Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

SELinux security identifier anti-tamper detection method and system

A security identifier and tamper detection technology, applied in the field of Linux system security, can solve problems such as access control mechanism bypass, SELinux security identifier illegal tampering, etc.

Active Publication Date: 2018-04-13
NAT UNIV OF DEFENSE TECH
View PDF8 Cites 7 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0007] To sum up, the SELinux security identifier of the Linux system may be illegally tampered with through the kernel-level privilege escalation vulnerability, so that the inspection of the access control mechanism is bypassed

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • SELinux security identifier anti-tamper detection method and system
  • SELinux security identifier anti-tamper detection method and system
  • SELinux security identifier anti-tamper detection method and system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0026] Such as figure 2 As shown, the implementation steps of the SELinux security identifier anti-tampering detection method of this embodiment include:

[0027] 1) Establish a mapping relationship table pst of a process ID and its security identifier SID, and when the system creates a process, use the process ID as an index, and insert the process ID and its security identifier SID as a new node into the mapping relationship table pst ; When the process is withdrawn, delete the node indexed by the process ID from the mapping relationship table pst; when the system changes the security identifier SID of the process through the legal call interface, then update the process ID and its security identifier SID in the mapping relationship table pst , so that the mapping relationship between the process ID and its security identifier SID in the mapping relationship table pst is always kept up-to-date;

[0028] 2) When a process executes a new program, first detect whether the sec...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a SELinux security identifier anti-tamper detection method and system. The method comprises the implementation steps of: establishing a mapping relational table of processes and security identifiers thereof, when a process is created, taking the process and the security identifier thereof as new nodes to be inserted into the mapping relational table, when the process is removed, deleting the nodes, and updating the nodes when change is generated through a legal calling interface; and, when the process executes a new program, performing legality detection on a security identifier of a parent process, if the security identifier of the parent process is not same as the security identifier in the mapping relational table, recovering the security identifier of the parentprocess according to the mapping relational table, and starting to execute by setting the security identifier of the parent process as the default security identifier of a sub-process. By means of the SELinux security identifier anti-tamper detection method and system disclosed by the invention, illegal tampering on the security identifier of the process by an attacker using a kernel root attackmeans can be detected; furthermore, the security identifier of the process is recovered to the security identifier before illegal tampering; and the attacker can be prevented from breaking through security protection on the system by SELinux through the kernel root attack means.

Description

technical field [0001] The invention relates to the field of Linux system security, in particular to an SELinux security identifier anti-tampering detection method and system. Background technique [0002] The system administrator of the Linux operating system has the privilege of accessing and managing all resources within the system, and has become one of the main targets of malicious attackers. Under normal circumstances, after malicious attackers obtain general system permissions through remote attacks, etc., they often use the system's privilege escalation loopholes to carry out privilege escalation attacks, gaining system root privileges and controlling the system overall. In order to protect the privileges of system administrators, the mandatory access control mechanism of the operating system breaks the privileges of the root user, and controls and manages the access control behavior between various objects in the system according to different access control security...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/54G06F21/64
CPCG06F21/54G06F21/64
Inventor 丁滟左玉丹魏立峰戴华东谭郁松黄辰林董攀
Owner NAT UNIV OF DEFENSE TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com