.:Components:.

Software Status

We used kernelSec at UIC in CS 587, Computer Systems Security in Fall, 2006, thus entering into alpha testing. We plan to have a software release in 2007.

Poster Presentations

.

  • November 2006, Poster and demo at Operating System Design and Implementation in Seattle (Radhakrishnan)
  • September 2006, Poster at the Midwest Security Workshop in Urbana-Champlain (Radhakrishnan)
  • August 2006 poster as Usenix Security (Radhnakrishnan)

Talks

.

  • November 2006, at Georgia Institute of Technology, Atlanta (Solworth)
  • November 2006, at IEEE TrustCol in Atlanta (Solworth)
  • October 2006, at IWSEC in Kyoto (Dranger)
  • May 2006, at the Midwest Security Workshop in Chicago (Radhakrishnan)
  • April 2006, at IEEE International Workshop on Information Assurance in London (Solworth)
  • March 2006, at ACM AsiaCCS in Taiwain (Solworth)

KernelSec is intended to provide a broad range of authorization and authentication, and to eventually replace Unix's authorization model. The primary components are:

  • kernelSec kernel module: this consists of a dynamically loadable kernel module which in turn relies on LSM. The kernel module implements hook functions to do authorization checks and a few system calls. It allows Unix programs and kernelSec processes to coexists on the same compure

  • kernelSecD user space daemon: downloads configuration and helps the kernel create groups.
  • factoring software: translates high level specifications into kernelSec configurations (as read by kernelSecD).
  • SayAnything certificate software: this allows us to create certificates for distributed authentication.