Smack (Linux Security Module)
Smack
Smack-tux.svg
Original author(s) Casey Schaufler
Initial release April 17, 2008 (2008-April-17)
Operating system Linux
Type Computer security, Linux Security Modules (LSM)
License GPL2
Website schaufler-ca.com

Smack (full name: Simplified Mandatory Access Control Kernel) is a Linux kernel security module that protects data and process interaction from malicious manipulation using a set of custom mandatory access control (MAC) rules, with simplicity as its main design goal.[1] It has been officially merged since the Linux 2.6.25 release,[2] it was the main access control mechanism for the MeeGo mobile Operating System.[3][4] It is also used to sandbox HTML5 web applications in the Tizen architecture,[5] in the commercial Wind River Linux solutions for embedded device development,[6][7] in Philips Digital TV products.,[8] and in Intel's Ostro OS for IoT devices.[9]

Since 2016, Smack is required in all Automotive Grade Linux (AGL) implementations where it provides in association with other Linux facilities the base for the AGL security framework. [10][11]

Design

Smack consists of three components:

  • A kernel module that is implemented as a Linux Security Module. It works best with file systems that support extended attributes.
  • A startup script that ensures that device files have the correct Smack attributes and loads the Smack configuration.
  • A set of patches to the GNU Core Utilities package to make it aware of Smack extended file attributes. A set of similar patches to Busybox were also created. SMACK does not require user-space support.[12]

Criticism

Smack has been criticized for being written as a new LSM module instead of an SELinux security policy which can provide equivalent functionality. Such SELinux policies have been proposed, but none had been demonstrated. Smack's author replied that it would not be practical due to SELinux's complicated configuration syntax and the philosophical difference between Smack and SELinux designs.[13]

References

  1. ^ "Official SMACK documentation from the Linux source tree". Archived from the original on 2012-09-13.
  2. ^ Jonathan Corbet. "More stuff for 2.6.25". Archived from the original on 2012-09-12.
  3. ^ Jake Edge. "The MeeGo Security Framework". Archived from the original on 2012-09-12.
  4. ^ The Linux Foundation. "MeeGo Security Architecture". Archived from the original on 2012-09-12.
  5. ^ Onur Aciicmez, Andrew Blaich. "Understanding the Access Control Model for Tizen Application Sandboxing". Archived from the original (PDF) on 2012-09-12.
  6. ^ Wind River. "Wind River Linux 4 Product Note". Archived from the original (PDF) on 2012-09-22.
  7. ^ Wind River. "Wind River Linux 3 Product Note". Archived from the original (PDF) on 2012-09-22.
  8. ^ Embedded Alley Solutions, Inc. "SMACK for Digital TV". Archived from the original (PDF) on 2012-09-22.
  9. ^ Intel Open Source Technology Center. "Ostro(TM) OS Architecture Overview". Archived from the original on 2016-10-30.
  10. ^ Automotive Grade Linux. "AGL Security Framework". Archived from the original on 2017-05-03.
  11. ^ Dominig ar Foll. "AGL as a generic secured industrial embedded Linux". Archived from the original on 2017-05-03.
  12. ^ "Smack Userspace Tools README". Archived from the original on 2012-09-13.
  13. ^ Casey Schaufler. "Re: PATCH: Smack: Simplified Mandatory Access Control Kernel". Archived from the original on 2012-09-12.

Further reading


  This article uses material from the Wikipedia page available here. It is released under the Creative Commons Attribution-Share-Alike License 3.0.

Smack_(Linux_security_module)
 



 

Connect with defaultLogic
What We've Done
Led Digital Marketing Efforts of Top 500 e-Retailers.
Worked with Top Brands at Leading Agencies.
Successfully Managed Over $50 million in Digital Ad Spend.
Developed Strategies and Processes that Enabled Brands to Grow During an Economic Downturn.
Taught Advanced Internet Marketing Strategies at the graduate level.


Manage research, learning and skills at defaultlogic.com. Create an account using LinkedIn to manage and organize your omni-channel knowledge. defaultlogic.com is like a shopping cart for information -- helping you to save, discuss and share.


  Contact Us