Presentation is loading. Please wait.

Presentation is loading. Please wait.

NSA Security-Enhanced Linux (SELinux)

Similar presentations


Presentation on theme: "NSA Security-Enhanced Linux (SELinux)"— Presentation transcript:

1 NSA Security-Enhanced Linux (SELinux)
Grant M. Wagner Information Assurance Research Group National Security Agency

2 The Need for Secure OS Increasing risk to valuable information
Wide variety of application space security solutions Dependence on OS protection mechanisms Inadequacy of mainstream operating systems Discretionary access controls can't do the job Key missing feature: Mandatory Access Control (MAC) Administratively-set security policy Control over all processes and objects Decisions based on all security-relevant information

3 What can MAC offer? Strong separation of security domains
Separate data based on confidentiality/integrity/purpose System, application, and data integrity Protect against unauthorized modifications Prevent ill-formed modifications Ability to limit program privileges Safely run code of uncertain trustworthiness Prevent exploit of flaw in program from escalating privilege Limit each program to only what is required for its purpose

4 What can MAC offer? Processing pipeline guarantees
Ensure that data is processed as required Split processing into small, minimally trusted stages Encryption, sanitization, virus scanning Authorization limits for legitimate users Decompose administrator role Partition users into classes based on position, clearance, etc.

5 SELinux provides Flexible MAC
Flexible comprehensive mandatory access controls for Linux implemented as a Linux security module Building on 12 years of NSA’s OS Security research Application of NSA’s Flask security architecture Cleanly separates policy from enforcement using well-defined policy interfaces Allows users to express policies naturally and supports changes Comprehensive fine-grained controls over kernel services Transparent to applications and users Role-Based Access Control, Type Enforcement, optional Multi-Level Security, easily extensible to other models Highly configurable (example configuration provided)

6 SELinux Security Impact
Limits damage from virus/trojan horse infection Can inhibit virus propagation Eliminates most privilege elevation attacks Constrains damage from undiscovered exploits Servers need not be granted admin privileges Reduces need for immediate security patching Reduces dependence on all-powerful admin Critical services and data can be isolated Allows control over user actions

7 SELinux Research Success
SELinux developed at NSA as research prototype Public release in Dec 2000 w/regular updates since Currently included as security module in 2.6 Kernels Continues to be excellent platform for security research

8 SELinux Acceptance SELinux was released as a reference implementation
Direct benefit to Linux Other OS groups incorporating technology Direct User benefit Meeting real security needs Growing user/developer community is contributing back Open Source can be powerful technology transfer tool

9 Interest in SELinux Corporate
Used or being used considered for use in products/solutions Wide variety of industries including OEMs, ISPs, Defense, Telecommunications, SCADA systems, PDAs and other consumer electronics Linux Distributors accepting technology Red Hat/Debian/Gentoo/Others??? SELinux deployments Corporate, government, universities

10 Research Direction Further user space integration
Complete integration into networked environment Integrate with 2.6 IPSEC and NFSv4 implementations Security-Enhanced X Windows Policy specification and analysis tools Policy management service Platform for application security mechanisms

11 Want to learn more? Available at: http://www.nsa.gov/selinux
Mailing list: Send 'subscribe selinux' to


Download ppt "NSA Security-Enhanced Linux (SELinux)"

Similar presentations


Ads by Google