Evaluation of Performance of Secure OS Using Performance Evaluation Mechanism of LSM-Based LSMPMON

• Published in: Security Technology, Disaster Recovery and Business Continuity Vol. 122; pp. 57 - 67
• Main Authors: Yamamoto, Kenji, Yamauchi, Toshihiro
• Format: Book Chapter
• Language: English
• Published: Germany Springer Berlin / Heidelberg 2010; Springer Berlin Heidelberg
• Series: Communications in Computer and Information Science
• Subjects: Linux; LSM; Performance Evaluation; Secure OS
• ISBN: 3642176097; 9783642176098
• ISSN: 1865-0929; 1865-0937
• DOI: 10.1007/978-3-642-17610-4_7

Security focused OS (Secure OS) is attracting attention as a method for minimizing damage caused by various intrusions. Secure OSes can restrict the damage due to an attack by using Mandatory Access Control (MAC). In some projects, secure OSes for Linux have been developed. In these OSes, different implementation methods have been adopted. However, there is no method for easily evaluating the performance of the secure OS in detail, and the relationship between the implementation method and the performance is not clear. The secure OS in Linux after version 2.6 has often been implemented by Linux Security Modules (LSM). Therefore, we determine the effect of introducing the secure OS on the performance of the OS, and a characteristic by the difference of the implementation method by using the overhead measurement tool, the LSM Performance Monitor (LSMPMON); the LSMPMON can be used to evaluate three different secure OSes.