Linux Kernel-level Work

MAC using system-call filtering

This project aimed at implementing a Mandatory Access Control system for Linux kernel using a system-call filtering mechanism. It implemented a generic system call filtering hook framework into the Linux kernel. The MAC logic was placed in modules which could be compiled into the kernel or built as Kernel Loadable Modules. These MAC modules used the generic filtering hook framework. This architecture was inspired by the netfilter/iptables implementation for packet filtering.

MAC using LSM framework

Linux Security Modules is a generic framework for building security modules in the Linux Kernel. It was developed as a part of the SELinux (Security Enhanced Linux) project of NSA. LSM provides a framework for protecting kernel objects. This approach is much more powerful than system call filtering technique for implementing a MAC system. The LSM framework was studied and the system-call filtering-based system was reimplemented using LSM.

Protected-mode OS Kernel for Data acquisition

This project involved development of a custom 32-bit protected-mode kernel. The kernel source compiles with GCC and boots with GRUB. The kernel is being developed to be used in a data acquisition and transmission system. It has the following functionalities:

• Runs fully in 32-bit protected mode on i386 platforms
• Has built-in tasks for data acquisition and transmission
• Detects PCI devices in the system
• Has Realtek ethernet driver, a floppy driver, and a virtual terminal driver.
• Has UDP/IP implementation.

For any comments or suggestions please use the address below.