Enhancing the LSM Framework to Build Audit Support Mechanisms
通过扩展LSM框架构建审计支持机制

LSM (Linux Security Module) is a security-model-support framework which is now an important part of the Linux kernel. It supports security mechanisms by providing hooks mechanism. Audit is an essential part of secure operating system. Mainly focusing on access control, LSM is lack of ability to support audit. It is significant to extend the LSM framework to support audit mechanism which can provide an interface to audit system or intrusion detection system. This paper presents a method to enhance the LSM framework to support audit functions. It discusses how to add audit hooks into the LSM framework and how to insert hook functions into Linux kernel functions. In this way, an audit system is implemented as a main part of the SECIMOS secure operating system. Also, its performance is test- ed and analyzed.