The Simplified Mandatory Access Control Kernel

Slides:

Advertisements

Similar presentations

Trusted System Elements and Examples CS461/ECE422 Fall 2011.

Advertisements

Information Flow and Covert Channels November, 2006.

Operating System Security

1 cs691 chow C. Edward Chow Confidentiality Policy CS691 – Chapter 5 of Matt Bishop.

JENNIS SHRESTHA CSC 345 April 22, Contents Introduction History Flux Advanced Security Kernel Mandatory Access Control Policies MAC Vs DAC Features.

Chapter 6 Security Kernels.

CMSC 414 Computer (and Network) Security Lecture 13 Jonathan Katz.

Access Control Intro, DAC and MAC System Security.

Chapter 9 Building a Secure Operating System for Linux.

Chapter 10 Firewalls. Introduction seen evolution of information systems now everyone want to be on the Internet and to interconnect networks has persistent.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Chapter 2 Access Control Fundamentals. Chapter Overview Protection Systems Mandatory Protection Systems Reference Monitors Definition of a Secure Operating.

User Domain Policies.

Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition Chapter 2: Operating-System Structures Modified from the text book.

C. Edward Chow Presented by Mousa Alhazzazi C. Edward Chow Presented by Mousa Alhazzazi Design Principles for Secure.

ADVANCED LINUX SECURITY. Abstract : Using mandatory access control greatly increases the security of an operating system. SELinux, which is an implementation.

Android Security Enforcement and Refinement. Android Applications --- Example Example of location-sensitive social networking application for mobile phones.

Security-Enhanced Linux & Linux Security Module The George Washington University CS297 Programming Language & Security YU-HAO HU.

Understanding Android Security Yinshu Wu William Enck, Machigar Ongtang, and PatrickMcDaniel Pennsylvania State University.

Copyright © 2002 ProsoftTraining. All rights reserved. Operating System Security.

Computer Security & OS Lab. DKU May 26 Younsik Jeong Ph.D. Student.

Chapter 17 Networking Dave Bremer Otago Polytechnic, N.Z. ©2008, Prentice Hall Operating Systems: Internals and Design Principles, 6/E William Stallings.

SELinux US/Fedora/13/html/Security-Enhanced_Linux/

© G. Dhillon, IS Department Virginia Commonwealth University Principles of IS Security Formal Models.

3/16/2004Biba Model1 Biba Integrity Model Presented by: Nathan Balon Ishraq Thabet.

1 A pattern language for security models Eduardo B. Fernandez and Rouyi Pan Presented by Liping Cai 03/15/2006.

Access Control Policies Dan Fleck CS 469: Security Engineering These slides are modified with permission from Bill Young (Univ of Texas) 11 Coming up:

CSCE 815 Network Security Lecture 23 Jails and such April 15, 2003.

1 Implementation of Security-Enhanced Linux Yue Cui Xiang Sha Li Song CMSC 691X Project 2—Summer 02.

1 Chapter 20: Firewalls Fourth Edition by William Stallings Lecture slides by Lawrie Brown(modified by Prof. M. Singhal, U of Kentucky)

Session 2 - Security Models and Architecture. 2 Overview Basic concepts The Models –Bell-LaPadula (BLP) –Biba –Clark-Wilson –Chinese Wall Systems Evaluation.

Next-generation databases Active databases: when a particular event occurs and given conditions are satisfied then some actions are executed. An active.

Secure Operating System. Mandatory Protection Systems Problem of discretionary access control: untrusted processes can modify protection states Mandatory.

Manage Directories and Files in Linux. 2 Objectives Understand the Filesystem Hierarchy Standard (FHS) Identify File Types in the Linux System Change.

Master Data Management & Microsoft Master Data Services Presented By: Jeff Prom Data Architect MCTS - Business Intelligence (2008), Admin (2008), Developer.

Information Security in Distributed Systems Distributed Systems1.

SELinux. The need for secure OS Increasing risk to valuable information Dependence on OS protection mechanisms Inadequacy of mainstream operating systems.

Multics CysecLab Graduate School of Information Security KAIST.

Policy, Models, and Trust

Threads, Thread management & Resource Management.

Trusted Operating Systems

Security-Enhanced Linux Eric Harney CPSC 481. What is SELinux? ● Developed by NSA – Released in 2000 ● Adds additional security capabilities to Linux.

Computer Security: Principles and Practice

2.1 Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition System Programs (p73) System programs provide a convenient environment.

Design and Implementation MAC in Security Operating System CAI Yi, ZHENG Zhi-rong, SHEN Chang-xiang Presented By, Venkateshwarlu Jangili. 1.

Silberschatz, Galvin and Gagne ©2011 Operating System Concepts Essentials – 8 th Edition Chapter 2: The Linux System Part 5.

Security-Enhanced Linux Stephanie Stelling Center for Information Security Department of Computer Science University of Tulsa, Tulsa, OK

Cryptography and Network Security

Access Controls Mandatory Access Control by Sean Dalton December 5 th 2008.

PREPARED BY: MS. ANGELA R.ICO & MS. AILEEN E. QUITNO (MSE-COE) COURSE TITLE: OPERATING SYSTEM PROF. GISELA MAY A. ALBANO PREPARED BY: MS. ANGELA R.ICO.

1 Chapter 2: Operating-System Structures Services Interface provided to users & programmers –System calls (programmer access) –User level access to system.

MLS/MCS on SE Linux Russell Coker. What is SE Linux? A system for Mandatory Access Control (MAC) based on the Linux Security Modules (LSM) framework Uses.

Overview of NSA Security Enhanced Linux Russell Coker.

SELinux Overview Dan Walsh SELinux for Dummies Dan Walsh

SE Linux Implementation Russell Coker. What is SE Linux? A system for Mandatory Access Control (MAC) based on the Linux Security Modules (LSM) framework.

Secure Operating System

Port Scanning James Tate II

Access Control Model SAM-5.

Access Control CSE 465 – Information Assurance Fall 2017 Adam Doupé

Secure Operating System Example: SELinux

Netconf 2006 Tokyo Paul Moore

AppArmor LSM Update Introduce self John Johansen.

SE Linux Implementation

Making the LSM available to containers FOSDEM18

IS3440 Linux Security Unit 6 Using Layered Security for Access Control

Chapter 2: System Structures

UNIX System Protection

Operating System Security

Chapter 2: The Linux System Part 5

Chapter 5: Confidentiality Policies

Presentation transcript:

The Simplified Mandatory Access Control Kernel Casey Schaufler January 2008

Casey Schaufler Ported Unix Version 6 to 32bit Started Development of TSOL Architect of Trusted Irix B1, CAPP, LSPP evaluated US NSA’s Trusix Group POSIX P1003.1e/2c TSIG

Today’s Talk Mandatory Access Control (MAC) What MAC is good for How Smack implements MAC What Smack is good for Details of Smack

Mandatory Access Control Concepts Subject is an active entity Object is a passive entity Access is an operation preformed on an object by a subject

Mandatory Access Control Principles User has no say in it Based on system controlled attributes

Mandatory Access Control Jargon MAC Label Bell & LaPadula Multilevel Security CIPSO

Mandatory Access Control

MAC Implementations Bell & LaPadula Sensitivity Type Enforcement Multics, Unix Type Enforcement SELinux Pathname Controls AppArmor, TOMOYO

Uses of MAC Systems Security Checkbox Sharing an expensive machine Disjoint sets of users B&L Catagories Hierarchical use of shared data B&L Levels

Where Did Smack Come From? Traditionally Label relationships hard coded Names map to label values Mythtory:TopSecret,Skeeve,Ahz,Chumly Level=4,Catagories=17,49,113 Users only use names Why use anything but names?

Smack Label Mechanism Labels and label names are the same No implicit relationship between labels List of explicit access relationships Every subject gets a label Every object gets a label Objects get creating Subject’s label

Subjects Access Objects lstat() reads a file object’s attributes kill() writes to a process object send() writes to a process object bind() is uninteresting

System Labels _ floor ^ hat * star Any single special character Objects Only Any single special character ^ * _

User Labels ^ * SEAsia Dap _

Explicit Access Rules Dap SEAsia r Med Pop w SEAsia Dap Pop Med

Access Rule Specification /etc/smack/accesses Subject Object [–rwxa] /smack/load Strict fixed format /sbin/smackload Writes to /smack/load

Bell & LaPadula Levels Secret more sensitive than Unclass TopSecret more sensitive than Secret Secret Unclass rx TopSecret Secret rx TopSecret Unclass rx All relationships must be specified

Bell & LaPadula Categories Categories Skeeve and Ahz Labels: “Skeeve,Ahz” “Skeeve” “Ahz” Skeeve,Ahz Skeeve rx Skeeve,Ahz Ahz rx

Biba Integrity Floor is highest integrity Hat is lowest Integrity

Ring of Vigilance SEAsia Dap r Med SEAsia r Dap Med r SEAsia Dap Med

Messaging Informant Reporter w Reporter Editor w Editor Reporter w

Time of Day At 17:00 WorkerBee Game x At 08:00 WorkerBee Game –

Implementation Label Scheme Access Checks File Systems Networking The LSM Audit

Label Scheme Labels are short text strings Compared for equality Stored in a list secid Optional CIPSO value Never forgotten

Access Checks Rules written to /smack/load Hard Coded Labels Subject and object equal Find the subject/object pair Check the request against the rule

File Systems Use xattrs if supported Hard coded behavior smackfs, pipefs, sockfs, procfs, devpts Superblock values File system root File system default File system floor and hat Not yet implemented

Networking Model Sender writes to receiver Sender is subject, receiver is object Socket, packet not policy components William Janet w Allows a UDP packet Janet William r Does not allow a UDP Packet

Packet Labeling Unlabeled packets get ambient label CIPSO option on every local packet CIPSO value from the label list Set via /smack/cipso CIPSO direct mapping Level 250 Label copied into category bits Same CIPSO as SELinux

The LSM Provides a restrictive interface Evolved in step with SELinux Imperfectly defined Networking Audit USB Module Stacking

Programming interfaces getxattr(), setxattr() SMACK64 /proc/<pid>/attr/current

Socket Interfaces Socket Attributes Packet Attributes fgetxattr(), fsetxattr() SMACK64.IPIN SMACK64.IPOUT Packet Attributes SO_PEERSEC TCP SCM_SECURITY UDP

Administrative Interfaces /smack/load /smack/cipso /smack/doi /smack/direct /smack/nltype

What Have You Learned? Smack is a modern implementation of old school Mandatory Access Control with the mistakes omitted. Smack is designed for simplicity Smack is designed as a kernel mechanism

Special Thank You Paul Moore – Network interfaces Ahmed S. Darwish – Work on smackfs And a host of reviewers, including Stephen Smalley, Seth Arnold, Joshua Brindle, Al Viro, James Morris, Kyle Moffett, Pavel Machek

Contact Information http://schaufler-ca.com casey@schaufler-ca.com rancidfat@yahoo.com