Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security-Enhanced Linux & Linux Security Module The George Washington University CS297 Programming Language & Security YU-HAO HU.

Published byRosalind Osborne Modified over 8 years ago

Similar presentations

Presentation on theme: "Security-Enhanced Linux & Linux Security Module The George Washington University CS297 Programming Language & Security YU-HAO HU."— Presentation transcript:

1 Security-Enhanced Linux & Linux Security Module The George Washington University CS297 Programming Language & Security YU-HAO HU

2 Introduction: Why SELinux ? Discretionary Access Control (DAC) has not enough choices for controlling object. Mandatory Access Control (MAC) allows you to define permissions for how all processes (called subjects) interact with other parts of the system such as files, devices, sockets, ports, and other processes (called objects in SELinux).

3 Linux Security Module: Overview SELinux motivated the creation of LSM. Separate kernel from security features in order to minimize the impact to kernel. LSM doesn’t provide any security rather it add security fields to kernel and provide interface to manage these fields for maintaining security attributes..

4 Linux Security Module: Hooks Hooks are a set of functions to control operations on kernel objects and security fields in kernel data structures. Management Hooks: used to manage security fields. Ex. file_alloc_security Control Hooks: used to perform access controls Ex. selinux_inode_permission

5 LSM Hook Architecture

6 SELinux Overview Implement Flask architecture. SELinux is implemented in the Linux kernel using the LSM (Linux Security Modules) framework. To support fine-grained access control, SELinux implements two technologies: Type Enforcement (TE) and Role-based Access Control (RBAC).

7 Flask Architecture: WHO is doing WHAT

8 Type Enforcement & Domain Transition Domain Domain defines what process can do. Type A type is assigned to an object and determines who gets to access that object. Domain Transition when a process invoke another process Type Enforcement when a object is accessed

9 Role-Based Access Control Associate the role with domains that a user role can access. If a role is not authorized to enter a domain, then it will be denied.

10 References Linux Security Module Framework. 2002 Ottawa Linux Symposium, Ottawa, Canada, June 2002. Linux Security Module Framework. Linux Security Modules: General Security Support for the Linux Kernel. 11th USENIX Security Symposium, San Francisco, CA, August 2002. Linux Security Modules: General Security Support for the Linux Kernel. Red Hat SELinux Guide Configuring the SELinux Policy Stephen Smalley (NAI Labs) Configuring the SELinux Policy Implementing SELinux as a Linux Security Module Stephen Smalley, Chris Vance, and Wayne Salamon (NAI Labs) Implementing SELinux as a Linux Security Module Getting Started with SE Linux HOWTO: the new SE Linux Faye Coker Writing SE Linux Policy HOWTO Faye Coker

Download ppt "Security-Enhanced Linux & Linux Security Module The George Washington University CS297 Programming Language & Security YU-HAO HU."

Similar presentations

OM-AM and RBAC Ravi Sandhu * www.list.gmu.edu Laboratory for Information Security Technology (LIST) George Mason University.

OM-AM and RBAC Ravi Sandhu * Laboratory for Information Security Technology (LIST) George Mason University.
Operating System Security

Operating System Security
JENNIS SHRESTHA CSC 345 April 22, 2014. Contents Introduction History Flux Advanced Security Kernel Mandatory Access Control Policies MAC Vs DAC Features.

JENNIS SHRESTHA CSC 345 April 22, Contents Introduction History Flux Advanced Security Kernel Mandatory Access Control Policies MAC Vs DAC Features.
Access Control Chapter 3 Part 3 Pages 209 to 227.

Access Control Chapter 3 Part 3 Pages 209 to 227.
Access Control Patterns Fatemeh Imani Mehr Amirkabir university of technology, Department of Computer Engineering & Information Technology.

Access Control Patterns Fatemeh Imani Mehr Amirkabir university of technology, Department of Computer Engineering & Information Technology.
Attribute-Based Access Control Models and Beyond

Attribute-Based Access Control Models and Beyond
By: Arpit Pandey SELINUX (SECURITY-ENHANCED LINUX)

By: Arpit Pandey SELINUX (SECURITY-ENHANCED LINUX)
Security at the VMM Layer Theodore Winograd OWASP June 14, 2007.

Security at the VMM Layer Theodore Winograd OWASP June 14, 2007.
1 Flexible Mandatory Access Control (MAC) in Modern Operating Systems Jeffrey H. Jewell CS 591 December 7, 2009 Jeffrey H. Jewell CS 591 December 7, 2009.

1 Flexible Mandatory Access Control (MAC) in Modern Operating Systems Jeffrey H. Jewell CS 591 December 7, 2009 Jeffrey H. Jewell CS 591 December 7, 2009.
Chapter 9 Building a Secure Operating System for Linux.

Chapter 9 Building a Secure Operating System for Linux.
Security-Enhanced Linux Joseph A LaConte CS 522 December 8, 2004.

Security-Enhanced Linux Joseph A LaConte CS 522 December 8, 2004.
Shane Jahnke CS591 December 7, 2009.  What is SELinux?  Changing SELinux Policies  What is SLIDE?  Reference Policy  SLIDE  Installation and Configuration.

Shane Jahnke CS591 December 7,  What is SELinux?  Changing SELinux Policies  What is SLIDE?  Reference Policy  SLIDE  Installation and Configuration.
SELinux. 2SELinux Wikipedia says: Security-Enhanced Linux (SELinux) is an implementation of mandatory access control using Linux Security Modules (LSM)

SELinux. 2SELinux Wikipedia says: Security-Enhanced Linux (SELinux) is an implementation of mandatory access control using Linux Security Modules (LSM)
Linux Security.

Linux Security.
ADVANCED LINUX SECURITY. Abstract : Using mandatory access control greatly increases the security of an operating system. SELinux, which is an implementation.

ADVANCED LINUX SECURITY. Abstract : Using mandatory access control greatly increases the security of an operating system. SELinux, which is an implementation.
Implementing SELinux as a Linux Security Module By Stephen Smalley Chris Vance & Wayne Salamon Presentation by: KASHIF HASAN

Implementing SELinux as a Linux Security Module By Stephen Smalley Chris Vance & Wayne Salamon Presentation by: KASHIF HASAN
Secure Operating Systems

Secure Operating Systems
SELinux US/Fedora/13/html/Security-Enhanced_Linux/

SELinux US/Fedora/13/html/Security-Enhanced_Linux/
Linux kernel security Professor: Mahmood Ranjbar Authors: mohammad Heydari Mahmood ZafarArjmand Zohre Alihoseyni Maryam Sabaghi.

Linux kernel security Professor: Mahmood Ranjbar Authors: mohammad Heydari Mahmood ZafarArjmand Zohre Alihoseyni Maryam Sabaghi.
Security Enhanced Linux David Quigley. History SELinux Timeline 1985:LOCK (early Type Enforcement) 1990: DTMach / DTOS 1995: Utah Fluke / Flask 1999:

Security Enhanced Linux David Quigley. History SELinux Timeline 1985:LOCK (early Type Enforcement) 1990: DTMach / DTOS 1995: Utah Fluke / Flask 1999:

Similar presentations

Ads by Google