Secure Operating Systems

Slides:

Advertisements

Similar presentations

Operating System Security

Advertisements

JENNIS SHRESTHA CSC 345 April 22, Contents Introduction History Flux Advanced Security Kernel Mandatory Access Control Policies MAC Vs DAC Features.

Chapter 3 Multics. Chapter Overview Multics contribution to technology Multics History Multics System – Fundamentals – Security Fundamentals – Protection.

Chapter 4 Security in Ordinary Operating Systems

Secure Operating Systems Lesson 9: Multics. Where are we?  We now know all the background… so it’s time to figure out why Dr. Ford likes Multics so very.

Chapter 6 Security Kernels.

Secure Operating Systems Lesson 10: SCOMP. Where are we?  Multics is busy being explored, which is kind of cool…  But Multics wasn’t the end of custom.

By: Arpit Pandey SELINUX (SECURITY-ENHANCED LINUX)

Chapter 9 Building a Secure Operating System for Linux.

SELinux (Security Enhanced Linux) By: Corey McClurg.

Security-Enhanced Linux Joseph A LaConte CS 522 December 8, 2004.

Security Improvements in Linux Using Capabilities

Chapter 2 Access Control Fundamentals. Chapter Overview Protection Systems Mandatory Protection Systems Reference Monitors Definition of a Secure Operating.

Lecture 7 Access Control

SELinux. 2SELinux Wikipedia says: Security-Enhanced Linux (SELinux) is an implementation of mandatory access control using Linux Security Modules (LSM)

Linux Security.

ADVANCED LINUX SECURITY. Abstract : Using mandatory access control greatly increases the security of an operating system. SELinux, which is an implementation.

CS-550 (M.Soneru): Protection and Security - 2 [SaS] 1 Protection and Security - 2.

Security-Enhanced Linux & Linux Security Module The George Washington University CS297 Programming Language & Security YU-HAO HU.

Computer Security & OS Lab. DKU May 26 Younsik Jeong Ph.D. Student.

SELinux US/Fedora/13/html/Security-Enhanced_Linux/

Linux kernel security Professor: Mahmood Ranjbar Authors: mohammad Heydari Mahmood ZafarArjmand Zohre Alihoseyni Maryam Sabaghi.

Security Enhanced Linux David Quigley. History SELinux Timeline 1985:LOCK (early Type Enforcement) 1990: DTMach / DTOS 1995: Utah Fluke / Flask 1999:

FOSS Security through SELinux (Security Enhanced Linux) M.B.G. Suranga De Silva Information Security Specialist TECHCERT c/o Department of Computer Science.

1 Implementation of Security-Enhanced Linux Yue Cui Xiang Sha Li Song CMSC 691X Project 2—Summer 02.

Secure Operating Systems Lesson C: Linux Security Features.

Access Control. What is Access Control? The ability to allow only authorized users, programs or processes system or resource access The ability to disallow.

Secure Operating System. Mandatory Protection Systems Problem of discretionary access control: untrusted processes can modify protection states Mandatory.

Chapter 7 Securing Commercial Operating Systems. Chapter Overview Retrofitting Security into a Commercial OS History of Retrofitting Commercial OS's Commercial.

ADV. NETWORK SECURITY CODY WATSON What’s in Your Dongle and Bank Account? Mandatory and Discretionary Protections of External Resources.

Linux Security. Authors:- Advanced Linux Programming by Mark Mitchell, Jeffrey Oldham, and Alex Samuel, of CodeSourcery LLC published by New Riders Publishing.

Linux Kernel Management. Module 9 – Kernel Administration ♦ Overview The innermost layer of Linux operating system is the kernel, which is a thin layer.

UNIX System Protection. Unix History Developed by Dennis Ritchie and Ken Thompson at AT&T Bell Labs Adapted some ideas from the Multics project in 1969.

SELinux. The need for secure OS Increasing risk to valuable information Dependence on OS protection mechanisms Inadequacy of mainstream operating systems.

Multics CysecLab Graduate School of Information Security KAIST.

Mandatory Access Control and SE Linux CS 460 Cyber Security Lab Spring ‘10.

Trusted Operating Systems

Access Control Lesson Introduction ●Understand the importance of access control ●Explore ways in which access control can be implemented ●Understand how.

The SELinux of First Look. Prologue After many discussions with a lot of Linux users, I’ve come to realize that most of them seem to disable SELinux rather.

SCSC 455 Computer Security Chapter 3 User Security.

Understand Audit Policies LESSON Security Fundamentals.

Security-Enhanced Linux Eric Harney CPSC 481. What is SELinux? ● Developed by NSA – Released in 2000 ● Adds additional security capabilities to Linux.

Configuring, Managing and Maintaining Windows Server® 2008 Servers Course 6419A.

5/7/2007CoreMcClug/SELinux 1 By: Corey McClurg. Outline A History of SELinux What is SELinux and how do I get it? Getting Started Mandatory Access Control.

LINUX Presented By Parvathy Subramanian. April 23, 2008LINUX, By Parvathy Subramanian2 Agenda ► Introduction ► Standard design for security systems ►

Security-Enhanced Linux Stephanie Stelling Center for Information Security Department of Computer Science University of Tulsa, Tulsa, OK

Access Controls Mandatory Access Control by Sean Dalton December 5 th 2008.

PREPARED BY: MS. ANGELA R.ICO & MS. AILEEN E. QUITNO (MSE-COE) COURSE TITLE: OPERATING SYSTEM PROF. GISELA MAY A. ALBANO PREPARED BY: MS. ANGELA R.ICO.

1 Chapter 2: Operating-System Structures Services Interface provided to users & programmers –System calls (programmer access) –User level access to system.

MLS/MCS on SE Linux Russell Coker. What is SE Linux? A system for Mandatory Access Control (MAC) based on the Linux Security Modules (LSM) framework Uses.

Overview of NSA Security Enhanced Linux Russell Coker.

SELinux Overview Dan Walsh SELinux for Dummies Dan Walsh

Red Hat Enterprise Linux 5 Security April Red Hat Development Model Collaboration with partners and open source contributors to develop technology.

19 Copyright © 2008, Oracle. All rights reserved. Security.

SELinux Overview DAC vs MAC Discretionary Access Control Mandatory

SE Linux Implementation Russell Coker. What is SE Linux? A system for Mandatory Access Control (MAC) based on the Linux Security Modules (LSM) framework.

Secure Operating System

Introducing, Installing, and Upgrading Windows 7

CS703 - Advanced Operating Systems

Access Control Model SAM-5.

Secure Operating System Example: SELinux

Demystifying SELinux: WTF is it saying?

Computer Data Security & Privacy

SELinux Daniel J Walsh SELinux Lead Engineer.

SE Linux Implementation

SELinux RHEL5: A benchmark

SELinux (Security Enhanced Linux)

An Overview Rick Anderson Pat Demko

UNIX System Protection

Presentation transcript:

Secure Operating Systems Lesson D: SELinux

Where are we? We just studied Linux security features… but it appears we can go one better: SELinux

SELinux: History Developed by the NSA, and open sourced in 2000 Basically, it’s not as exciting as it sounds – leverages LSM to provide for MAC

Linux Security Modules If you were designing changes to support security to the Linux kernel what design paradigm would you pick and why? Pluggable modules – double edged Great for adding flexible security Horrible, as they allow rootkits easy access to the kernel

Components The SELinux Reference Monitor Trusted services for administration General trusted services

The Reference Monitor Doesn’t just apply to users and files – can include sockets etc. Uses LSM hooks to determine authorization Example: file access Kernel decides based on inode (ultimately) Subject, object, operation model (who, where, what, kind of…)

Context/relationship User Role 1 Context A Context B Context C Role 2 Context D Context E

Type Enforcement The combination of TE and MLS is powerful in SELinux… Rule: allow <subject> <object>: <obj class> <ops> Rule: allow user_t bin_t : file {execute getattr}; Means: a process with a domain of user_t can execute and get the attributes of a file with a type of bin_t SELinux is default deny environment TE is VERY powerful… perhaps we should do a class on it?

Labels All of the above relies on labels (like user_t) Can define for files based on location Labels inherited from parents (i.e. file gets label from parent directory) Can create rules that override default labeling using type_transition rules

SELinux – Transition state Can change label at execution time Better that setuid: Transition to a specified label not a whole user (e.g. setuid root) Limits who/what can execute our transition (anyone can call a setuid root program, not true for SELinux) Reminiscent of Multics (hello Hilary) ring bracketing but much finer grained

Administration Yow… as you can imagine, this can be gnarly Can enforce least privilege for services – very handy! Typically, you don’t do this yourself; there’s plenty of books on this topic! What happens to “root” under SELinux?

SELinux Trusted Programs Some applications – like X server – need to be customized to work in SELinux properly. Of course, there’s a bunch of trusted programs too (like passwd or init)

Verification? Complete Mediation? Tamperproof? Verifiable? Yes! Designed to mediate all access according to TE etc. Should mitigate TOCTOU Tamperproof? Modules run in Ring 0 (huh… didn’t we talk about this?) Verifiable? Kind of

Things to Do Take a look at “Securing Android-Powered Mobile Devices Using SELinux” Easy read, lots of good information!

Questions & Comments What do you want to know?