【正文】 濱州學(xué)院 專業(yè)外文翻譯 題 目 Linux security module (LSM) 系 （院） 計(jì)算機(jī)科學(xué)技術(shù)系 專 業(yè) 軟件技術(shù) 班 級 2020 級 1 班 學(xué)生姓名 董強(qiáng) 學(xué) 號(hào) 2020200806 指導(dǎo)教師 趙春波 職 稱 講師 二 〇一一 年 五 月 八 日 濱州學(xué)院畢業(yè)設(shè)計(jì)（專業(yè)外文翻譯） 1 Linux security module (LSM) Linux security module (LSM) is a lightweight Linux kernel universal access control framework. This paper introduces Linux security module (LSM) related background, design idea and realization method。 And instructions on how to use Linux security module (LSM) to enhance the security of Linux system: on the one hand is for the kernel development personnel and security researchers used interface, on the other hand is for ordinary users use of modules, and the specific use method. If the reader has Linux kernel and safety related background knowledge, can help to the article understood。 If do not have, can read this article last reference material listed in the IBM dW on the three articles. 1. Related background introduction: why and what In recent years because of its excellent Linux system performance and stability, ope n source characteristic brings flexibility and expansibility, and a low cost, by the puter industry wide attention and applications. But in safety, Linux kernel provides only classic UNIX independent access control (root user, the user ID, mode a security mechanism), and parts of the POSIX support 1e capabilities of the draft standards j security mechanism and the security of the system for the Linux is not enough, the impact of the Linux system further development and more extensive application. There are many security access control model and the frame has been studied and developed to enhance the security of Linux, pares wellknown have security enhancements Linux (SELinux), the domain and type enhancement (DTE), and Linux intrusion detection systems (LIDS), etc. But since no one system can get into Linux dominant position kernel bee standard。 And most of these systems in various forms of the kernel patch provides, use these system needs a piler and custom kernel ability, for no kernel development experience of ordinary users, to obtain and use these system is difficult. In 2020, the Linux kernel summit on national security agency (NSA) United States introduced them about security enhancements Linux (SELinux) work, this is a flexible access control system to achieve the Flask, when the Linux kernel Linus Torvalds founder of the Linux kernel does need a agreed to Linux general security access control 濱州學(xué)院畢業(yè)設(shè)計(jì)（專業(yè)外文翻譯） 2 framework, but he pointed out that is the best way I can load kernel modules, so that can support method of the safety of the existing various access control system. Therefore, Linux security module (LSM) came into being. Linux security module (LSM) is a lightweight Linux kernel universal access control framework. It makes all sorts of different security access control model can to Linux kernel module can be loaded the form of e out, the user can realize according to its needs to choose suitable safety modules loaded into the Linux kernel, which greatly improve the Linux security access control mechanism of flexibility and accessibility. At present there are many famous enhance access control system transplanted into Linux security module (LSM) implemented, including POSIX 1e capabilities, security enhancements j SELinux), domain (Linux and type enhancement (DTE), and Linux intrusion detection systems (LIDS), etc. Although at present the Linux security module (LSM) is still as a Linux kernel patch form, but it also provides provide Linux stable version of the series and Linux development version of the series, and hopefully into the Linux version, and stable meet its goals: be Linux kernel accepted as Linux kernel security mechanism standard, in every Linux release in which offers users use. 2. Introduced: let design thinking both satisfaction Linux security module (LSM) design must try to meet the requirements of two aspects: let not man who need them as little so getting in trouble。 Meanwhile let those who need it so to get useful and efficient function. Linus Torvalds represented by the kernel developers to Linux security module (LSM) proposes three requirements: True universal, when using a different security model, only need to load a different kernel modules Concept of Linux kernel, simple, efficient, and minimal effects that can support the existing POSIX 1e capabilities logic, j as an optional security module On the other hand, all sorts of different Linux security enhancements system for Linux security module (LSM) request is: can allow them to the form of loading kernel modules to achieve its security functions, and not in safety brings apparent loss, will also 濱州學(xué)院畢業(yè)設(shè)計(jì)（專業(yè)外文翻譯） 3 bring extra system overhead. In order to satisfy the design goal, Linux security module (LSM) adopted in the kernel code by the method of placing hooks to arbitration for kernel internal objects visit, these objects are: inode node, task, open files, etc. User process execution system, the first travel Linux kernel call of the original logic find and allocation of resources, error checking, and after classic UNIX independent access control in Linux kernel, just trying to visit to internal object, before a Linux security module (LSM) which hooks for safety of function module must be provided for a call for security module, and raise the question whether to allow access execution? According to its security, security module making decisions, to answer strategy allows, or refused to then return an error. On the other hand, in order to satisfy the most existing Linux security enhancements system need, Linux security module (LSM) adopted a simplified design decisions. Linux security module (LSM) now main support most existing security