism and the security of the system for the Linux is not en</p><p&g
7、t; There are many security access control model and the frame has been studied and developed to enhance the security of Linux, compares well-known have security enhancements Linux (SELinux), the domain and type enhancem
8、ent (DTE), and Linux intrusion detection systems (LIDS), etc. But since no one system can get into Linux dominant position kernel become standard; And most of these systems in various forms of the kernel patch provides,
9、use these system needs a compiler and custom kernel ability, for</p><p> Linux security module (LSM) is a lightweight Linux kernel universal access control framework. It makes all sorts of different securit
10、y access control model can to Linux kernel module can be loaded the form of come out, the user can realize according to its needs to choose suitable safety modules loaded into the Linux kernel, which greatly improve the
11、Linux security access control mechanism of flexibility and accessibility. At present there are many famous enhance access control system transplant</p><p> 2. Introduced: let design thinking both satisfacti
12、on </p><p> Linux security module (LSM) design must try to meet the requirements of two aspects: let not man who need them as little so getting in trouble; Meanwhile let those who need it so to get useful a
13、nd efficient function. </p><p> Linus Torvalds represented by the kernel developers to Linux security module (LSM) proposes three requirements: </p><p> True universal, when using a different
14、security model, only need to load a different kernel modules </p><p> Concept of Linux kernel, simple, efficient, and minimal effects that can support the existing POSIX 1e capabilities logic, j as an optio
15、nal security module </p><p> On the other hand, all sorts of different Linux security enhancements system for Linux security module (LSM) request is: can allow them to the form of loading kernel modules to
16、achieve its security functions, and not in safety brings apparent loss, will also bring extra system overhead. </p><p> In order to satisfy the design goal, Linux security module (LSM) adopted in the kernel
17、 code by the method of placing hooks to arbitration for kernel internal objects visit, these objects are: inode node, task, open files, etc. User process execution system, the first travel Linux kernel call of the origin
18、al logic find and allocation of resources, error checking, and after classic UNIX independent access control in Linux kernel, just trying to visit to internal object, before a Linux security mod</p><p> On
19、the other hand, in order to satisfy the most existing Linux security enhancements system need, Linux security module (LSM) adopted a simplified design decisions. Linux security module (LSM) now main support most existing
20、 security enhancements the core of the system function: access control; And for some security enhancements system requirements of other security functions, such as safety audit, provides only a small amount of support. L
21、inux security module (LSM) now main support "restricted t</p><p> 3. Realizing method for Linux kernel introduced: the modification </p><p> Linux security module (LSM) at present as a Li
22、nux kernel patch form realized. Its itself does not provide any specific security strategy, but provides a general base system to the security module, by security module to achieve specific security strategy. Its main in
23、 five aspects for Linux kernel change: </p><p> In particular the kernel data structures joined the secure domain </p><p> In kernel code inserted the different key points of safety hook funct
24、ions calls </p><p> Join a general safety system call </p><p> Provides functions allow kernel modules for security module, or cancellation of the registration </p><p> Most of t
25、he transplant capabilities logic will be for an optional security module </p><p> Five aspects to modify them one by one to do briefly introduced. </p><p> Security domain is a use void * kind
26、s of Pointers, it makes the safety information security module connected with the kernel internal object. Listed below is modified to join the security domain, the kernel data structures and their respective represents t
27、he kernel internal object: </p><p> Task_struct structure: on behalf of the tasks (process) </p><p> Linux_binprm structure: on behalf of the program </p><p> Super_block structu
28、re: on behalf of the file system </p><p> Inode structure: on behalf of the pipeline, documents, or Socket Socket </p><p> File structure: on behalf of the open file </p><p> Sk_
29、buff structure: on behalf of the network buffer (pack) </p><p> Net_device structure: on behalf of the network equipment </p><p> Kern_ipc_perm structure: representative Semaphore signals, Sha
30、red memory section, or the message queue </p><p> Msg_msg: on behalf of the single message </p><p> In addition, msg_msg structure, msg_queue structure, shmid_kernel structure was moved to inc
31、lude/Linux/MSG. H and include/Linux/SHM. H the two header file, make security module can use these definitions. </p><p> Linux security module (LSM) provides two kinds of safety hook functions: a kind of ca
32、ll the secure domain object management kernel, another kind of these kernel object arbitration visit. The call for safety hook functions by hook to realize, hook is the global table security_ops function pointer and the
33、global table type is security_operations structure, this structure definition include/Linux/security in j h this header file, this structure contains the object or the kernel subsystem according </p><p> Li
34、nux security module (LSM) provides a general safety system calls for safety, allow security module the corresponding applied writing new system call, its style similar to the original Linux system call socketcall (), is
35、a multiple system call. This system call for security (), its parameters for (unsigned int id, unsigned int call, unsigned args), including to * id represents module descriptors, call representative call descriptors, arg
36、s representative argument list. This system call the defau</p><p> In the process of kernel guide, Linux security module (LSM) framework is initialized to a series of virtual hook functions, in order to rea
37、lize the traditional UNIX super user mechanism. When loading a security module, must use register_security () function to Linux security module (LSM) framework register this security module: this function will set the gl
38、obal table security_ops, make its pointer to the security module of hook, thus make the kernel function Pointers to the security module ask a</p><p> Linux kernel 1e capabilities to POSIX. Now a subset of t
39、he support. Linux security module (LSM) design of a demand is put this function the transplant as an optional security module. POSIX 1e capabilities provides division j traditional super user privileges and assigned to a
40、 specific process function. Linux security module (LSM) retained used to perform in the kernel of the existing webmasters - check the interface, but () () function simplified webmasters for a Linux security module (LSM)
41、hook</p><p> 4. Interface specifications: give kernel development personnel and security researchers use hooks </p><p> Linux security module (LSM) for the kernel developers and security resea
42、rchers value lies in: can use its provide interface will existing security enhancements system transplanted into this framework, thus to the form of loading kernel modules can be provided to customers use; Or even can di
43、rectly write suits your needs security module. Linux security module (LSM) provide interface is hooks, its initially to a virtual function realized the default traditional UNIX super user mechanism, module wr</p>
44、<p> First is a mission hooks, Linux security module (LSM) provides a series of tasks hook makes security module can be management process and control process of safety information of the operation. Module can use
45、task_struct structure of security domain to maintain process safety information; Task hooks provides control inter-process communication of hook, such as know (); Also provides control on the current process hooks, such
46、as the privilege operation setuid (); Also provides for resource manage</p><p> Second is programs to load hooks. Many security module SELinux capabilities, including Linux, DTE will have, in a new program
47、execution ability to change privileges. Therefore Linux security module (LSM) provides a series of programs to load hooks, used in a execve () operation execution of the key point. Linux_binprm structure of security doma
48、in allows security module maintenance program load process of security information; Provides hooks used to allow security module in loading procedures bef</p><p> Once again, is inter-process communication
49、IPC hooks. Security module can use inter-process communication IPC hook to the security of the System V IPC management, and implementation of information access control. The IPC object data structure kern_ipc_perm sharin
50、g a substructure, and the substructure only one of ipcperms pointer to the existing () function, therefore Linux security access check module (LSM) in this sharing add a substructural secure domain. In order to support a
51、 single news safe</p><p> Below is the file system hooks. For file operations, defines three hooks: file system hooks, inode node hooks, and file hooks. Linux security module (LSM) in the corresponding thre
52、e kernel data structures joined the secure domain, it is respectively: super_block structure, inode structure, file structure. Super blocks file system hook makes safety for the entire document to control modules of the
53、system, such as mount, operation, and unloading statfs (). Linux security module (LSM) in permission</p><p> Next is the network hooks. The application layer of network access used a series of socket socket
54、 hook to arbitration, these hooks basic covers all socket socket based on the agreement. Since each activation user socket socket with a inode structure there, so in the lower level socket structure or sock structure is
55、no join the secure domain. Socket socket to relevant process hook network access provides a general arbitration, thereby significantly expanded the kernel network access control frame</p><p> The last is ot
56、her hooks. Linux security module (LSM) provides two other series of hook: module hooks and top system hooks. Module hooks is used to control the created, initialization, remove the kernel module kernel operation. Used to
57、 control the system operation system hook, such as setting a host name, visit the I/O port, as well as configuration process bookkeeping. Although now Linux kernel through the use of these system operation - check provid
58、es some support, but these check for different</p><p> 5. Module explains: give ordinary users use off-the-shelf security function </p><p> Linux security module (LSM) for the average user'
59、;s value lies in: can provide various security module, choose to suit oneself by the user needs to be loaded into the kernel, meet certain safety functions. Linux security module (LSM) itself only provide enhanced access
60、 control strategy, and the mechanism of various security module implements specific specific security strategy. Below is a brief introduce some has been achieved security module. </p><p> SELinux. This is a
61、 Flask flexible access control system in the implementation, and on Linux provides type enhancement, role-based access control, and optional multilevel security strategy. SELinux turned out to be as a kernel patch implem
62、entation, now USES Linux security module (LSM) to realize for a security module. SELinux can be used to limit for minimal privileges, protect the process of progress and the integrity of the data and confidentiality, and
63、 support application security needs. </p><p> DTE Linux. This is a domain and type in the realization of enhanced on Linux. Like, like SELinux DTE Linux is originally as a kernel patch implementation, now U
64、SES Linux security module (LSM) to realize for a security module. When the security module is added to the kernel, type to be assigned to object, domain was assigned to a process. DTE strategy restricted zone and between
65、 from domain to type of access. </p><p> The ability of LSM transplantation Openwall kernel patch. Openwall kernel patch provides a series of safety feature set to protect the system against such as buffer
66、overflow and temporary files competition such attacks. A security module is being developed to support a subset of the Openwall patch. </p><p> POSIX 1e capabilities j. Linux kernel already exists a POSIX.
67、1e capabilities logic, but Linux security module (LSM) put this logic division to a security module. Such modification makes don't need from their core user can the function of omitting; Also makes the development of
68、 capabilities logic can leave the kernel development gain greater independence. </p><p> LIDS. This is the Chinese XieHuaGang launch projects. Started as an intrusion detection system development, then grad
69、ually evolved into use access control system form, it through intrusion prevention described a given program can visit files to access control. Similarly, LIDS turned out to be as a kernel patch with realized and some ma
70、nagement tools, now already use Linux security module (LSM) to realize for a security module. </p><p> And of course the default traditional super user mechanism. This security module is Linux security modu
71、le (LSM) by default, realize the traditional UNIX super user privileges mechanism. </p><p> 6. Specific usage explains: step by step </p><p> Linux security module (LSM) at present as a Linux
72、kernel patch form in the GPL license realization, for users to freely use released under. </p><p> First http://lsm.immunix.org/lsm_download.html users can download to correspond to Linux 2.4 stable version
73、 and Linux 2.5 development version of the ability of LSM patch, on a list, for example is a catalogue/path/to/Linux - 2.4. X, through the command to execute the following role in Linux kernel patch LSM on: </p>&l
74、t;p> # CD/path/to/Linux - 2.4. X </p><p> # zcat/path/to/patch - 2.4. X - LSM. Patch - | gz p1 </p><p> Then users can connect to have http://lsm.immunix.org/lsm_modules.html realizing saf
75、ety module site, download the needed security module, will security module to Linux kernel loaded, so that users need security strategy can effect, thus improving the security of the system. Specific safety module instal
76、lation method here will skip, each security module will provide detailed installation instructions files, users can refer to these documents, such as SELinux security module installation instructi</p><p> I
77、f users have Linux kernel and safety related background knowledge and development experience, according to their own needs to write safety module security policy. At HTTP: / / can immunix org/j j LSM lsm_bk. HTML trackin
78、g check Linux security module (LSM) source code and existing security module of source code, reference its realization methods writing their own security module. So that to satisfy his safety requirements in the meanwhil
79、e, can also for Linux security module (LSM) development mak</p><p> 7. The concrete use instructions: step by step </p><p> Linux security module (LSM) cause is: on the one hand Linux kernel e
80、xisting security mechanism is not enough; On the other hand the existing security enhancements system and hard to use did and. Linux security module (LSM) good solve this problem: on the one hand, to the kernel patch is
81、small and source code changes affect small, brought about by the load is not large also; On the other hand to existing security enhancements system provides better interface support, and has many good security mo</p&g
82、t;<p> Linux安全模塊(LSM)</p><p> Linux安全模塊(LSM)是Linux內(nèi)核的一個(gè)輕量級(jí)通用訪問(wèn)控制框架。本文介紹Linux安全模塊(LSM)的相關(guān)背景,設(shè)計(jì)思想,實(shí)現(xiàn)方法;并說(shuō)明如何使用Linux安全模塊(LSM)來(lái)增強(qiáng)Linux系統(tǒng)的安全性:一方面是供內(nèi)核開(kāi)發(fā)人員和安全研究人員使用的接口,另一方面是供普通用戶(hù)使用的模塊,以及具體的使用方法。如果讀者具有Linux
83、內(nèi)核和安全的相關(guān)背景知識(shí),可以有助于對(duì)本文的理解;如果不具有,可以先閱讀本文最后參考資料中列出的IBM dW上的三篇文章。</p><p> 1.相關(guān)背景介紹:為什么和是什么</p><p> 近年來(lái)Linux系統(tǒng)由于其出色的性能和穩(wěn)定性,開(kāi)放源代碼特性帶來(lái)的靈活性和可擴(kuò)展性,以及較低廉的成本,而受到計(jì)算機(jī)工業(yè)界的廣泛關(guān)注和應(yīng)用。但在安全性方面,Linux內(nèi)核只提供了經(jīng)典的UNIX自主
84、訪問(wèn)控制(root用戶(hù),用戶(hù)ID,模式位安全機(jī)制),以及部分的支持了POSIX.1e標(biāo)準(zhǔn)草案中的capabilities安全機(jī)制,這對(duì)于Linux系統(tǒng)的安全性是不足夠的,影響了Linux系統(tǒng)的進(jìn)一步發(fā)展和更廣泛的應(yīng)用。</p><p> 有很多安全訪問(wèn)控制模型和框架已經(jīng)被研究和開(kāi)發(fā)出來(lái),用以增強(qiáng)Linux系統(tǒng)的安全性,比較知名的有安全增強(qiáng)Linux(SELinux),域和類(lèi)型增強(qiáng)(DTE),以及Linux入侵檢
85、測(cè)系統(tǒng)(LIDS)等等。但是由于沒(méi)有一個(gè)系統(tǒng)能夠獲得統(tǒng)治性的地位而進(jìn)入Linux內(nèi)核成為標(biāo)準(zhǔn);并且這些系統(tǒng)都大多以各種不同的內(nèi)核補(bǔ)丁的形式提供,使用這些系統(tǒng)需要有編譯和定制內(nèi)核的能力,對(duì)于沒(méi)有內(nèi)核開(kāi)發(fā)經(jīng)驗(yàn)的普通用戶(hù),獲得并使用這些系統(tǒng)是有難度的。在 2001年的Linux內(nèi)核峰會(huì)上,美國(guó)國(guó)家安全局(NSA)介紹了他們關(guān)于安全增強(qiáng)Linux(SELinux)的工作,這是一個(gè)靈活的訪問(wèn)控制體系 Flask在Linux中的實(shí)現(xiàn),當(dāng)時(shí)Linux
86、內(nèi)核的創(chuàng)始人Linus Torvalds同意Linux內(nèi)核確實(shí)需要一個(gè)通用的安全訪問(wèn)控制框架,但他指出最好是通過(guò)可加載內(nèi)核模塊的方法,這樣可以支持現(xiàn)存的各種不同的安全訪問(wèn)控制系統(tǒng)。因此,Linux安全模塊(LSM)應(yīng)運(yùn)而生。</p><p> Linux安全模塊(LSM)是Linux內(nèi)核的一個(gè)輕量級(jí)通用訪問(wèn)控制框架。它使得各種不同的安全訪問(wèn)控制模型能夠以Linux可加載內(nèi)核模塊的形式實(shí)現(xiàn)出來(lái),用戶(hù)可以根據(jù)其需求
87、選擇適合的安全模塊加載到Linux內(nèi)核中,從而大大提高了Linux安全訪問(wèn)控制機(jī)制的靈活性和易用性。目前已經(jīng)有很多著名的增強(qiáng)訪問(wèn)控制系統(tǒng)移植到Linux安全模塊(LSM)上實(shí)現(xiàn),包括POSIX.1e capabilities,安全增強(qiáng)Linux(SELinux),域和類(lèi)型增強(qiáng)(DTE),以及Linux入侵檢測(cè)系統(tǒng)(LIDS)等等。雖然目前 Linux安全模塊(LSM)仍然是作為一個(gè)Linux內(nèi)核補(bǔ)丁的形式提供,但是其同時(shí)提供Linux
88、2.4穩(wěn)定版本的系列和Linux 2.5開(kāi)發(fā)版本的系列,并且很有希望進(jìn)入Linux 2.6穩(wěn)定版本,進(jìn)而實(shí)現(xiàn)其目標(biāo):被Linux內(nèi)核接受成為L(zhǎng)inux內(nèi)核安全機(jī)制的標(biāo)準(zhǔn),在各個(gè)Linux發(fā)行版中提供給用戶(hù)使用。</p><p> 2. 設(shè)計(jì)思想介紹:得讓兩方面都滿意</p><p> Linux安全模塊(LSM)的設(shè)計(jì)必須盡量滿足兩方面人的要求:讓不需要它的人盡可能少的因此得到麻煩;同
89、時(shí)讓需要它的人因此得到有用和高效的功能。 </p><p> 以Linus Torvalds為代表的內(nèi)核開(kāi)發(fā)人員對(duì)Linux安全模塊(LSM)提出了三點(diǎn)要求:</p><p> 真正的通用,當(dāng)使用一個(gè)不同的安全模型的時(shí)候,只需要加載一個(gè)不同的內(nèi)核模塊</p><p> 概念上簡(jiǎn)單,對(duì)Linux內(nèi)核影響最小,高效,并且能夠支持現(xiàn)存的POSIX.1e capabi
90、lities邏輯,作為一個(gè)可選的安全模塊</p><p> 另一方面,各種不同的Linux安全增強(qiáng)系統(tǒng)對(duì)Linux安全模塊(LSM)提出的要求是:能夠允許他們以可加載內(nèi)核模塊的形式重新實(shí)現(xiàn)其安全功能,并且不會(huì)在安全性方面帶來(lái)明顯的損失,也不會(huì)帶來(lái)額外的系統(tǒng)開(kāi)銷(xiāo)。</p><p> 為了滿足這些設(shè)計(jì)目標(biāo),Linux安全模塊(LSM)采用了通過(guò)在內(nèi)核源代碼中放置鉤子的方法,來(lái)仲裁對(duì)內(nèi)核內(nèi)部
91、對(duì)象進(jìn)行的訪問(wèn),這些對(duì)象有:任務(wù),inode結(jié)點(diǎn),打開(kāi)的文件等等。用戶(hù)進(jìn)程執(zhí)行系統(tǒng)調(diào)用,首先游歷Linux內(nèi)核原有的邏輯找到并分配資源,進(jìn)行錯(cuò)誤檢查,并經(jīng)過(guò)經(jīng)典的UNIX自主訪問(wèn)控制,恰好就在Linux內(nèi)核試圖對(duì)內(nèi)部對(duì)象進(jìn)行訪問(wèn)之前,一個(gè)Linux安全模塊(LSM)的鉤子對(duì)安全模塊所必須提供的函數(shù)進(jìn)行一個(gè)調(diào)用,從而對(duì)安全模塊提出這樣的問(wèn)題"是否允許訪問(wèn)執(zhí)行?",安全模塊根據(jù)其安全策略進(jìn)行決策,作出回答:允許,或者拒絕
92、進(jìn)而返回一個(gè)錯(cuò)誤。</p><p> 另一方面,為了滿足大多數(shù)現(xiàn)存Linux安全增強(qiáng)系統(tǒng)的需要,Linux安全模塊(LSM)采取了簡(jiǎn)化設(shè)計(jì)的決策。Linux安全模塊(LSM)現(xiàn)在主要支持大多數(shù)現(xiàn)存安全增強(qiáng)系統(tǒng)的核心功能:訪問(wèn)控制;而對(duì)一些安全增強(qiáng)系統(tǒng)要求的其他安全功能,比如安全審計(jì),只提供了的少量的支持。Linux安全模塊(LSM)現(xiàn)在主要支持"限制型"的訪問(wèn)控制決策:當(dāng)Linux內(nèi)核給予訪
93、問(wèn)權(quán)限時(shí),Linux安全模塊(LSM)可能會(huì)拒絕,而當(dāng)Linux內(nèi)核拒絕訪問(wèn)時(shí),就直接跳過(guò)Linux安全模塊(LSM);而對(duì)于相反的"允許型"的訪問(wèn)控制決策只提供了少量的支持。對(duì)于模塊功能合成,Linux安全模塊(LSM)允許模塊堆棧,但是把主要的工作留給了模塊自身:由第一個(gè)加載的模塊進(jìn)行模塊功能合成的最終決策。所有這些設(shè)計(jì)決策可能暫時(shí)影響了Linux安全模塊(LSM)的功能和靈活性,但是大大降低了Linux安全模塊
94、(LSM)實(shí)現(xiàn)的復(fù)雜性,減少了對(duì)Linux內(nèi)核的修改和影響,使得其進(jìn)入Linux 內(nèi)核成為安全機(jī)制標(biāo)準(zhǔn)的可能性大大提高;等成為標(biāo)準(zhǔn)后,可以改變決策,增加功能和靈活性。</p><p> 3. 實(shí)現(xiàn)方法介紹:對(duì)Linux內(nèi)核的修改</p><p> Linux安全模塊(LSM)目前作為一個(gè)Linux內(nèi)核補(bǔ)丁的形式實(shí)現(xiàn)。其本身不提供任何具體的安全策略,而是提供了一個(gè)通用的基礎(chǔ)體系給安全模塊
95、,由安全模塊來(lái)實(shí)現(xiàn)具體的安全策略。其主要在五個(gè)方面對(duì)Linux內(nèi)核進(jìn)行了修改:</p><p> 在特定的內(nèi)核數(shù)據(jù)結(jié)構(gòu)中加入了安全域</p><p> 在內(nèi)核源代碼中不同的關(guān)鍵點(diǎn)插入了對(duì)安全鉤子函數(shù)的調(diào)用</p><p> 加入了一個(gè)通用的安全系統(tǒng)調(diào)用</p><p> 提供了函數(shù)允許內(nèi)核模塊注冊(cè)為安全模塊或者注銷(xiāo)</p>
96、<p> 將capabilities邏輯的大部分移植為一個(gè)可選的安全模塊</p><p> 下面對(duì)這五個(gè)方面的修改逐個(gè)做簡(jiǎn)要的介紹。</p><p> 安全域是一個(gè)void*類(lèi)型的指針,它使得安全模塊把安全信息和內(nèi)核內(nèi)部對(duì)象聯(lián)系起來(lái)。下面列出被修改加入了安全域的內(nèi)核數(shù)據(jù)結(jié)構(gòu),以及各自所代表的內(nèi)核內(nèi)部對(duì)象:</p><p> task_struc
97、t結(jié)構(gòu):代表任務(wù)(進(jìn)程)</p><p> linux_binprm結(jié)構(gòu):代表程序</p><p> super_block結(jié)構(gòu):代表文件系統(tǒng)</p><p> inode結(jié)構(gòu):代表管道,文件,或者Socket套接字</p><p> file結(jié)構(gòu):代表打開(kāi)的文件</p><p> sk_buff結(jié)構(gòu):代表網(wǎng)
98、絡(luò)緩沖區(qū)(包)</p><p> net_device結(jié)構(gòu):代表網(wǎng)絡(luò)設(shè)備</p><p> kern_ipc_perm結(jié)構(gòu):代表Semaphore信號(hào),共享內(nèi)存段,或者消息隊(duì)列</p><p> msg_msg:代表單個(gè)的消息</p><p> 另外,msg_msg結(jié)構(gòu),msg_queue結(jié)構(gòu),shmid_kernel結(jié)構(gòu)被移到inc
99、lude/linux/msg.h和include/linux/shm.h這兩個(gè)頭文件中,使得安全模塊可以使用這些定義。</p><p> Linux安全模塊(LSM)提供了兩類(lèi)對(duì)安全鉤子函數(shù)的調(diào)用:一類(lèi)管理內(nèi)核對(duì)象的安全域,另一類(lèi)仲裁對(duì)這些內(nèi)核對(duì)象的訪問(wèn)。對(duì)安全鉤子函數(shù)的調(diào)用通過(guò)鉤子來(lái)實(shí)現(xiàn),鉤子是全局表security_ops中的函數(shù)指針,這個(gè)全局表的類(lèi)型是security_operations結(jié)構(gòu),這個(gè)結(jié)構(gòu)定
溫馨提示
- 1. 本站所有資源如無(wú)特殊說(shuō)明,都需要本地電腦安裝OFFICE2007和PDF閱讀器。圖紙軟件為CAD,CAXA,PROE,UG,SolidWorks等.壓縮文件請(qǐng)下載最新的WinRAR軟件解壓。
- 2. 本站的文檔不包含任何第三方提供的附件圖紙等,如果需要附件,請(qǐng)聯(lián)系上傳者。文件的所有權(quán)益歸上傳用戶(hù)所有。
- 3. 本站RAR壓縮包中若帶圖紙,網(wǎng)頁(yè)內(nèi)容里面會(huì)有圖紙預(yù)覽,若沒(méi)有圖紙預(yù)覽就沒(méi)有圖紙。
- 4. 未經(jīng)權(quán)益所有人同意不得將文件中的內(nèi)容挪作商業(yè)或盈利用途。
- 5. 眾賞文庫(kù)僅提供信息存儲(chǔ)空間,僅對(duì)用戶(hù)上傳內(nèi)容的表現(xiàn)方式做保護(hù)處理,對(duì)用戶(hù)上傳分享的文檔內(nèi)容本身不做任何修改或編輯,并不能對(duì)任何下載內(nèi)容負(fù)責(zé)。
- 6. 下載文件中如有侵權(quán)或不適當(dāng)內(nèi)容,請(qǐng)與我們聯(lián)系,我們立即糾正。
- 7. 本站不保證下載資源的準(zhǔn)確性、安全性和完整性, 同時(shí)也不承擔(dān)用戶(hù)因使用這些下載資源對(duì)自己和他人造成任何形式的傷害或損失。
最新文檔
- Linux安全模塊LSM研究及改進(jìn).pdf
- LINUX系統(tǒng)安全研究——基于LSM架構(gòu)的MAC模塊設(shè)計(jì)與實(shí)現(xiàn).pdf
- 基于通用訪問(wèn)控制框架LSM的Linux安全內(nèi)核的研究.pdf
- linux系統(tǒng)簡(jiǎn)介外文翻譯
- 基于LINUX安全模塊的RSBAC研究.pdf
- 外文翻譯----linux網(wǎng)絡(luò)棧剖析
- 基于LSM框架的安全模塊管理器的設(shè)計(jì)與實(shí)現(xiàn).pdf
- 外文翻譯--無(wú)線收發(fā)模塊
- 外文翻譯--無(wú)線收發(fā)模塊
- 外文翻譯--嵌入式linux概述
- 基于LSM的安全審計(jì)系統(tǒng).pdf
- 基于Linux安全模塊的程序行為異常檢測(cè)研究.pdf
- 物理隔離網(wǎng)閘Linux內(nèi)核安全模塊的設(shè)計(jì).pdf
- 基于LSM的安全機(jī)制的研究.pdf
- 時(shí)鐘模塊外文文獻(xiàn)及翻譯
- 外文翻譯--創(chuàng)建位控模塊程序
- linux在嵌入式的應(yīng)用外文翻譯
- 外文翻譯---為城市地下通道建造安全模塊土耳其地鐵車(chē)站
- 外文翻譯---為城市地下通道建造安全模塊土耳其地鐵車(chē)站
- 安全專(zhuān)業(yè)外文翻譯
評(píng)論
0/150
提交評(píng)論