Download presentation
Presentation is loading. Please wait.
1
10/2/2016 Secure Virtualization Using SELinux Daniel J Walsh dwalsh@redhat.com
2
Red Hat Summit 2009 | Daniel J Walsh 2 Virtualization Dream SAN KVM Individual Servers/Desktops Consolidated Servers/Desktops Consolidated Storage Individual Storage
3
Red Hat Summit 2009 | Daniel J Walsh 3 Host Kernel User Space Web App host Kernel User Space DNS Server Before Virtualization
4
Red Hat Summit 2009 | Daniel J Walsh 4 After Virtualization Host Hardware memory/storage, etc. Host Kernel Guest Kernel User Space Web App Guest Kernel User Space DNS Server
5
Red Hat Summit 2009 | Daniel J Walsh 5 What could go wrong??? What could go wrong? What could possibly go wrong?
6
Red Hat Summit 2009 | Daniel J Walsh 6 Hypervisor vulnerabilities ● Not theoretical ● Evolving field ● Potentially huge payoffs ● Xen already compromised...
7
Red Hat Summit 2009 | Daniel J Walsh 7 XEN Vulnerability http://www.hacker-soft.net/Soft/Soft_13289.htm The Challenges posed by SELinux are taken into consideration.
8
Red Hat Summit 2009 | Daniel J Walsh 8 Host Hardware memory/storage, etc. Host Kernel Guest Kernel User Space Web App Guest Kernel User Space DNS Server Local Exploits
9
Red Hat Summit 2009 | Daniel J Walsh 9 Host Hardware memory/storage, etc. Host Kernel Guest Kernel User Space Web App Guest Kernel User Space DNS Server Guest Kernel User Space DNS Server Guest Kernel User Space DNS Server Who is the weakest link?
10
Red Hat Summit 2009 | Daniel J Walsh 10 Host Hardware memory/storage, etc. Host Kernel Guest Kernel User Space We b App Guest Kernel User Space DN S Ser ver Host Hardware memory/storage, etc. Host Kernel Guest Kernel User Space We b App Guest Kernel User Space DN S Ser ver Host Hardware memory/storage, etc. Host Kernel Guest Kernel User Space We b App Guest Kernel User Space DN S Ser ver
11
Red Hat Summit 2009 | Daniel J Walsh 11 Hansel and Gretl?
12
Red Hat Summit 2009 | Daniel J Walsh 12 Host Hardware memory/storage, etc. Host Kernel Guest Kernel User Space We b App Guest Kernel User Space DN S Ser ver Host Hardware memory/storage, etc. Host Kernel Guest Kernel User Space We b App Guest Kernel User Space DN S Ser ver Host Hardware memory/storage, etc. Host Kernel Guest Kernel User Space We b App Guest Kernel User Space DN S Ser ver
13
Red Hat Summit 2009 | Daniel J Walsh 13 Host Hardware memory/storage, etc. Host Kernel Guest Kernel User Space We b App Guest Kernel User Space DN S Ser ver Host Hardware memory/storage, etc. Host Kernel Guest Kernel User Space We b App Guest Kernel User Space DN S Ser ver Host Hardware memory/storage, etc. Host Kernel Guest Kernel User Space We b App Guest Kernel User Space DN S Ser ver Coke Secret Formula
14
Red Hat Summit 2009 | Daniel J Walsh 14 Enter SELinux.. SELinux is all about labeling ● Processes get labels ● Virtual machines are processes!!! ● Files/Devices Get Labels ● Virtual images are stored on files/devices!!!! ● Rules govern how Process Labels Interact with Process/File Labels. ● Kernel Enforces these Rules.
15
Red Hat Summit 2009 | Daniel J Walsh 15 Svirt in a Nutshell Isolate guests using Mandatory Access Control security policy Contain Hypervisor Breaches
16
Red Hat Summit 2009 | Daniel J Walsh 16 Libvirt – Dynamic Labeling ● Generates a Random unused MCS label. ● MCS – Multiple Category Security ● Labels the image file/device - svirt_image_t:MCS1 ● Launches the image - svirt_t:MCS1 ● Labels R/O Content – virt_content_t:s0 ● Labels Shared R/W Content – svirt_t:s0 ● Labels image on completion - virt_image_t:s0
17
Red Hat Summit 2009 | Daniel J Walsh 17 Host Hardware memory/storage, etc. Host Kernel Guest Kernel User Space Web App Guest Kernel User Space DNS Server svirt_t:MCS1 svirt_t:MCS2 SELinux svirt_image_t:MCS1svirt_image_t:MCS2
18
Red Hat Summit 2009 | Daniel J Walsh 18 Libvirt – Static Label - MLS Multi-Level Security ● Administrator must specify image label svirt_t:TopSecret ● Launches the image - svirt_t:TopSecret ● Libvirt will NOT label any content. Administrator responsible for labeling content.
19
Red Hat Summit 2009 | Daniel J Walsh 19 Virt Manager
20
Red Hat Summit 2009 | Daniel J Walsh 20 Host Hardware memory/storage, etc. Host Kernel Guest Kernel User Space Web App Guest Kernel User Space DNS Server svirt_t:TopSecret svirt_t:Unclassified SELinux svirt_image_t:TopSecretsvirt_image_t:Unclassified
21
Red Hat Summit 2009 | Daniel J Walsh 21 DEMO
22
Red Hat Summit 2009 | Daniel J Walsh 22 Future Enhancements ● Different Types for confined guest ● svirt_web_t – type ● only allow a guest virtual machine to listen on web ports ● Confine a Windows 2003 box to only run as a ISS server ● If corrupted it could not become a Spam Bot.
23
Red Hat Summit 2009 | Daniel J Walsh 23 sVirt Project Page ● http://selinuxproject.org/page/SVirt
Similar presentations
