Comparative study of operating system security using SELinux and Systrace

Abstract: This thesis makes a comparative study of the security systemsSystrace (used primarily with OpenBSD) and SELinux (usedexclusively with Linux), trying to answer the question as to whichtype of security is offered by each respective system, and wheneach should be used. The key difference between SELinux andSystrace seems to be their mode of operation, where SELinux,built around the LSM framework in the Linux kernel, works withtype enforcement on files, sockets and other objects, whereasSystrace works on a strict system call basis. The two systems areseen to serve two different purposes which sometimes overlap,but in just as many cases provide solutions for entirely differentquality priorities.