Presentation on theme: "JENNIS SHRESTHA CSC 345 April 22, 2014. Contents Introduction History Flux Advanced Security Kernel Mandatory Access Control Policies MAC Vs DAC Features."— Presentation transcript:
JENNIS SHRESTHA CSC 345 April 22, 2014
Contents Introduction History Flux Advanced Security Kernel Mandatory Access Control Policies MAC Vs DAC Features Distribution Conclusion
Introduction Security-Enhanced Linux(SELinux) is a Linux kernel security module that provides the mechanism for supporting access control security policies including United States Department of Defense style mandatory access controls (MAC). Implements Flux Advanced Security Kernel to bring MAC into use in Linux.
History Original primary Developer – The United States National Security Agency First version released on Dec 22, 2000 Significant Contributors – Network Associates, Red Hat, Secure Computing Corporation, Tresys Technology and Trusted Computer Solutions
Flux Advanced Security Kernel Developed for Mach microkernel by NSA, the University of Utah and Secure Computing Corporation. Operating system security architecture that provides flexible support for security policies. Open Solaris FMAC, TrustedBSD, NSA's SE Linux.
FLASK Mechanism Provides flexibility and co- ordinate subsystems Makes security decisions Evaluates requirements to take decisions Monitors decisions over time
FLASK Mechanism Architecture provides interface for retrieving access, labeling and polyinstantiation. Access Vector Cache module allows object manger to cache access decisions to minimize overhead time. Architecture provides object manager to register changes security policies.
Mandatory Access Control Policies Administrator can control and define users’ access to resources. Users cannot modify or change the permissions and access rights. Can be used to protect network, block ports and sockets.
MAC Vs DAC
In DAC, security policies enforced can be easily overridden Depends on ownership of the object and subject identity. Many hacking issues.
Features Enforces clean separation of policy Independent of specific security label formats and contents Increased efficiency because of caching of access decisions Initialization, inheritance and program execution can be controlled File systems, directories, files, and open file description can be controlled
Distribution Fedora Core 2 Debi an Gentoo SuSe SE-BSD SE-MACH
Conclusion More secure operating system Helps administrator to control over resource access Open source allows system to improve rapidly. Digitized materials are in safe hands.
References Ray Spencer, Stephen Smalley,, Peter Loscocco, Mike Hibler, David Andersen, and, Jay Lepreau. "The Flask Security Architecture: System Support for Diverse Security Policies." N.p., n.d. Web. "Frequently Asked Questions." SELinux Frequently Asked Questions (FAQ). N.p., n.d. Web. 23 Apr "Security Enhanced Linux." Security-Enhanced Linux. N.p., n.d. Web. 23 Apr "NB TE." - SELinux Wiki. N.p., n.d. Web. 23 Apr "16.3. Explanation of MAC." Explanation of MAC. N.p., n.d. Web. 23 Apr "Mandatory Access Control." What Is ? N.p., n.d. Web. 23 Apr "Security-Enhanced Linux." Wikipedia. Wikimedia Foundation, 23 Apr Web. 23 Apr