Linux kernel loadable wrappers

摘要

This paper describes the results of the Hypervisors for Security and Robustness (Kernel Hypervisors) program. Using the concept of a loadable module, kernel loadable wrappers (KLWs) were implemented in a Linux kernel. These kernel loadable wrappers provide unbypassable security wrappers for application specific security requirements and can also be used to provide replication services. KLWs have a number of potential applications, including protecting user systems from malicious active content downloaded via a Web browser and wrapping servers and firewall services for limiting possible compromises. This paper also includes a summary of the composability analysis that was done on the program.