IMPLEMENTATION AND AUTOMATIC
TESTING FOR SECURITY
ENHANCEMENT OF LINUX
BASED ON LEAST PRIVILEGE
-Nandini BV
CONTENTS/AGENDA
Abstract
 Automatization of Security testing for SOS
 Security enhancement of Linux based on LPM
 Automatic security testing of LPM
 Summary
 References

ABSTRACT
In this paper, methods and technologies about
how to test a SOS automatically are discussed.
 Least privilege is studied and the corresponding
modules of security enhancement are added to
Linux based on Linux Kernel Modules (LKM).
 Finally, a prototype of automatic security testing
as to such least privilege mechanism is
implemented.
 Results are analysed.

EXTENSIONS OF SECURITY TESTING FOR
SOS
FRAMEWORK OF AUTOMATIC TESTING
PLATFORM FOR SOS
MODULAR DESIGN FOR SYSTEM CALL
TESTERS
Basic steps to test a system
call
Modular structure of a
system call tester
SECURITY ENHANCEMENT AS TO LINUX
BASED
ON LEAST PRIVILEGE
The algorithm can be described as follows:
 pI* = pI | pIadd
 pE' = ( fP | ( fI & pI*) ) ) & fE & pB & gB
 pI' = pI* & fI & fB
 pB' = pB & fB
ARCHITECTURE OF SOS PROTOTYPE
MODULAR PACKAGE STRUCTURE OF SOS
AUTOMATIC SECURITY TESTING OF LEAST
PRIVILEGE MECHANISMS
Analysis of testing target
 Design and implementation of automatic
security testing platform.
 Components of automatic testing security
platform

ARCHITECTURE OF THE SOS
PROTOTYPE
TESTS AND RESULTS
TESTS


RESULTS
Set up testing
environment e.g.
install SEM
Execute Testing on
process privileges and
process execution
before install SEM

No error occur for
testing before
installing SEM and
installing itself

Execute testing on
installing SEM
Execute testing on
-role privilege
-process privilege
-SEM uninstalling
etc after install SEM.



Expected errors are
returned under the
condition of exceeding
one’s authority for
access testing
Only security
manager and system
operator execute
uninstall operations
work successfully.
SUMMARY
Automatic security testing methods for SOS put
forward in this paper are feasible and effective.
 They can be improved and extended to be used to
build up automatic security testing platform for
entire SOS and implement deep security tests in
the next step.
 Automatization of generating test cases based on
security requirement and/or security evaluation
criteria can be further studied in future.

REFERENCES
[1] Gaoshou Zhai, Zeng Jie, Miaoxia Ma, Liang
Zhang,“Automatization of security testing as to
secure operating system”, Proceedings of CNCC
2007, Tsinghua university printing house,
2007.(in Chinese)
 [2] Pihui Wei, Sihan Qing, Jian Huang, "An
evaluation system for secure operating system",
Computer Engineering,vol.29, no.22, 2003,
pp.135-137.(in Chinese)
 [3] R.S.Sandhu, et al. “Role Based Access Control
Models”, IEEE Computer 29(2): 38-47, IEEE
Press, 1996.

THANK YOU!!