Performance Analysis of Linux Security Modules - Greg, Mike and Adam
This project performed a comprehensive literature review and an extensive evaluation
and comparison of three Linux Security Modules: LIDS, SELinux and SU. The
contribution of this project is to produce a comprehensive resource for comparisons
between these three security modules.
The motivation, as stated in the presentation, is that there does not exist an adequate
comparison or performance evaluation of each of the three security modules.
Additionally, it is claimed that often times security administrators do not make well-
thought choices in a security module for their servers because no resource exists that
gives a good comprehensive comparison among the different security modules.
I found this presentation interesting, well-presented and educational. All security
modules were covered in a way that someone who does not know much can understand
it. However, enough detail was provided so that others with experience and previous
knowledge wouldn't have been bored. Each security module was described and
evaluated in detail.
The three security modules were evaluated in four basic categories: administration,
performance, security features and attack mitigation. The administration comparison
(including installation and configuration) was much needed and something that I think
gets neglected too often in open-source tools. The performance evaluation was well-
structured and done in such a way that makes the results credible. Lastly, the attack
mitigation experiment was an interesting and creative way to compare the different
Overall, I think this project was well-done and worthwhile. The evaluation/comparison
was done in a methodical way. The final project has turned out to be significant
improvement over the proposal you presented in the class.
With a few enhancements, I think your work has a chance of getting published.
Score: 24 out of 25, this includes 2 bonus points for significant improvement beyond
the initial proposal.