Computing Security has turned into
one of the most controversial issues these days, when every single
piece of information becomes digital and hence, turns to be more
vulnerable. The need for effective security mechanisms has encouraged
Computing & Engineering Society to seek for solutions. Within
this scope, this document introduces a project for the development
of an Operating System, whose security mechanisms are enhanced,
both in protection facilities and in the way they are developed.
Security
enhancements include the implementation of Multi-level Security
as a Mandatory Access Control (MAC) in order to protect the system
against confidentiality attacks, and the use of Access Control
Lists (ACLs) to extend traditional Unix Discretionary Access Control
(DAC) mechanisms.
This project's
first aim is not to build an entire operating system from the
scratch, but to enhance an existing Unix OS, such as Linux, modifying
the kernel without altering the remaining system. Doing so, we
hope to keep the system original features, counting, at the same
time, with a very complete prototype where new security aspects
may be tested. Once this phase is finished, the project will follow
its general goal of building a full-fledged commercial product.
The R+D
Group on Software Engineering (GIDIS) has an excellent background
in building high secure systems. During 2002 the group developed
Lisex, a MLS prototype based on Linux.