deeja blog

  • Analyzing Linux Kernel security subsystems – A beginner’s guide

    Introduction

    Greetings, everyone! I am an Outreachy Intern at the Linux Kernel. In this blog, I’ll simplify the concept of Linux Kernel security subsystems and explain how my work revolves around analyzing their effectiveness. In case you are curious about Linux Kernel security and don’t know where to start, you are at the right place. So, let’s dive in!

    Linux Kernel Security Model

    To begin, you might or might not be familiar with the Linux Kernel, it is the core component of the Linux operating system. The word ‘kernel’ is used for the seed that is inside the fruit or nut shell. Similarly, you can say that the Linux Kernel exists within the Linux OS and controls all the major functions of the hardware.

    Since Linux is a Unix-like Operating System, its security model is based on the Unix security model. And the Unix security model built from the late 1960’s does not fulfill the security needs of the Internet age. In order to enhance the security of Linux Operating System, new features have to be added in such a way that they are compatible with the existing design of the system. Hence, we use security subsystems that work as Linux Kernel security extensions, making Tux(penguin from the Linux logo) more secure and tough. 💪💪

    Security Subsystems

    Security subsystems are mechanisms and frameworks that are integrated into the kernel to enhance its security. Security subsystems work together to,

    • Enforce access control: Regulate who can access specific system resources and what actions they can perform. Make sure that only authorized users or processes can access resources and perform actions based on defined permissions.
    • Mediate system calls: System calls allow applications to request services from the kernel, such as reading or writing files, creating processes, or allocating memory. The security subsystems mediate these system calls and prevent unauthorized or malicious use of system resources.
    • Mitigate vulnerabilities: Security subsystems implement various mechanisms to mitigate vulnerabilities. Such as timely security updates, memory protection, input validation etc.

    One of the key Linux Kernel security subsystems are LSMs (e.g., SELinux and Landlock).

    Linux Security Modules

    Linux Security Modules(LSMs) allow the implementation of various access control models within the kernel. LSM allows multiple security modules to coexist and work together. The LSM frameworks provide LSM hooks that are control points at various points in the kernel’s execution flow, allowing the security modules to intercept and modify the behavior of certain operations. They help authorize critical security interactions within the kernel. 

    Major LSM frameworks, such as SELinux, AppArmor, and Smack, utilize these hooks to enforce their security policies and control access to system resources. By understanding these hooks, we gain insight into the scope, features and functionality of different LSM frameworks.

    Kernel Fuzzing

    Fuzzing involves using specialized tools to generate and execute a large number of test cases on the Linux Kernel. By intentionally injecting unexpected inputs, we can uncover weaknesses and observe how the kernel handles them. Fuzzing helps us explore possible vulnerabilities and assess the effectiveness of the LSM frameworks.

    Project Goals

    This project aims to identify potential security violations that might occur when multiple security subsystems interact. Since these subsystems have distinct designs and features, their combined work can introduce vulnerabilities. Finding potential security vulnerabilities can help improve the overall security of the Linux Kernel. This work might lead to the improvement of an existing security analysis tool or to building a new tool.

    If you’re interested in learning more about fuzzing the Linux Kernel or gaining insights into kernel security subsystems, I recommend checking out the following resources:

    Until next time, best of luck with your own security analysis and fuzzing endeavours.😊

    Connect: GitHub Twitter LinkedIn

  • My Journey Begins as a Linux Intern with Outreachy

    Hello everyone! 😊 I am Khadija Kamran from Lahore, Pakistan. Welcome to this introductory blog about my open-source internship with Outreachy.

    Outreachy is an incredible and supportive community that offers open-source internships, empowering individuals and helping them in their technical careers.

    Open-source and Linux kernel

    If you are new to the world of open-source, fear not! I was in your shoes just a few months ago. Let me assure you that once you start, you’ll discover a supportive community and a truly satisfying experience of contributing to the huge open-source projects. So, let’s dive in and explore this exciting realm together!

    We often hear about copyrights, but have you ever encountered the concept of “copyleft”? Open-source operates on this principle, making its source code freely available for everyone. Open-source software is both liberating and empowering, as it can be used, redistributed, and repackaged without limitations.


    Since I am interning at Linux Kernel, I would like to write a few words about it. Linus Torvalds, one of the founding fathers of open-source, developed Linux Kernel in 1991, the first open-source operating system. Back then the idea of open-source was very new. Linus invited the world to contribute to Linux, he believed in collective wisdom and democratized software development. Today, Linux is the most widely adopted Operating System out there.

    Here is a picture of Linus working in his home office, where he continues to develop the world’s most important OS.

    My Journey and My Motivation

    I am, thrilled to be part of the great Linux Operating Systems project.

    I am a Software Engineer from Pakistan. I graduated from NUST in 2020 as a Software Engineer. I’ve been fortunate enough to get good education.

    However, I am acutely aware that many talented and compassionate individuals in my country possess far greater abilities than I do. But they are poverty stricken and they struggle to find food for themselves. This realization is a constant source of my motivation, reminding me of my responsibility towards the unprivileged.

    I wish to do meaningful work that can benefit my society, even if it means making the tiniest of differences. I pour my heart and soul into everything I do, striving for perfection. It may seem that my contributions are small and inconsequential today, but I firmly believe that if I remain consistent, I might be able to make a small positive change.

    Small changes add up to something big eventually. With this belief in my heart, I envision a future where every individual, regardless of their background, has the opportunity to thrive and succeed.


    Let us embrace the transformative power of open source, as we work towards creating a world where knowledge, collaboration, and inclusivity pave the way for innovation and positive change.


    Stay tuned for my upcoming post, where I will delve into Outreachy and how you can apply to this amazing program. Until then, keep exploring, keep learning, and keep embracing the magic of open source! ✨💕

    Contact me: GitHub Twitter LinkedIn

    , , , , ,
Design a site like this with WordPress.com
Get started