Presentation is loading. Please wait.

Presentation is loading. Please wait.

The Simplified Mandatory Access Control Kernel Casey Schaufler January 2008.

Similar presentations

Presentation on theme: "The Simplified Mandatory Access Control Kernel Casey Schaufler January 2008."— Presentation transcript:

1 The Simplified Mandatory Access Control Kernel Casey Schaufler January 2008

2 Casey Schaufler Ported Unix Version 6 to 32bit Started Development of TSOL Architect of Trusted Irix –B1, CAPP, LSPP evaluated US NSA’s Trusix Group POSIX P1003.1e/2c TSIG

3 Today’s Talk Mandatory Access Control (MAC) What MAC is good for How Smack implements MAC What Smack is good for Details of Smack

4 Mandatory Access Control Concepts –Subject is an active entity –Object is a passive entity –Access is an operation preformed on an object by a subject

5 Mandatory Access Control Principles –User has no say in it –Based on system controlled attributes

6 Mandatory Access Control Jargon –MAC –Label –Bell & LaPadula –Multilevel Security –CIPSO

7 Mandatory Access Control

8 MAC Implementations Bell & LaPadula Sensitivity –Multics, Unix Type Enforcement –SELinux Pathname Controls –AppArmor, TOMOYO

9 Uses of MAC Systems Security Checkbox Sharing an expensive machine Disjoint sets of users –B&L Catagories Hierarchical use of shared data –B&L Levels

10 Where Did Smack Come From? Traditionally –Label relationships hard coded –Names map to label values Mythtory:TopSecret,Skeeve,Ahz,Chumly Level=4,Catagories=17,49,113 –Users only use names Why use anything but names?

11 Smack Label Mechanism Labels and label names are the same No implicit relationship between labels List of explicit access relationships Every subject gets a label Every object gets a label Objects get creating Subject’s label

12 Subjects Access Objects lstat() reads a file object’s attributes kill() writes to a process object send() writes to a process object bind() is uninteresting

13 System Labels _ floor ^ hat * star –Objects Only Any single special character _ * ^

14 User Labels _ * ^ DapSEAsia

15 Explicit Access Rules Dap SEAsia r Med Pop w Dap Med SEAsia Pop

16 Access Rule Specification /etc/smack/accesses –Subject Object [ –rwxa ] /smack/load –Strict fixed format /sbin/smackload –Writes to /smack/load

17 Bell & LaPadula Levels Secret more sensitive than Unclass TopSecret more sensitive than Secret Secret Unclass rx TopSecret Secret rx TopSecret Unclass rx All relationships must be specified

18 Bell & LaPadula Categories Categories Skeeve and Ahz Labels: –“Skeeve,Ahz” –“Skeeve” –“Ahz” Skeeve,Ahz Skeeve rx Skeeve,Ahz Ahz rx

19 Biba Integrity Floor is highest integrity Hat is lowest Integrity

20 Ring of Vigilance SEAsia Dap r Med SEAsia r Dap Med r Dap Med SEAsia

21 Messaging Informant Reporter w Reporter Editor w Editor Reporter w

22 Time of Day At 17:00 –WorkerBee Game x At 08:00 –WorkerBee Game –

23 Implementation Label Scheme Access Checks File Systems Networking The LSM Audit

24 Label Scheme Labels are short text strings Compared for equality Stored in a list –secid –Optional CIPSO value –Never forgotten

25 Access Checks Rules written to /smack/load Hard Coded Labels Subject and object equal Find the subject/object pair Check the request against the rule

26 File Systems Use xattrs if supported Hard coded behavior –smackfs, pipefs, sockfs, procfs, devpts Superblock values –File system root –File system default –File system floor and hat Not yet implemented

27 Networking Model Sender writes to receiver –Sender is subject, receiver is object Socket, packet not policy components William Janet w –Allows a UDP packet Janet William r –Does not allow a UDP Packet

28 Packet Labeling Unlabeled packets get ambient label CIPSO option on every local packet CIPSO value from the label list –Set via /smack/cipso CIPSO direct mapping –Level 250 –Label copied into category bits Same CIPSO as SELinux

29 The LSM Provides a restrictive interface Evolved in step with SELinux Imperfectly defined –Networking –Audit –USB Module Stacking

30 Programming interfaces getxattr(), setxattr() –SMACK64 /proc/ /attr/current

31 Socket Interfaces Socket Attributes –fgetxattr(), fsetxattr() –SMACK64.IPIN –SMACK64.IPOUT Packet Attributes –SO_PEERSEC TCP –SCM_SECURITY UDP

32 Administrative Interfaces /smack/load /smack/cipso /smack/doi /smack/direct /smack/nltype

33 What Have You Learned? Smack is a modern implementation of old school Mandatory Access Control with the mistakes omitted. Smack is designed for simplicity Smack is designed as a kernel mechanism

34 Special Thank You Paul Moore – Network interfaces Ahmed S. Darwish – Work on smackfs And a host of reviewers, including –Stephen Smalley, Seth Arnold, –Joshua Brindle, Al Viro, –James Morris, Kyle Moffett, –Pavel Machek

35 Contact Information

Download ppt "The Simplified Mandatory Access Control Kernel Casey Schaufler January 2008."

Similar presentations

Ads by Google