* RFC - Kernel Process Firewall
@ 2003-12-25 6:01 raj
2003-12-30 23:49 ` David Wagner
0 siblings, 1 reply; 2+ messages in thread
From: raj @ 2003-12-25 6:01 UTC (permalink / raw)
To: linux-kernel
Folks,
I have been working on a project called "Kernel Process Firewall (KPF)"
that is nearing completion. The goal of the project is to provide users
the ability to trace, monitor and control the system calls made by any
process. I expect KPF to be of great value to system administrators,
security analysts and researchers in general and solicit your comments.
Some of you may have seen version 0.1 of the RFC which I mailed out
earlier this month, just before I started work on the project. I have
added more details in version 0.2, which is available from
http://www.cs.wisc.edu/~raj/comminst/RFC
If any of you'd be interested in accessing the code, I'll make it available.
Thanks in advance,
Raj
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: RFC - Kernel Process Firewall
2003-12-25 6:01 RFC - Kernel Process Firewall raj
@ 2003-12-30 23:49 ` David Wagner
0 siblings, 0 replies; 2+ messages in thread
From: David Wagner @ 2003-12-30 23:49 UTC (permalink / raw)
To: linux-kernel
raj wrote:
>I have been working on a project called "Kernel Process Firewall (KPF)"
>that is nearing completion. The goal of the project is to provide users
>the ability to trace, monitor and control the system calls made by any
>process.
Some comments:
1) There's a great deal of related and prior work in this area.
Take a look, for instance, at Janus, consh, MapBox, SubDomain, Ostia, ...
http://www.cs.berkeley.edu/~daw/janus/
2) There are some real problems with using system call interception
for this purpose. There are TOCTTOU races, synchronization issues, ...
http://www.stanford.edu/~talg/papers/pubs.html
3) Have you looked at the LSM (Linux Security Modules) project?
It looks to me like this is what you want to be using, and it avoids
the problems with system call interposition.
http://lsm.immunix.org/
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2003-12-30 23:54 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2003-12-25 6:01 RFC - Kernel Process Firewall raj
2003-12-30 23:49 ` David Wagner
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).