0
Directions in SELinux Networking


    Linux Kernel Networking Summit
           Montréal, Canada
               July 2005...
SELinux
●
    SELinux provides fine­grained, flexible MAC.
●
    Subjects and objects are labeled with security 
    conte...
Current Status
●
    SELinux provides broad coverage across the 
    kernel (140 hooks).
●
    All socketcalls are mediate...
Networking Directions
●
    Performance of IP network controls needs to be 
    improved.
●
    Hit by per­packet lookups ...
Netfilter/iptables
●
    Possibly replace existing IP packet controls with 
    Netfilter/iptables integration (selipt).
●...
Distributed MAC
●
    MAC is currently limited to the local machine.
●
    Historically used with Multi­Level Security 
  ...
Leveraging IPsec
●
    Trent Jaeger's implicit labeling work (IBM).
●
    Label SAs instead of packets.
●
    Draws on pre...
Leveraging IPsec II
●
    Hooks into xfrm subsystem.
●
    IPsec policies are labeled: only authorized 
    policies may b...
Leveraging IPsec III
●
    Useful for MLS networking, suitable for LSPP 
    (B1) and beyond.
●
    Not compatible with IP...
Networked Filesystems
●
    NSA developed support for NFSv3.
●
    Future is NFSv4 with named attributes.
●
    SMB desire...
Remote Attestation
●
    Use of TPM and associated hardware to 
    cryptographically verify system from boot.
●
    IBM I...
Cryptographic Policy
●
    SELinux policy could be extended to express 
    more general cryptographic policy.
●
    e.g. ...
Distributed Policy
●
    Mechanism for distributing and synchronizing 
    policy within a security realm may be useful 
 ...
Longer Term
●
    General trend toward increasingly high assurance 
    distributed computing.
●
    Inter­realm communica...
Resources
●
    SELinux Enhanced IPTables
    http://people.redhat.com/jmorris/selinux/selipt/

●
    “Architecture of SEL...
Upcoming SlideShare
Loading in...5
×

Directions in SELinux Networking

533

Published on

Presentation on "Directions in SELinux Networking" given at Netconf 2005 in Montréal.

Published in: Technology, News & Politics
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
533
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
21
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Transcript of "Directions in SELinux Networking"

  1. 1. Directions in SELinux Networking Linux Kernel Networking Summit Montréal, Canada July 2005 James Morris <jmorris@redhat.com>
  2. 2. SELinux ● SELinux provides fine­grained, flexible MAC. ● Subjects and objects are labeled with security  contexts, policy determines interactions. ● Type Enforcement (TE) model provides an  expressive abstraction of security classes and  their interactions.
  3. 3. Current Status ● SELinux provides broad coverage across the  kernel (140 hooks). ● All socketcalls are mediated, provides high level  control over local networking. ● Protocol specific controls for Netlink, Unix, some  IP (name_bind, name_connect, rudimentary  packet filter).
  4. 4. Networking Directions ● Performance of IP network controls needs to be  improved. ● Hit by per­packet lookups for security context of  port and IP addresses. ● IBM did some work on an RCU cache, needs  further investigation. ● May be replacing IP packet hooks anyway.
  5. 5. Netfilter/iptables ● Possibly replace existing IP packet controls with  Netfilter/iptables integration (selipt). ● More flexible & expressive, makes use of  conntrack, matches, targets etc. ● Need receiving socket: current code uses  ipt_owner patch. ● Better to use socket hook work from Patrick  McHardy.
  6. 6. Distributed MAC ● MAC is currently limited to the local machine. ● Historically used with Multi­Level Security  (MLS). ● Typically, each packet is labeled via IP options  (CIPSO, FIPS­188). ● Selopt implemented, dropped for upstream  merge.
  7. 7. Leveraging IPsec ● Trent Jaeger's implicit labeling work (IBM). ● Label SAs instead of packets. ● Draws on previous Flask work. ● Not MLS or even SELinux specific. ● Utilizes IPsec services: confidentiality;  authentication; negotiation; automation.
  8. 8. Leveraging IPsec II ● Hooks into xfrm subsystem. ● IPsec policies are labeled: only authorized  policies may be used, controlled via SELinux. ● SA labels must match (existing SA or triggered  negotiation with IKE). ● Matching packets considered labeled. ● Policy for unlabeled packets (e.g. ISAKMP).
  9. 9. Leveraging IPsec III ● Useful for MLS networking, suitable for LSPP  (B1) and beyond. ● Not compatible with IP options schemes. ● More generally useful for extending SELinux  across the network. ● Control communication between processes on  different systems.
  10. 10. Networked Filesystems ● NSA developed support for NFSv3. ● Future is NFSv4 with named attributes. ● SMB desired by some parties. ● Cluster Filesystems (some OCFS2 work).
  11. 11. Remote Attestation ● Use of TPM and associated hardware to  cryptographically verify system from boot. ● IBM Integrity Measurement Architecture (IMA). ● Requires protocol which queries TPM with  nonce; TPM signs measurement list and nonce. ● SELinux policy could be used to require that the  remote system is attested before some other  communication.
  12. 12. Cryptographic Policy ● SELinux policy could be extended to express  more general cryptographic policy. ● e.g. foo_t file must be stored with X encryption,  and only transmitted by local admin_t to remote  admin_t on trusted hosts with Y encryption and Z  authentication on the wire. ● May also require use of specific crypto device or  software.
  13. 13. Distributed Policy ● Mechanism for distributing and synchronizing  policy within a security realm may be useful  when using distributed MAC.
  14. 14. Longer Term ● General trend toward increasingly high assurance  distributed computing. ● Inter­realm communication.  Establishing trust  between different “domains of interpretation” is  very difficult. ● SE aware firewalling, complicated by Ipsec.
  15. 15. Resources ● SELinux Enhanced IPTables http://people.redhat.com/jmorris/selinux/selipt/ ● “Architecture of SELinux Network Access Controls” http://www.selinux­symposium.org/2005/presentations/session2/2­2­morris.pdf ● “Leveraging IPSec for network access control for SELinux” http://www.selinux­symposium.org/2005/presentations/session2/2­3­jaeger.pdf ● Full IBM research report on the above (and more generalized). Not yet published ● Ajaya Chitturi's Flask Thesis http://www.cs.utah.edu/flux/papers/ajay­thesis­abs.html
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×