Title :
Safe kernel programming in the OKE
Author :
Bos, Herbert ; Samwel, Bart
Author_Institution :
Leiden Inst. of Adv. Comput. Sci., Leiden Univ., Netherlands
Abstract :
This paper describes the implementation of the OKE, which allows users other than root to load native and fully optimised code in the Linux kernel. Safety is guaranteed by trust management, language customisation and a trusted compiler. By coupling trust management with the compiler, the OKE is able to vary the level of restrictions on the code running in the kernel, depending on the programmer´s privileges. Static sandboxing is used as much as possible to check adherence to the security policies at compile time.
Keywords :
network operating systems; operating system kernels; program compilers; Linux kernel; OKE; language customisation; open kernel environment; operating system; security-sensitive system; static sandboxing; trust management; trusted compiler; Computer science; Filters; Java; Kernel; Linux; Operating systems; Program processors; Runtime; Safety; Virtual machining;
Conference_Titel :
Open Architectures and Network Programming Proceedings, 2002 IEEE
Print_ISBN :
0-7803-7457-6
DOI :
10.1109/OPNARC.2002.1019235
