Information Technology Reference
In-Depth Information
his disposal a personal copy of the Linux environment, fully isolated from the others.
To access the information resources of the secure Fenix OS the driver of the file
system of the modified Linux kernel is used, it redirects the calls for the resources of
the Fenix secure OS, remaining under control of the Fenix security features.
Linux over Fenix
Linux Processes
Midnight
commander
(file manager)
Bash - commands
processor
Apache WEB-
server
Lynx WEB-browser
Adapted Linux Kernel
Linux Virtual Machine for Fenix Environment
Memory control
Exceptions Control
Gateway for Fenix
Resources Access
Gateway for Linux
Resources Access
Gateway for Fenix Internal
Virtual Network
Fig. 1.
The Structure of the ”Linux over Fenix” Hybrid System
This solution makes it possible to expand the multitude of applications to be run
under the Fenix with a vast multitude of applications for the popular Linux OS. This
is how the problem of creating a secure system compatible with commonly used
applications finds its solution, because all security functions are implemented with the
Fenix, while all the Linux functionalities are open for application processes. The
Linux OS functioning under continuous control of the Fenix security features, having
no access to the hardware, and the security of the Fenix OS does not sustain any
damage because the code of the Fenix security features was never changed.
6.1 “Fenix for Linux” Virtual Machine
Linux OS, functioning in the Fenix environment, is an ordinary Fenix OS process,
which includes the “Fenix for Linux” VM, a modified Linux kernel and the Linux
user processes (see Fig. 2). The Fenix VM for Linux includes:
1.
A memory control module which makes it possible to map the required physical
page to the required virtual address.
2.
An exception and interrupt control module which can handle processor exceptions
and interrupts in the user mode of the Linux VM.
At every particular moment of time in the virtual address space of the VM there are
pages of the Linux OS kernel and the pages of the current Linux user process. For
each Linux OS process a list of pages in use is kept, which is modified as the memory
is allocated/freed. As soon as the time slice allocated for the current Linux process
expires, the Linux kernel removes the pages belonging to the process being phased
