Presentation is loading. Please wait.

Presentation is loading. Please wait.

The Simplified Mandatory Access Control Kernel

Published byKoby Thornbrugh Modified over 9 years ago

Similar presentations

Presentation on theme: "The Simplified Mandatory Access Control Kernel"— Presentation transcript:

1 The Simplified Mandatory Access Control Kernel
Casey Schaufler January 2008

2 Casey Schaufler Ported Unix Version 6 to 32bit
Started Development of TSOL Architect of Trusted Irix B1, CAPP, LSPP evaluated US NSA’s Trusix Group POSIX P1003.1e/2c TSIG

3 Today’s Talk Mandatory Access Control (MAC) What MAC is good for
How Smack implements MAC What Smack is good for Details of Smack

4 Mandatory Access Control
Concepts Subject is an active entity Object is a passive entity Access is an operation preformed on an object by a subject

5 Mandatory Access Control
Principles User has no say in it Based on system controlled attributes

6 Mandatory Access Control
Jargon MAC Label Bell & LaPadula Multilevel Security CIPSO

7 Mandatory Access Control

8 MAC Implementations Bell & LaPadula Sensitivity Type Enforcement
Multics, Unix Type Enforcement SELinux Pathname Controls AppArmor, TOMOYO

9 Uses of MAC Systems Security Checkbox Sharing an expensive machine
Disjoint sets of users B&L Catagories Hierarchical use of shared data B&L Levels

10 Where Did Smack Come From?
Traditionally Label relationships hard coded Names map to label values Mythtory:TopSecret,Skeeve,Ahz,Chumly Level=4,Catagories=17,49,113 Users only use names Why use anything but names?

11 Smack Label Mechanism Labels and label names are the same
No implicit relationship between labels List of explicit access relationships Every subject gets a label Every object gets a label Objects get creating Subject’s label

12 Subjects Access Objects
lstat() reads a file object’s attributes kill() writes to a process object send() writes to a process object bind() is uninteresting

13 System Labels _ floor ^ hat * star Any single special character
Objects Only Any single special character ^ * _

14 User Labels ^ * SEAsia Dap _

15 Explicit Access Rules Dap SEAsia r Med Pop w SEAsia Dap Pop Med

16 Access Rule Specification
/etc/smack/accesses Subject Object [–rwxa] /smack/load Strict fixed format /sbin/smackload Writes to /smack/load

17 Bell & LaPadula Levels Secret more sensitive than Unclass
TopSecret more sensitive than Secret Secret Unclass rx TopSecret Secret rx TopSecret Unclass rx All relationships must be specified

18 Bell & LaPadula Categories
Categories Skeeve and Ahz Labels: “Skeeve,Ahz” “Skeeve” “Ahz” Skeeve,Ahz Skeeve rx Skeeve,Ahz Ahz rx

19 Biba Integrity Floor is highest integrity Hat is lowest Integrity

20 Ring of Vigilance SEAsia Dap r Med SEAsia r Dap Med r SEAsia Dap Med

21 Messaging Informant Reporter w Reporter Editor w Editor Reporter w

22 Time of Day At 17:00 WorkerBee Game x At 08:00 WorkerBee Game –

23 Implementation Label Scheme Access Checks File Systems Networking
The LSM Audit

24 Label Scheme Labels are short text strings Compared for equality
Stored in a list secid Optional CIPSO value Never forgotten

25 Access Checks Rules written to /smack/load Hard Coded Labels
Subject and object equal Find the subject/object pair Check the request against the rule

26 File Systems Use xattrs if supported Hard coded behavior
smackfs, pipefs, sockfs, procfs, devpts Superblock values File system root File system default File system floor and hat Not yet implemented

27 Networking Model Sender writes to receiver
Sender is subject, receiver is object Socket, packet not policy components William Janet w Allows a UDP packet Janet William r Does not allow a UDP Packet

28 Packet Labeling Unlabeled packets get ambient label
CIPSO option on every local packet CIPSO value from the label list Set via /smack/cipso CIPSO direct mapping Level 250 Label copied into category bits Same CIPSO as SELinux

29 The LSM Provides a restrictive interface Evolved in step with SELinux
Imperfectly defined Networking Audit USB Module Stacking

30 Programming interfaces
getxattr(), setxattr() SMACK64 /proc/<pid>/attr/current

31 Socket Interfaces Socket Attributes Packet Attributes
fgetxattr(), fsetxattr() SMACK64.IPIN SMACK64.IPOUT Packet Attributes SO_PEERSEC TCP SCM_SECURITY UDP

32 Administrative Interfaces
/smack/load /smack/cipso /smack/doi /smack/direct /smack/nltype

33 What Have You Learned? Smack is a modern implementation of old school Mandatory Access Control with the mistakes omitted. Smack is designed for simplicity Smack is designed as a kernel mechanism

34 Special Thank You Paul Moore – Network interfaces
Ahmed S. Darwish – Work on smackfs And a host of reviewers, including Stephen Smalley, Seth Arnold, Joshua Brindle, Al Viro, James Morris, Kyle Moffett, Pavel Machek

35 Contact Information

Download ppt "The Simplified Mandatory Access Control Kernel"

Similar presentations

Trusted System Elements and Examples CS461/ECE422 Fall 2011.

Trusted System Elements and Examples CS461/ECE422 Fall 2011.
Information Flow and Covert Channels November, 2006.

Information Flow and Covert Channels November, 2006.
Operating System Security

Operating System Security
1 cs691 chow C. Edward Chow Confidentiality Policy CS691 – Chapter 5 of Matt Bishop.

1 cs691 chow C. Edward Chow Confidentiality Policy CS691 – Chapter 5 of Matt Bishop.
JENNIS SHRESTHA CSC 345 April 22, 2014. Contents Introduction History Flux Advanced Security Kernel Mandatory Access Control Policies MAC Vs DAC Features.

JENNIS SHRESTHA CSC 345 April 22, Contents Introduction History Flux Advanced Security Kernel Mandatory Access Control Policies MAC Vs DAC Features.
Chapter 6 Security Kernels.

Chapter 6 Security Kernels.
CMSC 414 Computer (and Network) Security Lecture 13 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 13 Jonathan Katz.
Access Control Intro, DAC and MAC System Security.

Access Control Intro, DAC and MAC System Security.
Chapter 9 Building a Secure Operating System for Linux.

Chapter 9 Building a Secure Operating System for Linux.
Chapter 10 Firewalls. Introduction seen evolution of information systems now everyone want to be on the Internet and to interconnect networks has persistent.

Chapter 10 Firewalls. Introduction seen evolution of information systems now everyone want to be on the Internet and to interconnect networks has persistent.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Chapter 2 Access Control Fundamentals. Chapter Overview Protection Systems Mandatory Protection Systems Reference Monitors Definition of a Secure Operating.

Chapter 2 Access Control Fundamentals. Chapter Overview Protection Systems Mandatory Protection Systems Reference Monitors Definition of a Secure Operating.
User Domain Policies.

User Domain Policies.
Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition Chapter 2: Operating-System Structures Modified from the text book.

Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition Chapter 2: Operating-System Structures Modified from the text book.
C. Edward Chow Presented by Mousa Alhazzazi C. Edward Chow Presented by Mousa Alhazzazi Design Principles for Secure.

C. Edward Chow Presented by Mousa Alhazzazi C. Edward Chow Presented by Mousa Alhazzazi Design Principles for Secure.
ADVANCED LINUX SECURITY. Abstract : Using mandatory access control greatly increases the security of an operating system. SELinux, which is an implementation.

ADVANCED LINUX SECURITY. Abstract : Using mandatory access control greatly increases the security of an operating system. SELinux, which is an implementation.
Android Security Enforcement and Refinement. Android Applications --- Example Example of location-sensitive social networking application for mobile phones.

Android Security Enforcement and Refinement. Android Applications --- Example Example of location-sensitive social networking application for mobile phones.
Security-Enhanced Linux & Linux Security Module The George Washington University CS297 Programming Language & Security YU-HAO HU.

Security-Enhanced Linux & Linux Security Module The George Washington University CS297 Programming Language & Security YU-HAO HU.
Understanding Android Security Yinshu Wu William Enck, Machigar Ongtang, and PatrickMcDaniel Pennsylvania State University.

Understanding Android Security Yinshu Wu William Enck, Machigar Ongtang, and PatrickMcDaniel Pennsylvania State University.
Copyright © 2002 ProsoftTraining. All rights reserved. Operating System Security.

Copyright © 2002 ProsoftTraining. All rights reserved. Operating System Security.

Similar presentations

Ads by Google