Enhancing access control with SysGuard, a reference monitor supporting portable and composable kernel module

• Published in: 2002 Pacific Rim International Symposium on Dependable Computing, 2002. Proceedings pp. 167 - 176
• Main Authors: Shinjo, Y., Eiraku, K., Suzuki, A., Itano, K., Pu, C.
• Format: Conference Proceeding
• Language: English
• Published: IEEE 2002
• Subjects: Access control; Computer bugs; Computer networks; Educational institutions; Guidelines; Kernel; Monitoring; Operating systems; Portable computers; Security
• ISBN: 0769518524; 9780769518527
• DOI: 10.1109/PRDC.2002.1185635

To install security modules or reference monitors into operating system kernels is a common and effective way for enhancing access control for networks. However, security modules in conventional kernel-level reference monitors are usually not portable to other kernels and require detailed knowledge about kernel internals. Furthermore, different security modules are often not composable and conflict with each other. This paper describes a reference monitor called SysGuard that addresses these problems. SysGuard uses modules called guards that are invoked before or after the execution of system calls. Unlike kernel-specific security modules, guards are attached to standard system calls that enhance their portability. The guard scoping on a per-process basis improves composability of individual guards, and it is implemented efficiently by using a per-process jump table of system calls. This paper describes the implementation of restricted execution environments for networks by composing simple and portable guards, and shows the advantages of the SysGuard security framework.