Presentation is loading. Please wait.

Presentation is loading. Please wait.

SELinux. 2SELinux Wikipedia says: Security-Enhanced Linux (SELinux) is an implementation of mandatory access control using Linux Security Modules (LSM)

Published byRosalyn Carpenter Modified over 8 years ago

Similar presentations

Presentation on theme: "SELinux. 2SELinux Wikipedia says: Security-Enhanced Linux (SELinux) is an implementation of mandatory access control using Linux Security Modules (LSM)"— Presentation transcript:

1 SELinux

2 2SELinux Wikipedia says: Security-Enhanced Linux (SELinux) is an implementation of mandatory access control using Linux Security Modules (LSM) in the Linux kernel, based on the principle of least privilege. It is not a Linux distribution, but rather a set of modifications that can be applied to Unix-like operating systems, such as Linux and BSD.

3 3SELinux What is SELinux? A kernel level MAC (Mandatory Access Control) implementation for Linux A kernel level MAC (Mandatory Access Control) implementation for Linux Originally commissioned and built by/for the NSA Originally commissioned and built by/for the NSA A head-ache for the uninitiated A head-ache for the uninitiated Very effective if done right Very effective if done right Not the usual case BTW Not the usual case BTW One of three well known MAC implementations One of three well known MAC implementations Trusted Solaris Trusted Solaris Mainframe “Top Secret” and RACF. Mainframe “Top Secret” and RACF. Top Secret is a product of Computer Associates Top Secret is a product of Computer Associates RACF – Resource Access Control Facility RACF – Resource Access Control Facility RACF is the access control system used by IBM on its mainframe line of computers RACF is the access control system used by IBM on its mainframe line of computers

4 4SELinux Access Control Philosophies MAC: Mandatory Access Control MAC: Mandatory Access Control Cannot be worked around Cannot be worked around I own it, not you. I own it, not you. Ex: Directory “Secret” is owned by “Agent”. “Agent” does not have authority to grant access to others. Only the “Owner” does. Ex: Directory “Secret” is owned by “Agent”. “Agent” does not have authority to grant access to others. Only the “Owner” does. DAC: Discretionary Access Control DAC: Discretionary Access Control It’s yours, do what you will. It’s yours, do what you will. Same example: “Agent” can grant access to whomever she cares. Same example: “Agent” can grant access to whomever she cares. RBAC: Role Based Access Control RBAC: Role Based Access Control Depending on what your role is, maybe. Depending on what your role is, maybe. If “Agent” has the correct Role, she can, otherwise she can’t. If “Agent” has the correct Role, she can, otherwise she can’t.

5 5SELinux SELinux past tense. Auditing and reporting support very limited and poorly integrated in SELinux. Auditing and reporting support very limited and poorly integrated in SELinux. One big ugly policy. One big ugly policy. No decent interface for managing policies. No decent interface for managing policies. SLIDE (new tool) SLIDE (new tool) Building policies was a flat file hack style. Building policies was a flat file hack style. Fresh files got no label. You had to comb the system to find and label them manually. Fresh files got no label. You had to comb the system to find and label them manually. Poor scalability with SMP. Poor scalability with SMP.

6 6SELinux Recent improvements. FC4 policy now has over 120 confined domains, updates in Hardened Gentoo, and support being mainstreamed into Debian. FC4 policy now has over 120 confined domains, updates in Hardened Gentoo, and support being mainstreamed into Debian. Multi­Level Security support enhanced and mainstreamed. Multi­Level Security support enhanced and mainstreamed. Audit system enhanced and increasingly integrated. Audit system enhanced and increasingly integrated. RHEL5 entered into evaluation against CAPP (Controlled Access Protection Profile), LSPP (Labeled Security Protection Profile), and RBAC (Role Based Access Control) with SELinux coverage. RHEL5 entered into evaluation against CAPP (Controlled Access Protection Profile), LSPP (Labeled Security Protection Profile), and RBAC (Role Based Access Control) with SELinux coverage. Loadable policy modules, build and package policy modules separately. Loadable policy modules, build and package policy modules separately. Policy management API (libsemanage) Policy management API (libsemanage) Improved support for policy development: Polgen, SEEdit, SLIDE, CDS Framework. Improved support for policy development: Polgen, SEEdit, SLIDE, CDS Framework. Atomic labeling of new files. Atomic labeling of new files. File security labels visible for all filesystems exactly as seen by SELinux. File security labels visible for all filesystems exactly as seen by SELinux. Major improvements in SMP scalability. Major improvements in SMP scalability. Significant reduction in kernel memory use by policy. Significant reduction in kernel memory use by policy.

7 Who Cares?

8 8SELinux National Security Administration Researchers in the Information Assurance Research Group of the National Security Agency (NSA) worked with Secure Computing Corporation (SCC) to develop a strong, flexible mandatory access control architecture based on Type Enforcement, a mechanism first developed for the LOCK system. The NSA and SCC developed two Mach-based prototypes of the architecture: DTMach and DTOS. The NSA and SCC then worked with the University of Utah's Flux research group to transfer the architecture to the Fluke research operating system. During this transfer, the architecture was enhanced to provide better support for dynamic security policies. This enhanced architecture was named Flask. The NSA has now integrated the Flask architecture into the Linux operating system to transfer the technology to a larger developer and user community. - NSA Website

9 9SELinux What’s the point? Primarily for Government Primarily for Government Systems containing certain classifications of data are required to run under a MAC solution. Systems containing certain classifications of data are required to run under a MAC solution. Required for/on many government contracts Required for/on many government contracts Helps with audits Helps with audits Though not necessary, a MAC solution can make many of today’s corporate audits MUCH easier. Though not necessary, a MAC solution can make many of today’s corporate audits MUCH easier.

10 10SELinux Terminology: Subject: A domain or process. Subject: A domain or process. Object: A resource (file, directory, socket, etc.). Object: A resource (file, directory, socket, etc.). Types: A security attribute for files and other objects. Types: A security attribute for files and other objects. Roles: A way to define what “types” a user can use. Roles: A way to define what “types” a user can use. Identities: Like a username, but specific to SELinux. Identities: Like a username, but specific to SELinux. Contexts: Using a type, role and identity is a “Context.” Contexts: Using a type, role and identity is a “Context.”

11 11SELinux How does this apply to “you”? Let’s define “you” first: Let’s define “you” first: Hobbiest/Enthusiest Hobbiest/Enthusiest Students, Average Gamer, etc. Students, Average Gamer, etc. Corporate systems guy Corporate systems guy SysAdmin, Architect, etc. SysAdmin, Architect, etc. Cracker/Malicious Type Cracker/Malicious Type

12 12SELinux Hobbiest/Enthusiest How it applies How it applies Well, it pretty well doesn’t. Well, it pretty well doesn’t. At this point, the only folks directly impacted by SELinux are those who manage the boxes, audit the boxes, or try to hack the boxes that are running it. At this point, the only folks directly impacted by SELinux are those who manage the boxes, audit the boxes, or try to hack the boxes that are running it. Indirectly: you can sleep better Indirectly: you can sleep better

13 13SELinux Corporate Systems Guy A *REALLY* big pain. A *REALLY* big pain. That whole “minimum privileges” thing can suck when you get into the details. That whole “minimum privileges” thing can suck when you get into the details. A *REALLY* big help. A *REALLY* big help. Compliance sucks. Being able to produce the type of reporting available with SELinux is great. Compliance sucks. Being able to produce the type of reporting available with SELinux is great. For systems running multiple clients or other entity types, think of it as a chroot jail that you can wrap around most anything. For systems running multiple clients or other entity types, think of it as a chroot jail that you can wrap around most anything. An opportunity for training dollars -- “Hey boss, this stuff is a real trick!” An opportunity for training dollars -- “Hey boss, this stuff is a real trick!”

14 14SELinux Cracker/Malicious Type Today, extremely annoying. Today, extremely annoying. A new (well, kind of anyway) puzzle to tinker with. A new (well, kind of anyway) puzzle to tinker with. Not really a big deal unless they’re working against government systems. Very few corporate shops are running it today. Not really a big deal unless they’re working against government systems. Very few corporate shops are running it today. Still just another control model, just like DAC (Discretionary Access Control) or RBAC. Granted, a lot tighter than DAC, and has many similarities to RBAC. Still just another control model, just like DAC (Discretionary Access Control) or RBAC. Granted, a lot tighter than DAC, and has many similarities to RBAC.

15 15SELinux Reference material: The NSA Site: The NSA Site: http://www.nsa.gov/selinux/ The Wikipedia reference: The Wikipedia reference: http://en.wikipedia.org/wiki/SELinux Heh, a “symposium”: Heh, a “symposium”: http://selinux-symposium.org/

Download ppt "SELinux. 2SELinux Wikipedia says: Security-Enhanced Linux (SELinux) is an implementation of mandatory access control using Linux Security Modules (LSM)"

Similar presentations

Towards Remote Policy Enforcement for Runtime Protection of Mobile Code Using Trusted Computing Xinwen Zhang Francesco Parisi-Presicce Ravi Sandhu www.list.gmu.edu.

Towards Remote Policy Enforcement for Runtime Protection of Mobile Code Using Trusted Computing Xinwen Zhang Francesco Parisi-Presicce Ravi Sandhu
Operating System Security

Operating System Security
1 cs691 chow C. Edward Chow Confidentiality Policy CS691 – Chapter 5 of Matt Bishop.

1 cs691 chow C. Edward Chow Confidentiality Policy CS691 – Chapter 5 of Matt Bishop.
JENNIS SHRESTHA CSC 345 April 22, 2014. Contents Introduction History Flux Advanced Security Kernel Mandatory Access Control Policies MAC Vs DAC Features.

JENNIS SHRESTHA CSC 345 April 22, Contents Introduction History Flux Advanced Security Kernel Mandatory Access Control Policies MAC Vs DAC Features.
Access Control Chapter 3 Part 3 Pages 209 to 227.

Access Control Chapter 3 Part 3 Pages 209 to 227.
Chapter 6 Security Kernels.

Chapter 6 Security Kernels.
Access Control Methodologies

Access Control Methodologies
Title of Selected Paper: Design and Implementation of Secure Embedded Systems Based on Trustzone Authors: Yan-ling Xu, Wei Pan, Xin-guo Zhang Presented.

Title of Selected Paper: Design and Implementation of Secure Embedded Systems Based on Trustzone Authors: Yan-ling Xu, Wei Pan, Xin-guo Zhang Presented.
Access Control Patterns Fatemeh Imani Mehr Amirkabir university of technology, Department of Computer Engineering & Information Technology.

Access Control Patterns Fatemeh Imani Mehr Amirkabir university of technology, Department of Computer Engineering & Information Technology.
Access Control Intro, DAC and MAC System Security.

Access Control Intro, DAC and MAC System Security.
1 Flexible Mandatory Access Control (MAC) in Modern Operating Systems Jeffrey H. Jewell CS 591 December 7, 2009 Jeffrey H. Jewell CS 591 December 7, 2009.

1 Flexible Mandatory Access Control (MAC) in Modern Operating Systems Jeffrey H. Jewell CS 591 December 7, 2009 Jeffrey H. Jewell CS 591 December 7, 2009.
Chapter 9 Building a Secure Operating System for Linux.

Chapter 9 Building a Secure Operating System for Linux.
SELinux (Security Enhanced Linux) By: Corey McClurg.

SELinux (Security Enhanced Linux) By: Corey McClurg.
Security-Enhanced Linux Joseph A LaConte CS 522 December 8, 2004.

Security-Enhanced Linux Joseph A LaConte CS 522 December 8, 2004.
Introduction to the new mainframe: Large-Scale Commercial Computing © Copyright IBM Corp., 2006. All rights reserved. Chapter 4: Integrity and security.

Introduction to the new mainframe: Large-Scale Commercial Computing © Copyright IBM Corp., All rights reserved. Chapter 4: Integrity and security.
Shane Jahnke CS591 December 7, 2009.  What is SELinux?  Changing SELinux Policies  What is SLIDE?  Reference Policy  SLIDE  Installation and Configuration.

Shane Jahnke CS591 December 7,  What is SELinux?  Changing SELinux Policies  What is SLIDE?  Reference Policy  SLIDE  Installation and Configuration.
Multilevel Security CySecLab Graduate School of Information Security.

Multilevel Security CySecLab Graduate School of Information Security.
Lecture 7 Access Control

Lecture 7 Access Control
Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 4 “Overview”.

Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 4 “Overview”.
Linux Security.

Linux Security.

Similar presentations

Ads by Google