Information Technology Reference
In-Depth Information
in operation within the system. Thus, this gateway allows the applications to run
within the framework of the Linux VM, to access directories, files and other
information resources located in the total namespace of the secure Fenix OS under
the control of its security features.
3.
Control of internetworking for the Linux OS and its applications.
To ensure the
computer system security it is essential to control not only the access to the local
resources of the system, but also the internetworking. In Fig. 3 the architecture for
a secure network of the hybrid “Linux over Fenix” OS is shown.
Fenix common process
Fenix common process
Fenix applications
Linux network applications
Linux network applications
FTP-client
WEB-
browser
FTP-server
WEB-server
Adapted Linux Kernel
Linux network protocols
stack
Adapted Linux Kernel
Linux network protocols
stack
Fenix network
protocols stack
Linux Virtual Machine
Linux Virtual Machine
Fenix Internal Virtual Network
Fenix Security
Mechanisms
Gateway for real network access
Real
Network
Fig. 3.
The Architecture for a Secure Network of the Hybrid “Linux over Fenix” OS
The internal virtual network represents a hub combining network interfaces of
Linux VMs and the network interface of the secure Fenix OS into a common virtual
network which can be connected to the real external network via a special gateway
performing all the functions of network security. Besides, network security features
can be implemented on each virtual network interface connected to the internal
network. Network security features include filtering the traffic at the level of TCP and
IP; it is also possible to provide encryption and VPN facilities. Undesirable
interactions both in the virtual network and with the external network can be
prohibited. Thus, when Linux OS applications interact with a network, the security
features of the secure Fenix OS will be in full control of all internetworking, both in
the internal virtual network and in the external network.
