JENNIS SHRESTHA CSC 345 April 22, 2014. Contents Introduction History Flux Advanced Security Kernel Mandatory Access Control Policies MAC Vs DAC Features.

Slides:

Advertisements

Similar presentations

Operating System Security

Advertisements

1 cs691 chow C. Edward Chow Confidentiality Policy CS691 – Chapter 5 of Matt Bishop.

Access Control Patterns Fatemeh Imani Mehr Amirkabir university of technology, Department of Computer Engineering & Information Technology.

1 Flexible Mandatory Access Control (MAC) in Modern Operating Systems Jeffrey H. Jewell CS 591 December 7, 2009 Jeffrey H. Jewell CS 591 December 7, 2009.

Chapter 9 Building a Secure Operating System for Linux.

SELinux (Security Enhanced Linux) By: Corey McClurg.

Chapter 2: Operating-System Structures

Security-Enhanced Linux Joseph A LaConte CS 522 December 8, 2004.

Shane Jahnke CS591 December 7,  What is SELinux?  Changing SELinux Policies  What is SLIDE?  Reference Policy  SLIDE  Installation and Configuration.

Xuan Guo Chapter 1 What is UNIX? Graham Glass and King Ables, UNIX for Programmers and Users, Third Edition, Pearson Prentice Hall, 2003 Original Notes.

Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition Chapter 2: Operating-System Structures Modified from the text book.

Condor Overview Bill Hoagland. Condor Workload management system for compute-intensive jobs Harnesses collection of dedicated or non-dedicated hardware.

SELinux. 2SELinux Wikipedia says: Security-Enhanced Linux (SELinux) is an implementation of mandatory access control using Linux Security Modules (LSM)

Linux Security.

ADVANCED LINUX SECURITY. Abstract : Using mandatory access control greatly increases the security of an operating system. SELinux, which is an implementation.

Security-Enhanced Linux & Linux Security Module The George Washington University CS297 Programming Language & Security YU-HAO HU.

Computer Security & OS Lab. DKU May 26 Younsik Jeong Ph.D. Student.

SELinux US/Fedora/13/html/Security-Enhanced_Linux/

Access Control Policies Dan Fleck CS 469: Security Engineering These slides are modified with permission from Bill Young (Univ of Texas) 11 Coming up:

Jan 26, 2004 OS Security CSE 525 Course Presentation Dhanashri Kelkar Department of Computer Science and Engineering OGI School of Science and Engineering.

Security Enhanced Linux David Quigley. History SELinux Timeline 1985:LOCK (early Type Enforcement) 1990: DTMach / DTOS 1995: Utah Fluke / Flask 1999:

Information Assurance Research Group 1 NSA Security-Enhanced Linux (SELinux) Grant M. Wagner Information Assurance.

FOSS Security through SELinux (Security Enhanced Linux) M.B.G. Suranga De Silva Information Security Specialist TECHCERT c/o Department of Computer Science.

1 Implementation of Security-Enhanced Linux Yue Cui Xiang Sha Li Song CMSC 691X Project 2—Summer 02.

Providing Policy Control Over Object Operations in a Mach Based System By Abhilash Chouksey

Exploiting Data Parallelism in SELinux Using a Multicore Processor Bodhisatta Barman Roy National University of Singapore, Singapore Arun Kalyanasundaram,

Chapter 1 What is UNIX? Graham Glass and King Ables,

SELinux - What the hell does that mean? disoray thelug : DC214

Access Control. What is Access Control? The ability to allow only authorized users, programs or processes system or resource access The ability to disallow.

Chapter 7 Securing Commercial Operating Systems. Chapter Overview Retrofitting Security into a Commercial OS History of Retrofitting Commercial OS's Commercial.

ADV. NETWORK SECURITY CODY WATSON What’s in Your Dongle and Bank Account? Mandatory and Discretionary Protections of External Resources.

Copyright © cs-tutorial.com. Overview Introduction Architecture Implementation Evaluation.

Scott Ferguson Section 1

Operating System Organization Chapter 3 Michelle Grieco.

SELinux. The need for secure OS Increasing risk to valuable information Dependence on OS protection mechanisms Inadequacy of mainstream operating systems.

A. Frank - P. Weisberg Operating Systems Structure of Operating Systems.

Agenda OS design and implementation Simple structure

1.1 Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition Lecture 2: OS Structures (Chapter 2.7)

Trusted Operating Systems

The SELinux of First Look. Prologue After many discussions with a lot of Linux users, I’ve come to realize that most of them seem to disable SELinux rather.

Security-Enhanced Linux Eric Harney CPSC 481. What is SELinux? ● Developed by NSA – Released in 2000 ● Adds additional security capabilities to Linux.

Configuring, Managing and Maintaining Windows Server® 2008 Servers Course 6419A.

5/7/2007CoreMcClug/SELinux 1 By: Corey McClurg. Outline A History of SELinux What is SELinux and how do I get it? Getting Started Mandatory Access Control.

2.1 Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition System Programs (p73) System programs provide a convenient environment.

Lecture 3 Page 1 CS 236 Online Prolog to Lecture 3 CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.

Design and Implementation MAC in Security Operating System CAI Yi, ZHENG Zhi-rong, SHEN Chang-xiang Presented By, Venkateshwarlu Jangili. 1.

CEG 2400 FALL 2012 Linux/UNIX Network Operating Systems.

LINUX Presented By Parvathy Subramanian. April 23, 2008LINUX, By Parvathy Subramanian2 Agenda ► Introduction ► Standard design for security systems ►

Security-Enhanced Linux Stephanie Stelling Center for Information Security Department of Computer Science University of Tulsa, Tulsa, OK

Access Controls Mandatory Access Control by Sean Dalton December 5 th 2008.

1.1 Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition Lecture 1: Introduction & OS Structures (Part One, Chapters 1&2)

1 Chapter 2: Operating-System Structures Services Interface provided to users & programmers –System calls (programmer access) –User level access to system.

MLS/MCS on SE Linux Russell Coker. What is SE Linux? A system for Mandatory Access Control (MAC) based on the Linux Security Modules (LSM) framework Uses.

Linux Kernel Security (SELinux vs AppArmor vs Grsecurity)

SELinux Overview Dan Walsh SELinux for Dummies Dan Walsh

Red Hat Enterprise Linux 5 Security April Red Hat Development Model Collaboration with partners and open source contributors to develop technology.

SE Linux Implementation Russell Coker. What is SE Linux? A system for Mandatory Access Control (MAC) based on the Linux Security Modules (LSM) framework.

Operating System Structures

Secure Operating System Example: SELinux

SELinux RHEL5: A benchmark

Chapter 2: Operating-System Structures

Chapter 2: System Structures

THE ORANGE BOOK Ravi Sandhu

SELinux (Security Enhanced Linux)

An Overview Rick Anderson Pat Demko

Outline Chapter 2 (cont) OS Design OS structure

System calls….. C-program->POSIX call

NSA Security-Enhanced Linux (SELinux)

Mandatory Access Control and the Real World

Presentation transcript:

JENNIS SHRESTHA CSC 345 April 22, 2014

Contents Introduction History Flux Advanced Security Kernel Mandatory Access Control Policies MAC Vs DAC Features Distribution Conclusion

Introduction Security-Enhanced Linux(SELinux) is a Linux kernel security module that provides the mechanism for supporting access control security policies including United States Department of Defense style mandatory access controls (MAC). Implements Flux Advanced Security Kernel to bring MAC into use in Linux.

History Original primary Developer – The United States National Security Agency First version released on Dec 22, 2000 Significant Contributors – Network Associates, Red Hat, Secure Computing Corporation, Tresys Technology and Trusted Computer Solutions

Flux Advanced Security Kernel Developed for Mach microkernel by NSA, the University of Utah and Secure Computing Corporation. Operating system security architecture that provides flexible support for security policies. Open Solaris FMAC, TrustedBSD, NSA's SE Linux.

FLASK Mechanism Provides flexibility and co- ordinate subsystems Makes security decisions Evaluates requirements to take decisions Monitors decisions over time

FLASK Mechanism Architecture provides interface for retrieving access, labeling and polyinstantiation. Access Vector Cache module allows object manger to cache access decisions to minimize overhead time. Architecture provides object manager to register changes security policies.

Mandatory Access Control Policies Administrator can control and define users’ access to resources. Users cannot modify or change the permissions and access rights. Can be used to protect network, block ports and sockets.

MAC Mehanism

MAC Vs DAC

In DAC, security policies enforced can be easily overridden Depends on ownership of the object and subject identity. Many hacking issues.

Features Enforces clean separation of policy Independent of specific security label formats and contents Increased efficiency because of caching of access decisions Initialization, inheritance and program execution can be controlled File systems, directories, files, and open file description can be controlled

Distribution Fedora Core 2 Debi an Gentoo SuSe SE-BSD SE-MACH

Conclusion More secure operating system Helps administrator to control over resource access Open source allows system to improve rapidly. Digitized materials are in safe hands.

References Ray Spencer, Stephen Smalley,, Peter Loscocco, Mike Hibler, David Andersen, and, Jay Lepreau. "The Flask Security Architecture: System Support for Diverse Security Policies." N.p., n.d. Web. "Frequently Asked Questions." SELinux Frequently Asked Questions (FAQ). N.p., n.d. Web. 23 Apr "Security Enhanced Linux." Security-Enhanced Linux. N.p., n.d. Web. 23 Apr "NB TE." - SELinux Wiki. N.p., n.d. Web. 23 Apr "16.3. Explanation of MAC." Explanation of MAC. N.p., n.d. Web. 23 Apr "Mandatory Access Control." What Is ? N.p., n.d. Web. 23 Apr "Security-Enhanced Linux." Wikipedia. Wikimedia Foundation, 23 Apr Web. 23 Apr