The main objective of the REMUS project consists in developing an Intrusion Prevention System for Linux kernel 2.4 that is able to detect any attempt to hijack the control of privileged processes, for example by means of buffer overflow attacks. REMUS is designed to confine root-privileged and setuid processes by mediating their use of security-relevant system calls. In particular, REMUS provides:
- a secure enhancement of Linux by means of a LKM (Loadable Kernel Module) that uses interposition at the system call interface level to implement the access control functionality;
- the detection of illegal invocation of critical system calls before they complete so to prevent attackers to hijack the control of any privileged process;
- an efficient check of the argument values of the system calls;
- the design and the kernel implementation of a scheme to prevent a subverted privileged application from loading a malicious kernel module. The extended system maintains a digital signature of the executable code of the legal modules which are the only one that can be loaded and executed;
- the integration of the Access Control Database (ACD) with the
Unix standard virtual file system
/procvia the standardsysctlinterface. Administrators see the ACD has a directory, each file contains the set of rules for a given critical system call. Thanks to this interface, the administrators can configure REMUS to allow confined processes to make only certain calls with certain parameters.
