Information Technology Reference
In-Depth Information
Thus, the secure hybrid Linux over Fenix OS ensures both the security of all
components of the host and the guest OS and the security of information resources
under control of the secure host Fenix OS, as well as of internetworking of the guest
Linux OS and its applications.
6.3 Compatibility
The Fenix for Linux VM has a high level of compatibility with the original Linux OS.
This is achieved due to the fact that the Fenix for Linux VM does not attempt to
emulate the Linux functionality, but represents a standard Linux 2.4 kernel, slightly
modified to make it possible to run it as an ordinary secure Fenix OS process. These
modifications involve a small number of modules and can be easily replicated in the
later versions of the Linux kernel.
6.4 Power
Linux applications running in the Fenix for Linux VM demonstrate practically the
same power level as they would if run in the original Linux OS. This is achieved
because the responses to the system calls of the Linux kernel are not emulated, and
they are executed in exactly the same way as when operating in the original Linux
OS. The existing small overhead is associated only with the operation of the secure
Fenix OS security mechanisms, but it becomes manifest only when an attempt to
access protected resources is made, and not all the time while the Linux application is
running. At that this overhead is not higher than in the case when this application is
exported to the Fenix environment.
7 The Model of Access Control of the Secure Hybrid Linux over
Fenix System
The access control mechanisms in the hybrid system are described by the following
model:
The secure hybrid system G is the set tuple: G = {S, R, AC, CR, Op, P}, where:
S — the set of the subjects of the secure hybrid system. S= S
F
S
L
, where S
F
is the
set of the subjects of the secure Fenix system, and S
L
- the set of the subjects of the
Linux operating system.
R is the set of the system resources. R = {R
F
, R
L
}, where R
F
are multiple resources
of the secure Fenix system, and R
L
- the multiple resources of the Linux operating
system. R
L
= {Ri
L
, Ro
L
}, where Ri
L
are the nonshared resources with the secure Fenix
OS - multiple resources of the Linux operating system, inaccessible for the subjects
S
F
of the secure Fenix system, while Ro
L
are the shared resources with the secure
Fenix OS - multiple resources of the Linux operating system, accessible for the
subjects S
F
of the secure Fenix system. The secure hybrid Linux over Fenix OS
incorporates a uniform system of access control of the subjects to the resources. And
it does not matter what type the resource is — the access control system interacts with
all types of resources in a uniform manner. Thus, the subjects are also resources S
F
∪
R
F
∈
and S
L
R
L
.
∈
