This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.
Linux is one of the popular, free and open source operating systems in the world. There is a big developing community around the Linux operating system, because it is free and open source. So there are a lot of security features in Linux operating system. But the source can be seen by anyone, attackers can easily find out the weak points of Linux system. So there are vulnerabilities in Linux operating systems. Security features of Linux operating system and vulnerabilities will be discussed in this review paper. Security feature has been divided in to two main parts. They are Linux Kernel level security and Linux User level security. There are some errors and vulnerabilities in Linux Kernel and peoples also have developed some security features to avoid them. Data needs more security when it is being transmitted via a network. Linux is best as a server operating system. There is a lot of security features to protect data that is being transmitted. User level security is another essential aspect of operating system security. Linux has some good security features such as disk encrypting, permission granting options, namespaces, network securities, etc. Therefore Linux has become a powerful, secure, free and open source operating system in the world.
Security is one of major issues in the IT field. None of the systems in the world are 100% secured. When we consider about any area in IT, security is a must, because data and other related resources should be protected from unauthorized parties. Security is also one of essential parts of an operating system. If there are no proper security mechanisms in an operating system, it will be useless. Therefore people who develop operating systems try to improve security of the operating system and minimize errors and vulnerabilities. Linux is free and open source operating system which has a lot of security features to avoid unauthorized access to data. Linux is popular, as an operating system in both mobile and PC markets. Identification and Authentication, Authorization, Access Control, Confidentiality, Integrity, Availability, Accountability and Non-Repudiation are the recommendations for operating system security . Figure 1 describes security situations of different desktop environments. Different environments must have different levels of security. Therefore three main aspects of security have been considered in this review paper.
Linux was started with traditional UNIX security features. Discretionary Access Control (DAC) was the main security mechanism used in that time. UNIX was not designed with proper security mechanisms. Although security was enhanced with the time, it was constrained by traditional UNIX design, POSIX (Portable Operating System Interface), etc .
2. Linux- Kernel Security
Kernel is one of the most important layers in an operating system, because it connects software and hardware. If Kernel is vulnerable, it is harmful for both software and hardware. When we talking about Linux Kernel, there are a lot of security features as well as vulnerabilities. These vulnerabilities are created because of mistakes of the developers. Most of the vulnerabilities can act in different ways. Memory corruption and Policy violation are two ways of acting vulnerabilities. Vulnerabilities can be divided into 7 categories. These are the recognized categories .
2.1 Ways of acting vulnerabilities
2.1.1 Memory corruption
Memory corruptions can be happened when a program modified memory locations unintentionally due to an error in the program, then corrupted memory locations are used by the program later. Memory corruptions can be caused to program crash or strange behavior of the program .
2.1.2 Kernel Security policy violations
There are number of security policies in the Linux Kernel. These policies are used to ensure the security of the system. Identification and authentication policy, Access control policy and Physical security policy are some important policies in Linux Kernel. These policies can be violated due to the vulnerabilities of the Kernel. Covert channels, unauthorized accesses can be occurred because of security policy violations .
2.1. Vulnerabilities of Linux Kernel
Missing Pointer Check: - Kernel ignores access_ok (Function used to check valid user space pointers) or misuses faster operations such as __get_user. These kinds of bugs allow reading or writing kernel memory locations to unprivileged process. Memory corruptions can be occurred because of this kind of bugs.
Missing Permission Check: - Kernel does the privilege operations without checking the calling operation has the privilege to perform. Kernel policy violations can be occurred because of this kind of bugs.
Buffer overflow: - Kernel incorrectly checks upper and lower level bounds when accessing a buffer, allocates smaller buffer than required, use unsafe string manipulation functions, etc can be defined as buffer overflows. Buffer overflows can be caused to memory corruptions.
Integer overflow: - Kernel performs some operations which generate some integer overflows, underflows or sign errors.
Uninitialized data: - The kernel copies the contents of a kernel buffer to user space without zeroing unused fields. As a result of this, sensitive data such as variables of the Kernel stack can be leaked into user processes.
Memory mismanagement: - We can consider extraneous memory consumptions, memory leaks and double free as vulnerabilities of the memory management. Deniel of service (DoS) attacks can create this kind of bugs.
Miscellaneous: - Null pointer differences; divide by Zero, infinite loops, deadlocks and data races can be defined miscellaneous. They create process crashes, kernel panics, or hangs.
2.2. Kernel Security Implementations
To avoid these vulnerabilities there are a lot of security implementations for the Linux kernel. Some of them have been described below.
In March 2001, the National Security Agency (NSA) gave a presentation about Security-Enhanced Linux (SELinux) at the 2.5 Linux Kernel Summit. SE Linuxis a security module which supports access control security policies. This includes Mandatory Access Control mechanism. SE Linux based on Flask security architecture. The Flask security architecture provides a clean separation between the policy-enforcement code and the policy decision-making code. Adding a new level of indirection, dynamically allocating security fields, handling pre-existing subjects and objects, stacking with the capabilities module, re-implementing the extended system calls, and leveraging the existing Linux functions for checking permissions are the main changes in SELinux. Figure 2 describes SELinux architecture.
2.2.2. Medusa DS9
A user doesn't have all rights as ordinary user in Linux system. But user has all rights as root in Linux system. When someone grants root access by using any daemon, he can do anything he want. Medusa DS9 has been developed for prevent this kind of situations. Medusa DS9 is a project which has been developed to Linux platform. Its approach to security is a Virtual Space model. Virtual Space is a domain which contains subjects and objects of the system separately. Second part of this project is Security Decision Center. The Security Decision Center is responsible for updating the Virtual Space sets, as well as allowing or denying access to objects . Simply Kernel asks the authorization server before execute any operation. Authorization server can permit, forbid or change the operation. Kernel and server talks via a special driver called medusa which is located at dev/medusa.
This is extension for the Linux Kernel to protect guest virtual machines from attacks such as viruses and rootkits. KvmSec consist of multiple modules which are located in host Kernel and Virtual machine Kernel. Main detection module is located in host Kernel. Kernel module manages and shares a communicational channel. There is another module which dynamically receives and analyzes messages and generating responses .
2.2.4. Security Tools for Programmers
Some Kernel Level damages can be done in software development activities. Security tools have been developed for programmers to prevent this kind of damages. Software fault isolation, Code integrity, User level drivers and Memory tagging are some categories of programming security tools. These tools may be used in either compile time or run time.
22.214.171.124. Runtime Tools
BGI is a tool which isolates Kernel modules and support for controlled sharing between Kernel and modules. BGI can prevent a vulnerable module from overwriting kernel memory that it shouldn't have access to, such as double-free bugs and some buffer overflows, but allow access to kernel memory that it should have access to .
SecVisor is a security tool which enforces the code integrity to Linux Kernel. This authenticates all codes before execute in Kernel mode. This effectively prevents code injection attacks .
SUD is another security tool which runs device drivers in user level and prevents vulnerabilities of the driver which may affect to Kernel. SUD turns vulnerabilities of the driver into Denial of service attack that crashes the driver itself .
Raksha is a memory tagging system which can detect misuses of untrusty input by the Kernel .
126.96.36.199. Compile Time Tools
Smatch and Sparce are compile- time tools, which are written in C. These tools are very useful for finding bugs in a program and avoid vulnerabilities of Linux Kernel  .
3. Linux - User Level Security
Linux user level security can be divided into two parts. They are Network security and File System security.
3.1. Network Security
Most of the web servers in the world use Linux as a server operating system. Here I have described some reasons for that.
Stability: - Linux servers can run for years without any failures.
Secure: - Linux has a lot of security features than other server operating systems.
Freedom: - Linux is a free and open source operating system.
Linux has a multi-user and multi-tasking environment.
These are the main network (server) security implementation of Linux.
3.1.1 Vulnerabilities in Linux Networks
Fire wall does some important tasks for an operating system to prevent attacks which are coming through the network. If fire wall is not strong enough, attackers can easily do their jobs. Vulnerabilities in a fire wall can be categorized as follows .
Validation error: - when a program interacts with an environment without ensuring correctness of environment data a validating error can be occurred.
Authorization error: - A fire wall may permit to invoke protected object without sufficient checking on authorization.
Serialization error: - Asynchronous behaviors of different systems which can exploit to cause security violations are called serialization errors.
Domain error: - Errors which cause information leaks are called as domain errors.
Boundary checking error: - when a fire wall is failed to check boundaries and ensure constraints a boundary checking error is occurred.
Denial of service (DOS): - The services will be temporary or permanently unavailable due to causes that are internal, external or both.
E:\Independent Study\Network\dos attack.jpg
Figure 3 - DOS Attack
3.1.1 Encrypted Data communication
Encrypted data communication methods are available in Linux. Linux uses GnuPG to encrypt data before transmit. Scp, ssh, rsync or sftp is used instead of FTP, telnet and rsh in file transferring, because someone can capture the data when telnet, FTP or rsh is being used. IPSec is another network security mechanism used in Linux. It is a protecting way of data grams. It provides connectionless data integrity authentication, data confidentiality, anti-replay protection, data origin authentication, and limited traffic flow confidentiality. IPSec is implemented in network layer and it supports both Ipv4 and Ipv6 .
3.1.2. User accounts with strong security level
Server administrator can create user accounts with strong security level. A lot of commands and methods are available with Linux operating systems. Here I have described some of them.
useradd / usermod :- Create user accounts.
pam_unix module parameter remember can be used to configure the number of previous passwords that cannot be reused.
faillog :- Lock user accounts after failures.
3.1.3. Labeled Network
Labeled networking is a form of network access control based on security labels. Linux supports two types of network labels. They are Secmark Labels (Represents network attributes) and Peer Labels (Represents sender's security attributes). There are also two LSMs (Linux Security Modules) which supports to Labeled Network. They are SELinux (Supports both types of networks) and SMACK (Simplified Mandatory Access Control Kernel) .
3.2. File System Security
There are number of tasks which should be done by the file system of an operating system. Enables directory organization, establish a file naming convention, provide some mechanisms to compress or encrypt and error recovery are some main tasks of a file system in an operating system. There should be a proper security mechanism to protect file system of an operating system from unauthorized users. Authentication, authorization, access control, confidentiality and integrity are some aspects of security of a computer.
3.2.1 Vulnerabilities of Linux file system
When we are considering on the vulnerabilities of Linux file systems TOCTTOU (Time of Check To Time of Use) vulnerabilities are very significant. This type of vulnerabilities is difficult to find and prevent. TOCTTOU vulnerabilities required to a pair of certain system calls along the execution path of an application combined with appropriate environmental conditions. The pair of system calls is operating on one disk object using one same file path name. While a system call is checking a condition, another system call is changing the system environment .
D:\Academics\University Lessons\L3S1\Independent Study\Filesystem\scribe-fixed.jpg
Figure 3 - TOCTTOU Vulnerability Example
Local root exploit is another type of vulnerability in Linux file system. When a person access to the computer he can easily grant the super user permission on the system. Then he can do anything to the file system as he wish. ptrace() is a function which has a long exploit history. This function is used by the debuggers and it allows programs to examine and change state of another program. After granting the super user permissions, the attacker can activate any kind of attacking programs such as Trojan Horses. Root kits are also available for attackers to access to the system .
3.2.1. Linux namespaces
Namespace is a space for unique names. Linux namespaces was introduced in 2000. System calls unshared() and clone() is used control the sharing resources. Namespaces provides good isolation between processes. Currently four namespaces are available in Linux. They are user, trusted, security and system. 'User' namespace has no restrictions. Other namespaces have different kind of restrictions because of security purposes .
3.2.2. Disk encrypting methods
Cryptoloop is the oldest disk encryption method in Linux. It uses loop-back mounting feature in the Linux Kernel. It allows files to be represented and handled as a block device. But Cryptloop has some vulnerabilities and errors. DM-Crypt has been introduced to overcome vulnerabilities and errors of Cryptloop .
Figure - Cryptloop workflow
DM-Crypt is one disk encryption method which operates at block layer. Users can transparently read and write to their encrypted home directories through Linux DM-Crypt disk encryption module . DM-Crypt only supports to the block devices. DM-Crypt uses CryptoAPI. When files are used as containers, they first need to be converted to block-devices using the loop-subsystem .
E:\Independent Study\dm cript.jpg
Figure - DM-Crypt
eCryptfs is another encryption method used in Linux. It is kind of cryptographic file system which operates on existing file systems. This does encrypting and decrypting data transparently from the perspective of the application. eCryptfs provides functionalities same as GnuPG.
3.2.3. Administrators can use security tools for file system.
By placing administrator' files in their own directories, the administrator can use available security tools such as ownership, permissions, attributes, access control lists, and mount options to better protect the files.
3.2.4. Other file system security tools 
LSM (Linux Security Modules):- LSM is to allow decryption of certain files only when a physical device is connected to the machine.
Auditing: - Audit performs only when authentication and authorization mechanisms fall short.
PAM (Pluggable Authentication Modules): - PAM implements authentication related policies.
Security features of Linux based operating systems is the topic of this review paper. That topic has been divided into two main parts. They are Linux Kernel level security and Linux user level security. Vulnerabilities of Linux Kernel, security implementations to avoid vulnerabilities and security tools which have been developed for programmers have been discussed under Linux Kernel security topic. Linux user level security has been divided into two main parts. They are Network security and file system security. Under Linux network security; there is some information about encrypted data communication, security levels of user accounts and labeled networks. Finally Linux file system security has been discussed. Linux namespaces, disk encrypting methods and security tools for protect file system have been discussed under this. Today Linux security features are developed rapidly. That is one reason for Linux has become a very popular operating system in the world.
5. My Contribution
By doing this research I got wide knowledge about Linux security. I have identified that, although Linux is an open source operating system, it has some strong security features. Attacker can easily identify weak points of an open source operating systems. Although there are some weak points in Linux operating systems, a lot of security features have been developed to avoid attacks. If we consider about Windows operating system, there is a lot of viruses which can attack to Windows easily. But Linux is not like that. Linux has a big developing community around the world. So they protect Linux operating systems every time.
I heartily thankful to my supervisor who introduced me to this subject, Mr. Samida Premarathne, whose encouragement, supervision and support from the preliminary to the current level enabled me to develop this research work. Lastly, I would like to put forward my sincere thanks to my mother, father, lecturers, my friends and those who supported me in any respect during the completion of this research work.