Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security-Enhanced Linux Stephanie Stelling Center for Information Security Department of Computer Science University of Tulsa, Tulsa, OK 74104.

Published byShawn Holt Modified over 8 years ago

Similar presentations

Presentation on theme: "Security-Enhanced Linux Stephanie Stelling Center for Information Security Department of Computer Science University of Tulsa, Tulsa, OK 74104."— Presentation transcript:

1 Security-Enhanced Linux Stephanie Stelling Center for Information Security Department of Computer Science University of Tulsa, Tulsa, OK 74104

2 Overview History Goals Mandatory Access Controls/Flask Other Features/Default Policy Settings Future of SELinux

3 About SELinux Not an actual distribution of Linux A set of Linux Security Modules (LSM) that are integrated into the Linux kernel Streamlines software responsible for security policy enforcement Supports DoD’s Orange Book requirements for evaluation classes needing a Trusted Computer Base (B3, A1)

4 History Originally developed by the NSA’s National Information Assurance Research Laboratory in conjunction with Secure Computing Corporation (SCC) Released to the Open Source community in December 2000 (http://www.selinuxproject.org/)http://www.selinuxproject.org/ Integrated into version 2.6 of the Linux kernel in 2003

5 Goals Enforce the separation of information based on confidentiality and integrity requirements to provide system security Confine damage caused by malicious or flawed applications

6 SELinux Basics Mandatory Access Controls (MAC) allow administrators to define how applications and users can access different resources (files, devices, networks, IPC) User can be differentiated from the applications they run Ex. - A user’s shell may be able to do anything within his home directory, but a mail client run by that user may be prevented from accessing certain resources within the home directory

7 SELinux Basics Type Enforcement All files, processes, network resources, etc. are given a “type” Ex – files in a home directory could be given type user_home_t. The MAC will treat all files with this type the same way based on the security policies. Running applications are also given types and are associated with a domain Ex – Firefox – firefox_t Controls what types can access what resource labels Types for new objects (files) are based on the domain of the creating process and the process’ label Sample policy: allow firefox_t user_home_t : file (read write); This allows the user’s firefox browser to read and write files to the user’s home directory.

8 Mandatory Access Controls The OS controls the ability of a subject (user, program, etc.) to perform operations on objects (files, directories, ports, memory segments, etc.) Need for: Systems can be easily compromised by exploitable bugs in programs Discretionary Access Control systems don’t take buggy software into consideration

9 Mandatory Access Controls

10 Flask: Flux Advanced Security Kernel Based on MAC architecture Defines what objects should be available and not how they should be implemented Supports “user friendly” security policies (easy to understand syntax) Separates policy from enforcement Contains a Security Server and Object Managers

11

12 Other Features Policy controls Clean separation of policy from enforcement Well-defined policy interfaces Support for applications querying the policy and enforcing access control (for example, crond running jobs in the correct context) Independent of specific policies and policy languages Support for policy changes Very flexible policy

13 Other Features Independent of specific security label formats and contents Individual labels and controls for kernel objects and services Caching of access decisions for efficiency Separate measures for protecting system integrity (domain-type) and data confidentiality (multilevel security) Controls over process initialization and inheritance and program execution Controls over file systems, directories, files, and open file descriptors Controls over sockets, messages, and network interfaces

14 Default Security Policy 1.Control raw access to data Defines types for kernel memory devices, disk devices, etc. Define separate domains for processes that require access to above types 2.Protect the integrity of the kernel Define types for boot files, module object files, module utilities, and module configuration files Defines separate domains for applications requiring write access to the files

15 Default Security Policy 3.Protect integrity of system software, system configuration info, and system logs Only administrators can modify system software Defines separate types for system configuration files and system logs 4.Confine potential damage from the exploitation of a privileged process Privileged system processes are placed in a separate domain Each domain is limited to only the privileges it requires

16 Default Security Policy 5.Protect privileged processes from executing malicious code An executable type is defined for each program. Transitions can only be made to the privileged domain by privileged executable typed programs. 6.Prevent the administrator role and domain from being entered without proper authentication Administrator role and domain can only be entered via the login program newrole program added to permit administrator remote login

17 Default Security Policy 7.Prevent regular user processes from interfering with system or administrator processes Only certain processes and administrators can access procfs entries for other domains Files created in shared directories (/tmp) are separately typed based on domain 8.Protect users and admins from the exploitation of browser flaws The browser is placed in a separate domain with limited permissions Users can allow the browser read or write access to local files

18 Is SELinux Enabled? Command sestatus Enforcing = System is protected by SELinux Permissive = SELinux is enabled but not currently protecting the system Disabled = SELinux is completely disabled

19 Implementations SELinux is currently integrated into the following: Linux kernel 2.6 series Solaris Darwin kernel

20 Future of SELinux NSA has not made any major updates since Sept. 2008. Control of the project has passed to the SELinux Project group. Goals: Integrate SELinux awareness into other userspace object managers Modify other applications to better leverage SELinux Enhance policy tools and infrastructure Enhance the SELinux reference policy Enhance device labeling Enhance revocation support Develop flexible trusted path mechanism Improve network scalability and performance Improve baseline performance Develop framework and controls for driver-specific operations Develop support for polyinstantiated ports

21 Similar Systems/Approaches AppArmor (created by Novell Inc.) Virtualization as a means of isolating processes

22 Sources “Discretionary Access Control vs. Mandatory Access Control”. http://www.cs.purdue.edu/homes/ninghui/courses/426_ Fall07/handouts/426_Fall07_lect12.pdf http://www.cs.purdue.edu/homes/ninghui/courses/426_ Fall07/handouts/426_Fall07_lect12.pdf “Fig.2 Discretionary and mandatory access controls diagrams”. http://www.flickr.com/photos/redhatmagazine/4819290 76/. http://www.flickr.com/photos/redhatmagazine/4819290 76/ “Security-Enhanced Linux”. http://www.nsa.gov/research/selinux/index.shtml. http://www.nsa.gov/research/selinux/index.shtml “SELinux Project Wiki”. http://selinuxproject.org.http://selinuxproject.org

23 Questions?

Download ppt "Security-Enhanced Linux Stephanie Stelling Center for Information Security Department of Computer Science University of Tulsa, Tulsa, OK 74104."

Similar presentations

Operating-System Structures

Operating-System Structures
Operating System Security

Operating System Security
1 cs691 chow C. Edward Chow Confidentiality Policy CS691 – Chapter 5 of Matt Bishop.

1 cs691 chow C. Edward Chow Confidentiality Policy CS691 – Chapter 5 of Matt Bishop.
JENNIS SHRESTHA CSC 345 April 22, 2014. Contents Introduction History Flux Advanced Security Kernel Mandatory Access Control Policies MAC Vs DAC Features.

JENNIS SHRESTHA CSC 345 April 22, Contents Introduction History Flux Advanced Security Kernel Mandatory Access Control Policies MAC Vs DAC Features.
Chapter 6 Security Kernels.

Chapter 6 Security Kernels.
By: Arpit Pandey SELINUX (SECURITY-ENHANCED LINUX)

By: Arpit Pandey SELINUX (SECURITY-ENHANCED LINUX)
1 Flexible Mandatory Access Control (MAC) in Modern Operating Systems Jeffrey H. Jewell CS 591 December 7, 2009 Jeffrey H. Jewell CS 591 December 7, 2009.

1 Flexible Mandatory Access Control (MAC) in Modern Operating Systems Jeffrey H. Jewell CS 591 December 7, 2009 Jeffrey H. Jewell CS 591 December 7, 2009.
Chapter 9 Building a Secure Operating System for Linux.

Chapter 9 Building a Secure Operating System for Linux.
SELinux (Security Enhanced Linux) By: Corey McClurg.

SELinux (Security Enhanced Linux) By: Corey McClurg.
Security-Enhanced Linux Joseph A LaConte CS 522 December 8, 2004.

Security-Enhanced Linux Joseph A LaConte CS 522 December 8, 2004.
Lesson 4: Configuring File and Share Access

Lesson 4: Configuring File and Share Access
Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition Chapter 2: Operating-System Structures Modified from the text book.

Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition Chapter 2: Operating-System Structures Modified from the text book.
SELinux. 2SELinux Wikipedia says: Security-Enhanced Linux (SELinux) is an implementation of mandatory access control using Linux Security Modules (LSM)

SELinux. 2SELinux Wikipedia says: Security-Enhanced Linux (SELinux) is an implementation of mandatory access control using Linux Security Modules (LSM)
Linux Security.

Linux Security.
ADVANCED LINUX SECURITY. Abstract : Using mandatory access control greatly increases the security of an operating system. SELinux, which is an implementation.

ADVANCED LINUX SECURITY. Abstract : Using mandatory access control greatly increases the security of an operating system. SELinux, which is an implementation.
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 7 Configuring File Services in Windows Server 2008.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 7 Configuring File Services in Windows Server 2008.
What is Unix Prepared by Dr. Bahjat Qazzaz. What is Unix UNIX is a computer operating system. An operating system is the program that – controls all the.

What is Unix Prepared by Dr. Bahjat Qazzaz. What is Unix UNIX is a computer operating system. An operating system is the program that – controls all the.
Security-Enhanced Linux & Linux Security Module The George Washington University CS297 Programming Language & Security YU-HAO HU.

Security-Enhanced Linux & Linux Security Module The George Washington University CS297 Programming Language & Security YU-HAO HU.
Computer Security & OS Lab. DKU May 26 Younsik Jeong Ph.D. Student.

Computer Security & OS Lab. DKU May 26 Younsik Jeong Ph.D. Student.
Secure Operating Systems

Secure Operating Systems

Similar presentations

Ads by Google