KernelSecNet

The authorization system of computer is responsible for making decisions on whether operations which have external affect are allowed or not. It is critical part of the security architecture of computer system. Unfortunately, in most contemporary operating systems, common networking operations—like creating new socket, binding to port, accepting connection, etc.Ñare not tied in with authorization system. Therefore, barring few restrictions, these operations are nonprivileged (meaning, any process can perform these and there is no explicit authorization action performed). In addition, the systemlevel protection abstractions are very weak for distributed communications. KernelSecNet is intended to provide similar (and simple) abstractions to networking and distributed computing as traditional operating system based protection provide to singlesystems. These abstractions include user authentication and addressspace separation. KernelSecNet is designed to (1) extend KernelSec1 protections to networking and distributed computing, and also (2) be backported to Unixbased systems to apply the same protections. This project is being implemented as part of the Linux kernel.