Development of a secure Linux distribution
Τσεσμετζής, Παναγιώτης Μ.
SubjectΗλεκτρονικοί υπολογιστές -- Λειτουργικά συστήματα ; Linux ; Ηλεκτρονικοί υπολογιστές -- Προστασία
The various forms of UNIX inherently suffer from security issues. However, forms of the Unix OS family are widely used, often in critical applications. The aim of this work is to present the process of developing a new operating system, based on Linux. The system will be developed from the outset from source code, not based on any existing distribution and will emphasize on the shielding of the entire system and its individual parts in order to provide better security and be able to accommodate critical (military grade) applications of interest. This thesis presents the process of creating a secure OS in two stages. At a first stage, all the steps necessary to construct a brand new open source operating system based on Linux are followed. To achieve this goal, the Linux from Scratch (LFS) project is utilized. The outcome is a new basic Linux operating system with the minimum amount of software needed to operate and is based on the Linux 3.10.10 Kernel. At a second stage, security measures to harden the security of the new OS are explored. All major Linux Security Modules (LSM) and security suites are presented and a framework for their comparison based on common attributes is suggested. Using this framework, the Security Enhanced Linux (SELinux) project is chosen to harden the new OS. The suite is then more thoroughly presented and applied. Other security measures for further hardening our new system are presented and applied when possible. As a last step, we explore other possibilities for evolving our security hardened OS implementation.