Overview of NSA Security Enhanced Linux - FOSS.IN/2005
Upcoming SlideShare
Loading in...5
×

Like this? Share it with your network

Share

Overview of NSA Security Enhanced Linux - FOSS.IN/2005

  • 1,080 views
Uploaded on

Overview of NSA Security Enhanced Linux - FOSS.IN/2005 ...

Overview of NSA Security Enhanced Linux - FOSS.IN/2005

Presentation given in Bangalore, India.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
1,080
On Slideshare
1,080
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
35
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Overview of NSA Security Enhanced Linux James Morris jmorris@namei.org FOSS.IN/2005 Bangalore, India
  • 2. What is SELinux? ● Fine­grained Mandatory Access Control (MAC) ● Strongly separated domains ● Provides confinement of: ● malicious code ● flawed code ● user error/intention ● Enforces least privilege ● Protects integrity ● Flexible policy
  • 3. Discretionary Access Control (DAC)  ● Traditional Unix security model ● DAC is inadequate: – Decisions only based on user identity and ownership – No protection against malicious or flawed software – Each user has complete discretion over own objects – Only two major categories of users: admin and other – Coarse­grained and too much privilege – Unbounded privilege escalation
  • 4. Mandatory Access Control (MAC) ● “Missing link” of security in general OSs ● Primary features: – Administratively­set security policy – Control over all processes and objects – Decisions based on all security­relevant information
  • 5. MAC Implementation ● Traditionally inflexible, maps poorly to general case ● More than just Multilevel Security (MLS): – Enforce integrity, least privilege ● Generalized MAC via Type Enforcement (TE) ● Transparent to applications ● Decompose administrator role ● Policy flexibility
  • 6. SELinux Framework ● Composition of several security models – Role­Based Access Control (RBAC) – Type Enforcement (TE) – Optional Multilevel Security (MLS) ● Separation of mechanism and policy ● Can support further models as required
  • 7. Type Enforcement (TE) ● Domains for processes, types for objects ● Control access to objects by domains ● Control interactions between domains ● Control entry into domains ● Bind domains to code
  • 8. Types ● Attributes assigned to objects and domains ● Things of the same type are security­equivalent ● Examples: – httpd_t (apache execution domain) – httpd_log_t (apache log files) – httpd_config_t (apache configuration files) – httpd_sys_content_t (web content)
  • 9. Type Enforcement Rules ● TE rules defined in policy ● Include object labeling, and access control rules ● Examples: • allow httpd_t httpd_log_t:file  { create ioctl read getattr lock append }; • allow httpd_t httpd_config_t:file { read getattr lock ioctl }; • allow httpd_t httpd_sys_content_t:file { read getattr lock ioctl };
  • 10. Role Based Access Control (RBAC) ● Roles are attributes assigned to domains, e.g. – sysadm_r – system_r – user_r ● Specifies domains that can be entered by each role ● Specifies roles that are authorized for each user ● Initial domain associated with each user role
  • 11. Current Status ● Merged into upstream kernel during 2.5 series ● Adopted by several distributions ● Targeted policy for network facing services ● Possibly millions of users ● Basic tools
  • 12. Current Development ● MLS for production use ● Certifications: LSPP, RBACPP at EAL4+ ● Multi­category Security (MCS) ● Reference policy ● Modular policy
  • 13. Future Developments & Participation ● Better tools – Policy development and analysis ● High level policy language ● Distributed security management – User management, policy distribution, logging ● Desktop ● Application­level
  • 14. More Future Developments... ● Networked filesystems ● Hardware security (TPM): – Verified boot – Integrity verification – Remote attestation – Trusted path ● Virtualization ● Cryptographic policy
  • 15. Resources ● NSA SELinux Pages http://www.nsa.gov/selinux/ ● SELinux for Distributions http://selinux.sourceforge.net/ ● Mailing Lists (see above) ● IRC: irc.freenode.net #selinux ● SELinux Symposium 2006 (Feb/Mar) http://www.selinux­symposium.org/
  • 16. Acknowledgments ● Much of the source material for these slides was  derived from existing NSA presentations: – http://www.nsa.gov/selinux/info/docs.cfm