C. Wright, C. Cowan, S. Smalley, J. Morris, G. Kroah-Hartman, "Linux Security Modules: General Security Support for the Linux Kernel", in 11th USENIX Security Symposium, pp. 17-31, 2002.

Abstract. The access control mechanisms of existing mainstream
operating systems are inadequate to provide strong system
security. Enhanced access control mechanisms have
failed to win acceptance into mainstream operating systems
due in part to a lack of consensus within the security
community on the right solution. Since generalpurpose
operating systems must satisfy a wide range of
user requirements, any access control mechanism integrated
into such a system must be capable of supporting
many different access control models. The Linux Security
Modules (LSM) project has developed a lightweight,
general purpose, access control framework for the mainstream
Linux kernel that enables many different access
control models to be implemented as loadable kernel
modules. A number of existing enhanced access control
implementations, including Linux capabilities, Security-
Enhanced Linux (SELinux), and Domain and Type Enforcement
(DTE), have already been adapted to use the
LSM framework. This paper presents the design and
implementation of LSM and discusses the challenges
in providing a truly general solution that minimally impacts
the Linux kernel.

@inproceedings{DBLP:conf/uss/WrightCSMK02,
  author    = {Chris Wright and
               Crispin Cowan and
               Stephen Smalley and
               James Morris and
               Greg Kroah-Hartman},
  title     = {Linux Security Modules: General Security Support for the
               Linux Kernel},
  booktitle = {USENIX Security Symposium},
  year      = {2002},
  pages     = {17-31},
  ee        =
{http://www.usenix.org/publications/library/proceedings/sec02/wright.html},
  crossref  = {DBLP:conf/uss/2002},
  bibsource = {DBLP, http://dblp.uni-trier.de}
}