Presentation is loading. Please wait.

Presentation is loading. Please wait.

The Simplified Mandatory Access Control Kernel

Similar presentations

Presentation on theme: "The Simplified Mandatory Access Control Kernel"— Presentation transcript:

1 The Simplified Mandatory Access Control Kernel
Casey Schaufler January 2008

2 Casey Schaufler Ported Unix Version 6 to 32bit
Started Development of TSOL Architect of Trusted Irix B1, CAPP, LSPP evaluated US NSA’s Trusix Group POSIX P1003.1e/2c TSIG

3 Today’s Talk Mandatory Access Control (MAC) What MAC is good for
How Smack implements MAC What Smack is good for Details of Smack

4 Mandatory Access Control
Concepts Subject is an active entity Object is a passive entity Access is an operation preformed on an object by a subject

5 Mandatory Access Control
Principles User has no say in it Based on system controlled attributes

6 Mandatory Access Control
Jargon MAC Label Bell & LaPadula Multilevel Security CIPSO

7 Mandatory Access Control

8 MAC Implementations Bell & LaPadula Sensitivity Type Enforcement
Multics, Unix Type Enforcement SELinux Pathname Controls AppArmor, TOMOYO

9 Uses of MAC Systems Security Checkbox Sharing an expensive machine
Disjoint sets of users B&L Catagories Hierarchical use of shared data B&L Levels

10 Where Did Smack Come From?
Traditionally Label relationships hard coded Names map to label values Mythtory:TopSecret,Skeeve,Ahz,Chumly Level=4,Catagories=17,49,113 Users only use names Why use anything but names?

11 Smack Label Mechanism Labels and label names are the same
No implicit relationship between labels List of explicit access relationships Every subject gets a label Every object gets a label Objects get creating Subject’s label

12 Subjects Access Objects
lstat() reads a file object’s attributes kill() writes to a process object send() writes to a process object bind() is uninteresting

13 System Labels _ floor ^ hat * star Any single special character
Objects Only Any single special character ^ * _

14 User Labels ^ * SEAsia Dap _

15 Explicit Access Rules Dap SEAsia r Med Pop w SEAsia Dap Pop Med

16 Access Rule Specification
/etc/smack/accesses Subject Object [–rwxa] /smack/load Strict fixed format /sbin/smackload Writes to /smack/load

17 Bell & LaPadula Levels Secret more sensitive than Unclass
TopSecret more sensitive than Secret Secret Unclass rx TopSecret Secret rx TopSecret Unclass rx All relationships must be specified

18 Bell & LaPadula Categories
Categories Skeeve and Ahz Labels: “Skeeve,Ahz” “Skeeve” “Ahz” Skeeve,Ahz Skeeve rx Skeeve,Ahz Ahz rx

19 Biba Integrity Floor is highest integrity Hat is lowest Integrity

20 Ring of Vigilance SEAsia Dap r Med SEAsia r Dap Med r SEAsia Dap Med

21 Messaging Informant Reporter w Reporter Editor w Editor Reporter w

22 Time of Day At 17:00 WorkerBee Game x At 08:00 WorkerBee Game –

23 Implementation Label Scheme Access Checks File Systems Networking
The LSM Audit

24 Label Scheme Labels are short text strings Compared for equality
Stored in a list secid Optional CIPSO value Never forgotten

25 Access Checks Rules written to /smack/load Hard Coded Labels
Subject and object equal Find the subject/object pair Check the request against the rule

26 File Systems Use xattrs if supported Hard coded behavior
smackfs, pipefs, sockfs, procfs, devpts Superblock values File system root File system default File system floor and hat Not yet implemented

27 Networking Model Sender writes to receiver
Sender is subject, receiver is object Socket, packet not policy components William Janet w Allows a UDP packet Janet William r Does not allow a UDP Packet

28 Packet Labeling Unlabeled packets get ambient label
CIPSO option on every local packet CIPSO value from the label list Set via /smack/cipso CIPSO direct mapping Level 250 Label copied into category bits Same CIPSO as SELinux

29 The LSM Provides a restrictive interface Evolved in step with SELinux
Imperfectly defined Networking Audit USB Module Stacking

30 Programming interfaces
getxattr(), setxattr() SMACK64 /proc/<pid>/attr/current

31 Socket Interfaces Socket Attributes Packet Attributes
fgetxattr(), fsetxattr() SMACK64.IPIN SMACK64.IPOUT Packet Attributes SO_PEERSEC TCP SCM_SECURITY UDP

32 Administrative Interfaces
/smack/load /smack/cipso /smack/doi /smack/direct /smack/nltype

33 What Have You Learned? Smack is a modern implementation of old school Mandatory Access Control with the mistakes omitted. Smack is designed for simplicity Smack is designed as a kernel mechanism

34 Special Thank You Paul Moore – Network interfaces
Ahmed S. Darwish – Work on smackfs And a host of reviewers, including Stephen Smalley, Seth Arnold, Joshua Brindle, Al Viro, James Morris, Kyle Moffett, Pavel Machek

35 Contact Information

Download ppt "The Simplified Mandatory Access Control Kernel"

Similar presentations

Ads by Google