1 Flexible Mandatory Access Control (MAC) in Modern Operating Systems Jeffrey H. Jewell CS 591 December 7, 2009 Jeffrey H. Jewell CS 591 December 7, 2009.

Slides:

Advertisements

Similar presentations

1 cs691 chow C. Edward Chow Confidentiality Policy CS691 – Chapter 5 of Matt Bishop.

Advertisements

JENNIS SHRESTHA CSC 345 April 22, Contents Introduction History Flux Advanced Security Kernel Mandatory Access Control Policies MAC Vs DAC Features.

Trusted Ring: A Security Enhancing Software Architecture Michael DiRossi, Inventor The Johns Hopkins University Applied Physics Laboratory.

Access Control Chapter 3 Part 3 Pages 209 to 227.

Lecture 19 Page 1 CS 111 Online Protecting Operating Systems Resources How do we use these various tools to protect actual OS resources? Memory? Files?

Access Control Patterns Fatemeh Imani Mehr Amirkabir university of technology, Department of Computer Engineering & Information Technology.

Attribute-Based Access Control Models and Beyond

Access Control Intro, DAC and MAC System Security.

1 UCR Access Control/Capabilities Some slides/ideas adapted from Ninghui Li.

By: Arpit Pandey SELINUX (SECURITY-ENHANCED LINUX)

Chapter 9 Building a Secure Operating System for Linux.

Security-Enhanced Linux Joseph A LaConte CS 522 December 8, 2004.

Shane Jahnke CS591 December 7,  What is SELinux?  Changing SELinux Policies  What is SLIDE?  Reference Policy  SLIDE  Installation and Configuration.

Lecture 7 Access Control

Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 4 “Overview”.

SELinux. 2SELinux Wikipedia says: Security-Enhanced Linux (SELinux) is an implementation of mandatory access control using Linux Security Modules (LSM)

ADVANCED LINUX SECURITY. Abstract : Using mandatory access control greatly increases the security of an operating system. SELinux, which is an implementation.

Security-Enhanced Linux & Linux Security Module The George Washington University CS297 Programming Language & Security YU-HAO HU.

Principles of Computer Security: CompTIA Security + ® and Beyond, Second Edition © 2010 Baselines Chapter 14.

Usable Mandatory Integrity Protection for Operating Systems Authors: Ninghui Li, Ziqing Mao and Hong Chen “IEEE Symposium on Security and Privacy(SP’07)”

Computer Security & OS Lab. DKU May 26 Younsik Jeong Ph.D. Student.

CS426Fall 2010/Lecture 191 Computer Security CS 426 Lecture 19 Discretionary Access Control.

Shib in the present and the future Ken Klingenstein Director, Internet2 Middleware and Security.

SELinux US/Fedora/13/html/Security-Enhanced_Linux/

1 A pattern language for security models Eduardo B. Fernandez and Rouyi Pan Presented by Liping Cai 03/15/2006.

Access Control Policies Dan Fleck CS 469: Security Engineering These slides are modified with permission from Bill Young (Univ of Texas) 11 Coming up:

Linux kernel security Professor: Mahmood Ranjbar Authors: mohammad Heydari Mahmood ZafarArjmand Zohre Alihoseyni Maryam Sabaghi.

Information Assurance Research Group 1 NSA Security-Enhanced Linux (SELinux) Grant M. Wagner Information Assurance.

FOSS Security through SELinux (Security Enhanced Linux) M.B.G. Suranga De Silva Information Security Specialist TECHCERT c/o Department of Computer Science.

1 Implementation of Security-Enhanced Linux Yue Cui Xiang Sha Li Song CMSC 691X Project 2—Summer 02.

Exploiting Data Parallelism in SELinux Using a Multicore Processor Bodhisatta Barman Roy National University of Singapore, Singapore Arun Kalyanasundaram,

SELinux - What the hell does that mean? disoray thelug : DC214

Interception and Analysis Framework for Win32 Scripts (not for public release) Tim Hollebeek, Ph.D.

Access Control. What is Access Control? The ability to allow only authorized users, programs or processes system or resource access The ability to disallow.

Operated by Los Alamos National Security, LLC for NNSA U N C L A S S I F I E D Slide 1 LANL-stor and the Challenges of Evolutionary Development Managing.

SELinux. The need for secure OS Increasing risk to valuable information Dependence on OS protection mechanisms Inadequacy of mainstream operating systems.

Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,

COEN 350: Network Security Authorization. Fundamental Mechanisms: Access Matrix Subjects Objects (Subjects can be objects, too.) Access Rights Example:

Trusted Operating Systems

The SELinux of First Look. Prologue After many discussions with a lot of Linux users, I’ve come to realize that most of them seem to disable SELinux rather.

Introduction to UNIX CS465. What is UNIX? (1) UNIX is an Operating System (OS). An operating system is a control program that allocates the computer's.

Security-Enhanced Linux Eric Harney CPSC 481. What is SELinux? ● Developed by NSA – Released in 2000 ● Adds additional security capabilities to Linux.

5/7/2007CoreMcClug/SELinux 1 By: Corey McClurg. Outline A History of SELinux What is SELinux and how do I get it? Getting Started Mandatory Access Control.

Lecture 3 Page 1 CS 236 Online Prolog to Lecture 3 CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.

Design and Implementation MAC in Security Operating System CAI Yi, ZHENG Zhi-rong, SHEN Chang-xiang Presented By, Venkateshwarlu Jangili. 1.

LINUX Presented By Parvathy Subramanian. April 23, 2008LINUX, By Parvathy Subramanian2 Agenda ► Introduction ► Standard design for security systems ►

Security-Enhanced Linux Stephanie Stelling Center for Information Security Department of Computer Science University of Tulsa, Tulsa, OK

Access Controls Mandatory Access Control by Sean Dalton December 5 th 2008.

22 feb What is Access Control? Access control is the heart of security Definitions: * The ability to allow only authorized users, programs or.

1 Improving GNU/Linux Security : MAC solution BSU CS Colloquium – Spring 2006 Fabien POULARD, ISEP Student.

MLS/MCS on SE Linux Russell Coker. What is SE Linux? A system for Mandatory Access Control (MAC) based on the Linux Security Modules (LSM) framework Uses.

Linux Kernel Security (SELinux vs AppArmor vs Grsecurity)

Overview of NSA Security Enhanced Linux Russell Coker.

SELinux Overview Dan Walsh SELinux for Dummies Dan Walsh

Security Architecture and Design Chapter 4 Part 4 Pages 377 to 416.

SE Linux Implementation Russell Coker. What is SE Linux? A system for Mandatory Access Control (MAC) based on the Linux Security Modules (LSM) framework.

Access Control Model SAM-5.

Secure Operating System Example: SELinux

SE Linux Implementation

SELinux RHEL5: A benchmark

Unlocking the Power of SELinux by Utilizing the CDS Framework IDE

Building Systems That Flexibly Control Downloaded Executable Content

Attribute-Based Access Control (ABAC)

SELinux (Security Enhanced Linux)

An Overview Rick Anderson Pat Demko

NSA Security-Enhanced Linux (SELinux)

Mandatory Access Control and the Real World

Module 02 Operating Systems

Presentation transcript:

1 Flexible Mandatory Access Control (MAC) in Modern Operating Systems Jeffrey H. Jewell CS 591 December 7, 2009 Jeffrey H. Jewell CS 591 December 7, 2009

2 Introduction Background MAC Architecture Linux implementation Fedora Examples Conclusion Background MAC Architecture Linux implementation Fedora Examples Conclusion

3 OS Controls Discretionary Access Control (DAC) Most commonly used mechanism today Definition - a means of restricting access to objects based on the identity of subjects and/or groups to which they belong. Disadvantages Too much power to users. Good security practice hard to enforce Discretionary Access Control (DAC) Most commonly used mechanism today Definition - a means of restricting access to objects based on the identity of subjects and/or groups to which they belong. Disadvantages Too much power to users. Good security practice hard to enforce

4 Alternative approach - MAC Definition - a type of access control by which the operating system constrains the ability of a subject or initiator to access or generally perform some sort of operation on an object or target.access control operating system Policy controlled by a security administrator MAC issues tightly coupled to the DOD multi-level security (MLS) policy Access decisions in MLS are based on clearances for subjects and classifications for objects. Considers only confidentiality and not integrity. Definition - a type of access control by which the operating system constrains the ability of a subject or initiator to access or generally perform some sort of operation on an object or target.access control operating system Policy controlled by a security administrator MAC issues tightly coupled to the DOD multi-level security (MLS) policy Access decisions in MLS are based on clearances for subjects and classifications for objects. Considers only confidentiality and not integrity.

5 Flask Architecture

6 Security Enhanced Linux Linux OS refactored to incorporate Flask architecture. Selected due to its growing success Open source development environment Better feedback due to more users of Linux. Policy implementation Based on domain-type model. Policy built using Reference Policy language. Platforms Red Hat, Fedora, Ubuntu, Debian (Linux) Solaris, FreeBSD (Unix) Linux OS refactored to incorporate Flask architecture. Selected due to its growing success Open source development environment Better feedback due to more users of Linux. Policy implementation Based on domain-type model. Policy built using Reference Policy language. Platforms Red Hat, Fedora, Ubuntu, Debian (Linux) Solaris, FreeBSD (Unix)

7 Reference Policy AdminAppsKernelRolesServicesSystem Apache.teApache.fcApache.if Makefile => policy.VER Makefile => apache.pp Fedora Production Release Targeted (default) MLS Config files – file contexts Tresys link -

8 FEDORA EXAMPLES

9 Unconfined domain Security context:

10 Confined domains Type distinction between processes and objects

11 Policy Enforcement Temp mod to file context Policy Enforcement Loaded file context

12 Conclusion SELinux Reference Policy allows customizable fine- grained control of all processes and objects in the computer system. Manipulation of policy in Fedora release still cumbersome. Need familiarization with Reference Policy. Limited source code although you can create module executables via the built-in GUI tools. On-line help still immature. SELinux Reference Policy allows customizable fine- grained control of all processes and objects in the computer system. Manipulation of policy in Fedora release still cumbersome. Need familiarization with Reference Policy. Limited source code although you can create module executables via the built-in GUI tools. On-line help still immature.

13 References Red Hat documentation (2009). SELinux Architectural Overview. Retrieved Nov. 5, 2009 from 4-Manual/selinux-guide/selg-chapter-0013.html#SELG-SECT P. Loscocco, Smalley S. Muckelbauer, P, Taylor, R, Turner S., and Farrell, J. The Inevitability of Failure: The Flawed Assumption of Security in Modern Computing Environment. Proceedings of the 21st National Information Systems Security Conference, pages , October st National Information Systems Security Conference P. Loscocco and Smalley S. Integrating Flexible Support for Security Policies into the Linux Operating System. Proceedings of the FREENIX Track: 2001 USENIX Annual Technical Conference (FREENIX '01), June 2001 P. Loscocco and Smalley S. Meeting Critical Security Objectives with Security-Enhanced Linux. Proceedings of the 2001 Ottawa Linux Symposium J. PeBenito, F. Mayer, and K. MacMillan Reference Policy for Security Enhanced Linux Security Enhanced Linux Symposium Red Hat documentation (2009). SELinux Architectural Overview. Retrieved Nov. 5, 2009 from 4-Manual/selinux-guide/selg-chapter-0013.html#SELG-SECT P. Loscocco, Smalley S. Muckelbauer, P, Taylor, R, Turner S., and Farrell, J. The Inevitability of Failure: The Flawed Assumption of Security in Modern Computing Environment. Proceedings of the 21st National Information Systems Security Conference, pages , October st National Information Systems Security Conference P. Loscocco and Smalley S. Integrating Flexible Support for Security Policies into the Linux Operating System. Proceedings of the FREENIX Track: 2001 USENIX Annual Technical Conference (FREENIX '01), June 2001 P. Loscocco and Smalley S. Meeting Critical Security Objectives with Security-Enhanced Linux. Proceedings of the 2001 Ottawa Linux Symposium J. PeBenito, F. Mayer, and K. MacMillan Reference Policy for Security Enhanced Linux Security Enhanced Linux Symposium

14 References (Cont’d) Wikipedia (2009). Manadatory Acce Control Retrieved Nov 10, 2009 from Wikipedia (2009). Manadatory Acce Control Retrieved Nov 10, 2009 from Widipedia (2009). Discretionary Access Control. Retrieved Nov 10, 2009 from Widipedia (2009). Discretionary Access Control. Retrieved Nov 10, 2009 from Tresys Open Source Software (2009). SELinux Reference Policy. Retrieved Nov 10, 2009 from Tresys Open Source Software (2009). (2009). Writing SE Linux policy HOWTO. Retrieved Nov 15, 2009 from Fedora Project (2009). Fedora 11 SELinux user’s guide. Retrieved Nov 15, 2009 from Enhanced_Linux.pdf Wikipedia (2009). Fedora operating system. Retrieved Nov 10, 2009 from Wikipedia (2009). Fedora operating system. Retrieved Nov 10, 2009 from C. Hanson. SELinux and MLS: Putting the pieces together. Proceeding from the 2006 SELinux Symposium. C. Hanson. SELinux and MLS: Putting the pieces together. Wikipedia (2009). Manadatory Acce Control Retrieved Nov 10, 2009 from Wikipedia (2009). Manadatory Acce Control Retrieved Nov 10, 2009 from Widipedia (2009). Discretionary Access Control. Retrieved Nov 10, 2009 from Widipedia (2009). Discretionary Access Control. Retrieved Nov 10, 2009 from Tresys Open Source Software (2009). SELinux Reference Policy. Retrieved Nov 10, 2009 from Tresys Open Source Software (2009). (2009). Writing SE Linux policy HOWTO. Retrieved Nov 15, 2009 from Fedora Project (2009). Fedora 11 SELinux user’s guide. Retrieved Nov 15, 2009 from Enhanced_Linux.pdf Wikipedia (2009). Fedora operating system. Retrieved Nov 10, 2009 from Wikipedia (2009). Fedora operating system. Retrieved Nov 10, 2009 from C. Hanson. SELinux and MLS: Putting the pieces together. Proceeding from the 2006 SELinux Symposium. C. Hanson. SELinux and MLS: Putting the pieces together.