Application security is at the core of current computing usage. This paper describes a Linux-based software product that may help organizations confine applications without consuming excessive support resources. It is for people with responsibilities in information technology (IT) security in a Unix environment.
At 28 pages, the paper is long enough to adequately cover the material. As is expected from a respected ACM publication, the paper is clearly written. Because the study methods are fully described and the software products involved are freely available, the study could readily be reproduced.
The paper describes the background, method, and results of a usability study that compared functionality-based application confinement-Linux security module (FBAC-LSM), a free, open-source software product written by the authors, with alternative methods (SELinux and AppArmor) that are available with various Unix distributions. Users were given detailed instructions on the security objectives to be achieved, as well as the opportunity to use one of the three products to achieve the required objectives. Unsurprisingly, the users achieved much better outcomes, and gave better subjective assessments, using FBAC-LSM.
In summary, this paper is recommended reading for information security professionals in private or public organizations where Linux is the platform of choice.