A master thesis from Aalborg University
Umbrella, We cant prevent the rain - But we dont get wet
Forfatter(e)
Semester
4. semester
Uddannelse
Udgivelsesår
2004
Afleveret
2012-02-14
Abstract
This masters thesis describes the Umbrella security mechanism for Linux on handhelds. Umbrella implements a combination of process based mandatory access control and authentication of files. Umbrella is implemented on top of the Linux Security Modules framework in Linux kernel 2.6. A HP iPAQ PDA has been used for implementation and testing purposes. The mandatory access control scheme is enforced at process level, by a set of restrictions for each process, where every process has at least the restrictions of its parent. When a process spawns a new child process, it is possible for the programmer to specify a more restrictive context for this child. Thus, it is possible for the programmer to enforce the principle of least privilege for possibly dangerous child processes. Vendors provides signed executables by means of public key cryptography. The signature consists of a set of restrictions to be set on time of execution and a hash value of the executable. The latter enables Umbrella to check if the file has been altered. The process based MAC part of Umbrella have been successfully implemented, and file system relevant implementation is pending work. Furthermore, Umbrella have been benchmarked for performance and methods for verifying LSM have been investigated.
Kolofon: Denne side er en del af AAU Studenterprojekter — Aalborg Universitets studenterprojektportal. Her kan du finde og downloade offentligt tilgængelige kandidatspecialer og masterprojekter fra hele universitetet fra 2008 og frem. Studenterprojekter fra før 2008 kan findes i trykt form på Aalborg Universitetsbibliotek.
Har du spørgsmål til AAU Studenterprojekter eller Aalborg Universitets forskningsregistrering, formidling og analyse, er du altid velkommen til at kontakte VBN-teamet. Du kan også læse mere i AAU Studenterprojekter FAQ.