UP | HOME
../../ | Slides

Hardening an OS

1 Overview

  1. Recall that we previously described Proper Configuration ../LinuxSetup/Config
  2. Hardening is a widely used tech word, but not well-defined. Security industry does some "fortification" and pushes it as "hardening".
  3. Fortification is a tech word we use in this course. It is semantically in between Configuration and Hardening. Further details in ./Fortification.
  4. In this course, hardening embraces the content outlined below.

2 Hardening an OS

2.1 Build a Kernel from Source Code

2.2 Source Code Audit

  1. Splint Analyses of sudo
  2. Coverity Analyses of Linux Kernel Bugs
  3. CERT Code Audit Guides
  4. ./SourceCodeAudit

2.3 Recompiling with Thorough Checking

  1. Linux kernel is written in C and (a tiny portion in) Assembly
  2. gcc has many flags that enable all kinds of checking
  3. On Linux, there are compilers other than gcc

3 DAC + MAC

4 Intrusion Detection

5 Security Enhanced Linux (selinux)

6 End


Copyright © 2018 www.wright.edu/~pmateti • 2018-08-29