"SOFFIC should be able to intercept any request for read or execution of a file and, after checking the file integrity, it should be able to permit or deny the requested operation."
To assure the effectiveness of SOFFIC, some self-protection mechanisms must be used on each of its components, and the minimum desired security requirements are defined based on the following statement: "SOFFIC must NOT trust the ROOT account, not all the time". This can be easily justified by the fact that most of the vulnerabilities exploited by malicious agents give them root access privileges or, at least, a half way done to get it. It should be noted that, if the root account was completely secure, the standard security mechanisms from the Linux kernel would be sufficient to assure the integrity of important files and the SOFFIC project would be worthless.
Since SOFFIC is, basically, a patch to the Linux kernel, the majority of its components reside in the kernel and so, it is exposed to the same vulnerabilities that the kernel is. The most noteworthy is the one that allows kernel image/memory modification. Doing this, the malicious agent could compromise the behavior of the whole system, from SOFFIC components to kernel subsystems. Although security is our main concern, performance issues are also taken into account.
Considering each of the points exposed above, SOFFIC should accomplish its goals at the same time that enforces its own security and maintain acceptable performance rates.
