SlideShare a Scribd company logo

LAPP/SELinux - A secure web application stack using SE-PostgreSQL

Kohei KaiGai
Kohei KaiGai

slides on PGcon2010

Technology
1 of 46
Download to read offline
LAPP/SELinux A secure web application stack using SE-PostgreSQL KaiGai Kohei <kaigai@ak.jp.nec.com> NEC OSS Promotion Center
Self Introduction ▐ SELECT * FROM pg_developers WHERE name = 'KaiGai' Job NEC OSS Promotion Center, for 7 years Contributions • SMP Scalability Improvement of SELinux • Lead project to port SELinux into embedded platform • Development of SE-PostgreSQL • Access control support of large object, and so on... Interest Web system's security KaiGai lives here KaiGai lives here KaiGai is here KaiGai is here Page 2 The PostgreSQL Conference 2010, LAPP/SELinux -A secure web application stack using SE-PostgreSQL-
▐ Agenda 1. Backgrond 2. SE-PostgreSQL 3. Apache/SELinux plus 4. Demonstration 5. Future Plans
Security nightmare in web systems (Reference: JSOC analysis report of the incursion trend, vol.12, vol.14, LAC) ▐ Rapid increasing of attacks to web systems ▐ More threats from Internals, rather than Externals What technology can improve the situation? Page 4 The PostgreSQL Conference 2010, LAPP/SELinux -A secure web application stack using SE-PostgreSQL-
LAPP - A typical web application stack ▐ LAPP An information asset in An information asset in Linux, Apache, PostgreSQL, PHP/Perl DB being invisible might be DB being invisible might be visible in Filesystem visible in Filesystem ▐ Concerns in security Each layer has its own security mechanism Web-users are not mapped to users in OS/DB Application's PHP/Perl OS/DB layer could not distingiush OS/DB layer could not distingiush own checks (web applications) actual users, so all the security actual users, so all the security HTTP auth & Apache/httpd burdens are pushed to web-app's burdens are pushed to web-app's .htaccess (web server) Database PostgreSQL ACLs (Database server) Filesystem Linux permissions (Operating system) Page 5 The PostgreSQL Conference 2010, LAPP/SELinux -A secure web application stack using SE-PostgreSQL-
Lack of conductor Page 6 The PostgreSQL Conference 2010, LAPP/SELinux -A secure web application stack using SE-PostgreSQL-
LAPP/SELinux - concept ▐ SELinux performs as conductor System-wide privileges are assigned to all the users DB controls accesses based on the centralized policy It ensures least-privilege and consistency in access control. Application's PHP/Perl own checks (web applications) HTTP auth & Apache/httpd SELinux .htaccess (web server) centralized Database PostgreSQL in the system ACLs (Database server) Filesystem Linux Security permissions (Operating system) policy Page 7 The PostgreSQL Conference 2010, LAPP/SELinux -A secure web application stack using SE-PostgreSQL-
Perspective from the model (1/2) Info asset System Filesystem SELinux permission checks Filesystem call security OS(Linux) policy Info asset Database SE-PgSQL SQL ACLs checks Database RDBMS (PostgreSQL) User Process Request Access Control Resources Object Manager ▐ Analogy between OS/DB Differences in the way to store and access information assets System-call for Filesystem, SQL for Database ▐ Role of access control It decides whats are allowed or disallowed between users and resources, and controls the given requests based on the decision. Same basis (security policy) ensures system-wide consistency. Page 8 The PostgreSQL Conference 2010, LAPP/SELinux -A secure web application stack using SE-PostgreSQL-
Perspective from the model (2/2) privileges System and sshd comm Call Filesystem shell Shell process HTTP privileges reque st SQL httpd Database WebApp Instance Authentication User(Human) Request(1st) & Authorization User Agent Request(2nd) Resources ▐ Analogy between shell and web User is a human; An user-agent performs instead of himself. User-agent must have correct privileges reflecting the actual human. ▐ Role of authentication & anthorization It identifies the human connected, and assigns their privileges. • sshd assignes user/group-id on the login shell before the execution. • Apache does not change privileges of the web-application instance. Page 9 The PostgreSQL Conference 2010, LAPP/SELinux -A secure web application stack using SE-PostgreSQL-
LAPP/SELinux - components ▐ SE-PostgreSQL A built-in enhancement of PostgreSQL Additional permission checks on the given queries according to the decision of SELinux It ensures consistency in access controls ▐ Apache/SELinux Plus A loadable module of the Apache/httpd 2.2.x It assignes a security context of the contents handler based on http authentication. It ensures least-privilege in access control; with utilization of OS/DB Page 10 The PostgreSQL Conference 2010, LAPP/SELinux -A secure web application stack using SE-PostgreSQL-
▐ Agenda 1. Backgrond 2. SE-PostgreSQL 3. Apache/SELinux plus 4. Demonstration 5. Future Plans
Architecture of SE-PostgreSQL DB objects are DB objects are Query labeled with labeled with User Process Processor Database security context security context Query Question Database ACLs Question Security SE-PostgreSQL policy Security Providers PostgreSQL Answer Answer SELinux ▐ Security Providers Common entrypoints of access control features; like database ACLs. SE-PostgreSQL shall be an optional security provider. ▐ SE-PostgreSQL It tells SELinux whether the given query is allowed to run; (Need to deliver a pair of security context of the client and objects) SELinux returns its decision, then SE-PostgreSQL raises an error if access violation. Page 12 The PostgreSQL Conference 2010, LAPP/SELinux -A secure web application stack using SE-PostgreSQL-
Decision making in access controls UserId/GroupId of the user process Linux Decision Permission Bits of the target files (Filesystem) (Allowed or Denied) Input Output Required permissions (r,w,x) ▐ SELinux performs like a function It returns its decision for the given arguments. Kernel internally gives them to SELinux, and follows its decision. Userspace application can also utilize the mechanism, as long as it can provide pair of the security context. ▐ Security context A SELinux specified identifier of processes and any other objects. Example) system_u:system_r:httpd_t:s0 system_u:object_r:postgresql_db_t:s0 Page 13 The PostgreSQL Conference 2010, LAPP/SELinux -A secure web application stack using SE-PostgreSQL-
Decision making in access controls UserId/GroupId of the user process Security context of the user agent Security Linux Security context of the target object Permission Bits of the target files Policy Decision (Filesystem) (Allowed or Denied) Input Output Required permissions (r,w,x) Required permissions SELinux ▐ SELinux performs like a function It returns its decision for the given arguments. Kernel internally gives them to SELinux, and follows its decision. Userspace application can also utilize the mechanism, as long as it can provide pair of the security context. ▐ Security context A SELinux specified identifier of processes and any other objects. Example) system_u:system_r:httpd_t:s0 system_u:object_r:postgresql_db_t:s0 Page 14 The PostgreSQL Conference 2010, LAPP/SELinux -A secure web application stack using SE-PostgreSQL-
Security context of the client process Is ititallowed to read? Is allowed to read? TCP/IP, Unclassified Classified -> Unclassified Classified -> Unclassified UNIX socket SE-PgSQL accept(2) Classified Policy sockfd getpeercon(3) Classified PostgreSQL SELinux Client Process Yes, allowed Yes, allowed ▐ Labeled networks SELinux provides an API to obtain security context of the peer process. int getpeercon(int sockfd, security_context_t *con); IPsec daemon exchanges the security context of peers prior to open the connection. Static fallback security context for non-SELinux'ed clients. It allows to identify the client process using security context. Page 15 The PostgreSQL Conference 2010, LAPP/SELinux -A secure web application stack using SE-PostgreSQL-
Security context of the database objects postgres=> SELECT security_label, * FROM drink; security_label | id | name | price -----------------------------------------+----+--------+------- system_u:object_r:sepgsql_table_t:s0 | 1 | water | 110 system_u:object_r:sepgsql_table_t:s0 | 2 | tea | 130 system_u:object_r:sepgsql_table_t:s0:c0 | 3 | coke | 130 system_u:object_r:sepgsql_table_t:s0:c1 | 4 | coffee | 180 (4 rows) ▐ "security_label" system column It represents the security context of tuples. The tuple of pg_class shows properties of table, so it means the security context of the table, for example. ▐ Default security context On insertion, the default one shall be assigned based on the policy. User can also provide an explicit one, instead of the default. Page 16 The PostgreSQL Conference 2010, LAPP/SELinux -A secure web application stack using SE-PostgreSQL-
Usage of SE-PostgreSQL (1/2) postgres=# CREATE TABLE customer (id integer primary key, name text, credit text); postgres=# ALTER TABLE customer ALTER credit SECURITY LABEL TO 'system_u:object_r:sepgsql_secret_table_t:s0'; postgres=# INSERT INTO customer VALUES (1, 'kaigai', '1111-2222-3333-4444'); postgres=# SELECT * FROM customer; LOG: SELinux: denied { select } ¥ scontext=staff_u:staff_r:staff_t:s0 ¥ tcontext=system_u:object_r:sepgsql_secret_table_t:s0 ¥ tclass=db_column name=customer.credit ERROR: SELinux: security policy violation postgres=# SELECT id, name FROM customer; id | name ----+-------- Client was not allowed to select Client was not allowed to select from the column labeled as from the column labeled as 1 | kaigai sepgsql_secret_table_t (1 row) sepgsql_secret_table_t Page 17 The PostgreSQL Conference 2010, LAPP/SELinux -A secure web application stack using SE-PostgreSQL-
Usage of SE-PostgreSQL (2/2) postgres=# SELECT security_label, * FROM; security_label | id | name | price ---------------------------------------------------+----+--------+------- system_u:object_r:sepgsql_table_t:Unclassified | 1 | water | 100 system_u:object_r:sepgsql_table_t:Classified | 2 | coke | 120 system_u:object_r:sepgsql_ro_table_t:Classified | 3 | juice | 140 system_u:object_r:sepgsql_ro_table_t:Unclassified | 4 | coffee | 180 staff_u:object_r:sepgsql_table_t:Unclassified | 5 | beer | 240 ▐ On SELECT All the tuples are visible for Classified user, but Classified tuples are not visible Unclassified user. ▐ On UPDATE/DELETE Also, Classified tuples are updatable/deletable by Classified users. And, Read-only tuples are not updatable by confined users. ▐ On INSERT A default security context shall be assigned on the new tuple, and checks privilege to insert it. Page 18 The PostgreSQL Conference 2010, LAPP/SELinux -A secure web application stack using SE-PostgreSQL-
System-wide consistency in access controls Classified User Login Process Consistent Consistent access controls access controls Security Inter-process Inter-process Policy Info Info communication communication SELinux Filesystem Networks IPC Objects Database channels channels Login User Least-privilege Least-privilege Process Unclassified ▐ SELinux provides its access control decision for ANY subsystems Linux kernel enforces the decision on accesses to filesystem objects, and etc... SE-PostgreSQL enforces the decision on accesses to database objects. Eventually, the centralized security policy controls all the accesses Page 19 The PostgreSQL Conference 2010, LAPP/SELinux -A secure web application stack using SE-PostgreSQL-
Performance - SE-PostgreSQL comparison of pgbench results PostgreSQL v8.4.1 SE-PostgreSQL v8.4.1 450 400 350 transaction per second 300 250 200 150 100 50 0 20 40 60 80 100 120 140 160 180 200 database size (scaling factor) ▐ 2~4% of trade-off in performance userspace AVC minimizes the number of kernel invocations ▐ Environments CPU Xeon (2.33GHz) Dual, Mem: 2GB (shared_buffer=512m) measured by pgbench -c 2 -t 200000 Page 20 The PostgreSQL Conference 2010, LAPP/SELinux -A secure web application stack using SE-PostgreSQL-
▐ Agenda 1. Backgrond 2. SE-PostgreSQL 3. Apache/SELinux plus 4. Demonstration 5. Future Plans
Who's privileges should be checked? privilege access privilege control HTTP Request Filesystem access Clients HTTP Authentication Web Application HTTP Authentication control Database ▐ Authentication, but no authorization Apache can check client's Web-ID/PASS (BASIC or DIGEST). 403 Error, or Apache launches web-application handlers. ▐ Problem Web-application performs with identical privilege of daemon process. It means OS/RDBMS cannot distinguish individual web-users. Web-applications have to work always correctly? It means web-applications have to be bugs/vulnerabilities free? Page 22 The PostgreSQL Conference 2010, LAPP/SELinux -A secure web application stack using SE-PostgreSQL-
Web users Page 23 The PostgreSQL Conference 2010, LAPP/SELinux -A secure web application stack using SE-PostgreSQL-
Not web-users [kaigai@saba ~]$ ps -C httpd -o label,pid,user,group,comm LABEL PID USER GROUP COMMAND system_u:system_r:httpd_t:s0 25132 root root httpd system_u:system_r:httpd_t:s0 25136 apache apache httpd system_u:system_r:httpd_t:s0 25137 apache apache httpd system_u:system_r:httpd_t:s0 25138 apache apache httpd system_u:system_r:httpd_t:s0 25139 apache apache httpd system_u:system_r:httpd_t:s0 25140 apache apache httpd system_u:system_r:httpd_t:s0 25141 apache apache httpd system_u:system_r:httpd_t:s0 25142 apache apache httpd system_u:system_r:httpd_t:s0 25143 apache apache httpd system_u:system_r:httpd_t:s0 25144 apache apache httpd Security context of the httpd daemon UNIX Uid/Gid of the httpd daemon used to access controls in SELinux used to discretionary access controls Page 24 The PostgreSQL Conference 2010, LAPP/SELinux -A secure web application stack using SE-PostgreSQL-
Apache/SELinux Plus authorized privileges authorized privileges privilege access control privilege HTTP Request Filesystem access control mod_selinux.so module Web Application mod_selinux.so module Database ▐ Terms Authentication is a function of identifying the connected user. Authorization is a function of assigning the rights to resources. ▐ Apache/SELinux Plus (mod_selinux.so) It assigns a corresponding security context based on HTTP authentication prior to web-application launches. It enables to confine web-application's accesses. Unlike UNIX, no root capabilities are needed to change privileges. Page 25 The PostgreSQL Conference 2010, LAPP/SELinux -A secure web application stack using SE-PostgreSQL-
System-image (1/2) : Per web-user separation Privileges reflecting to the web-user Privileges reflecting to the web-user Manager Employee Authentication Authentication & Authorization & Authorization Prevent violated accesses, Prevent violated accesses, even ififweb-app was bugged. even web-app was bugged. Other division Database Page 26 The PostgreSQL Conference 2010, LAPP/SELinux -A secure web application stack using SE-PostgreSQL-
System image (2/2) : Per virtual host separation ▐ SELinux performs as a logical-wall Filesystem separating system resources. ▐ Using Multi-Category policy red Database http://www.red.com/ Filesystem http://www.blue.com/ http://www.green.com/ Database blue Logical wall: Logical wall: SELinux prevent accesses to any objects SELinux prevent accesses to any objects Filesystem accross the categories. accross the categories. green Web-app handles of Web-app handles of Database the "green" virtual host the "green" virtual host Page 27 The PostgreSQL Conference 2010, LAPP/SELinux -A secure web application stack using SE-PostgreSQL-
Performance - Apache/SELinux Plus $$ab -c 88-t 60 -A <user:password> <URL> ab -c -t 60 -A <user:password> <URL> 700 CPU: Pentium4 3.20GHz, Apache: 2.2.13-2.fc12 CPU: Pentium4 3.20GHz, Apache: 2.2.13-2.fc12 600 TEST1) Regular HTML file TEST1) Regular HTML file # of requests per second TEST2) PHP Script TEST2) PHP Script 500 TEST3) PHP Script with DB connection TEST3) PHP Script with DB connection 400 TEST4) CGI Program TEST4) CGI Program 300 200 100 0 .html file .php script .php with DBconn .cgi program Apache (normal) Apache/SELinux Plus ▐ The cost to assign privileges is relatively large in lightweight request. ▐ Less differences in our major target (Web+DB applications) Other steps obscures the cost to assign privileges. Page 28 The PostgreSQL Conference 2010, LAPP/SELinux -A secure web application stack using SE-PostgreSQL-
▐ Agenda 1. Backgrond 2. SE-PostgreSQL 3. Apache/SELinux plus 4. Demonstration 5. Future Plans
Demonstration Same web application Same HTTP Request with individual privileges Filesystem Authentication Authentication & Authorization & Authorization Consistent Database access control ▐ Apache/SELinux Plus launches a PHP script with individual privileges. ▐ The PHP script can access both of filesystem and database. Linux applies access controls on filesystems PostgreSQL applies access controls on databases Consistent access controls, although different mechanisms decide it. Page 30 The PostgreSQL Conference 2010, LAPP/SELinux -A secure web application stack using SE-PostgreSQL-
▐ Agenda 1. Backgrond 2. SE-PostgreSQL 3. Apache/SELinux plus 4. Demonstration 5. Future Plans
Conceptual diagram of LAPP/SELinux Classified Web HTTP Req Application Consistent Consistent access controls access controls Security Inter-process Inter-process Policy Info Info communication communication SELinux Filesystem Networks IPC Objects Database channels channels HTTP Req Web Least-privilege Least-privilege Application Unclassified ▐ SE-PostgreSQL ensures system-wide consistency in access controls. ▐ Apache/SELinux Plus ensures least-privilege on web-applications. LAPP/SELinux provides a secure web-application platform. Page 32 The PostgreSQL Conference 2010, LAPP/SELinux -A secure web application stack using SE-PostgreSQL-
Idea: Role Based Access Control System Only DDL, Only DDL, DML not allowed DML not allowed SQL with SQL with confined privileges Database confined privileges Administrator Execute Execute internet Backup SE-PostgreSQL System Log pg_dump/pg_restore Administrator customer Log File Page 33 The PostgreSQL Conference 2010, LAPP/SELinux -A secure web application stack using SE-PostgreSQL-
Plan to upstream: SE-PostgreSQL ▐ Access control reworks ▐ Add security label support ▐ Add an optional security provider Logic pg_xxx_aclcheck Logic pg_xxx_aclcheck Logic pg_xxx_ownercheck Logic Main logic of PostgreSQL User data and System catalog Page 34 The PostgreSQL Conference 2010, LAPP/SELinux -A secure web application stack using SE-PostgreSQL-
Plan to upstream: SE-PostgreSQL ▐ Access control reworks ▐ Add security label support ▐ Add an optional security provider Can I access it? Logic pg_xxx_aclcheck pg_xxx_aclcheck check_xxx_create pg_xxx_ownercheck Allowed, Logic Denied Logic Security Providers Logic Main logic of PostgreSQL User data and System catalog Page 35 The PostgreSQL Conference 2010, LAPP/SELinux -A secure web application stack using SE-PostgreSQL-
Plan to upstream: SE-PostgreSQL ▐ Access control reworks ▐ Add security label support ▐ Add an optional security provider Can I access it? Logic pg_xxx_aclcheck pg_xxx_aclcheck check_xxx_create pg_xxx_ownercheck Allowed, Logic Denied Logic Security Providers Logic TopSecret Unclassified Main logic of PostgreSQL User data and System catalog Page 36 The PostgreSQL Conference 2010, LAPP/SELinux -A secure web application stack using SE-PostgreSQL-
Plan to upstream: SE-PostgreSQL ▐ Access control reworks ▐ Add security label support ▐ Add an optional security provider Can I access it? Logic pg_xxx_aclcheck pg_xxx_aclcheck check_xxx_create pg_xxx_ownercheck Allowed, Logic Denied Smack SE-PgSQL Logic Security Providers Logic TopSecret Unclassified Main logic of PostgreSQL User data and System catalog Page 37 The PostgreSQL Conference 2010, LAPP/SELinux -A secure web application stack using SE-PostgreSQL-
Summary of LAPP/SELinux ▐ Background Web Application's security is Hot issue now. ▐ Key concept Utilize SELinux as conductor of access control ▐ Key components SE-PostgreSQL Apache/SELinux Plus ▐ Road To SE-PostgreSQL being Upstreamed External Security Providers Security Label Support SELinux support; as one of the security providers Here we go! Let's join us on v9.1 development! Page 38 The PostgreSQL Conference 2010, LAPP/SELinux -A secure web application stack using SE-PostgreSQL-
Any Questions?
Thank you!
Appendix
Management of the security labels ▐ Data format A tuple has its security context as an object identifier (4-bytes). • It minimizes the waste of storage to store security context. • It allows to lookup avc cached without text comparison. pg_seclabel system catalog holds its text representation. HeapTupleHeaderData seclabelTransIn() : User uint16 t_infomask; seclabelTransOut() uint16 t_infomask2; uint16 t_hoff; pg_seclabel system catalog Oid Security Identifier relid secid seclabel 1259 16384 'system_u:object_r:sepgsql_table_t:s0' Oid Object Identifier 1259 16385 'system_u:object_r:sepgsql_ro_table_t:s0' Data containts 1259 16386 'system_u:object_r:sepgsql_sysobj_t:s0' 2615 16408 'system_u:object_r:sepgsql_schema_t:s0' Page 43 The PostgreSQL Conference 2010, LAPP/SELinux -A secure web application stack using SE-PostgreSQL-
Statement support to manage security context ▐ ALTER xxx SECURITY LABEL TO It allows to change security context of database objects. Use UPDATE statements for tuples within user tables. postgres=> ALTER TABLE t SECURITY LABEL TO 'user_u:object_r:sepgsql_ro_table_t:s0'; ALTER TABLE ▐ ALTER TABLE xxx SET WITH/WITHOUT SECURITY LABEL It allows to strip 'security_label' system column, if not necessary. Reduce row-level control and storage consumption on the table. postgres=> ALTER TABLE t SET WITHOUT SECURITY LABEL; ALTER TABLE postgres=> SELECT security_label, * FROM t; ERROR: column "security_label" does not exist Page 44 The PostgreSQL Conference 2010, LAPP/SELinux -A secure web application stack using SE-PostgreSQL-
Apache/SELinux Plus configuration (1/2) # Apache/SELinux Plus configuration # --------------------------------- LoadModule selinux_module modules/mod_selinux.so selinuxServerDomain *:s0 <Directory "/var/www/html"> SetEnvIf Remote_Addr "192.168.1.[0-9]+$" ¥ SELINUX_DOMAIN=user_webapp_t:s0 selinuxDomainMap /var/www/mod_selinux.map selinuxDomainEnv SELINUX_DOMAIN selinuxDomainVal guest_webapp_t:s0 </Directory> Order to be applied Order to be applied # Apache/SELinux Plus user-mapping # -------------------------------- foo user_webapp_t:s0:c0 A pair of the http authorized A pair of the http authorized var user_webapp_t:s0:c1 username and security context username and security context baz user_webapp_t:s0:c2 Page 45 The PostgreSQL Conference 2010, LAPP/SELinux -A secure web application stack using SE-PostgreSQL-
Apache/SELinux Plus configuration (2/2) # Apache/SELinux Plus (Per VirtualHost Separation) # ------------------------------------------------ LoadModule selinux_module modules/mod_selinux.so selinuxServerDomain *:s0-s0:c0.c1 <VirtualHost *:80> Web-server process MUST Web-server process MUST DocumentRoot /var/www/html dominate all the categories. dominate all the categories. ServerName red.example.com selinuxDomainVal *:s0:c0 </VirtualHost> <VirtualHost *:80> DocumentRoot /var/www/html ServerName blue.example.com selinuxDomainVal *:s0:c1 </VirtualHost> It assigns c1 category for all the HTTP It assigns c1 category for all the HTTP requests including anonymous ones. requests including anonymous ones. Page 46 The PostgreSQL Conference 2010, LAPP/SELinux -A secure web application stack using SE-PostgreSQL-

Recommended

Security Enhanced PostgreSQL - System-wide consistency in access control
Security Enhanced PostgreSQL - System-wide consistency in access controlSecurity Enhanced PostgreSQL - System-wide consistency in access control
Security Enhanced PostgreSQL - System-wide consistency in access controlKohei KaiGai
 
The Security-Enhanced PostgreSQL - "system wide" consistency in access control
The Security-Enhanced PostgreSQL - "system wide" consistency in access controlThe Security-Enhanced PostgreSQL - "system wide" consistency in access control
The Security-Enhanced PostgreSQL - "system wide" consistency in access controlKohei KaiGai
 
Label based Mandatory Access Control on PostgreSQL
Label based Mandatory Access Control on PostgreSQLLabel based Mandatory Access Control on PostgreSQL
Label based Mandatory Access Control on PostgreSQLKohei KaiGai
 
LAPP/SELinux - A secure web application platform powered by SELinux
LAPP/SELinux - A secure web application platform powered by SELinuxLAPP/SELinux - A secure web application platform powered by SELinux
LAPP/SELinux - A secure web application platform powered by SELinuxKohei KaiGai
 
LAPP/SELinux - A secure web application stack powered by SELinux
LAPP/SELinux - A secure web application stack powered by SELinuxLAPP/SELinux - A secure web application stack powered by SELinux
LAPP/SELinux - A secure web application stack powered by SELinuxKohei KaiGai
 
Asp net whitepaper
Asp net whitepaperAsp net whitepaper
Asp net whitepaperZayar Shwe
 
Datacenterarchitecture
DatacenterarchitectureDatacenterarchitecture
Datacenterarchitecturerlynes
 
TECHNICAL WHITE PAPER▶Protect Your Cisco UCS Domain with Symantec NetBackup
TECHNICAL WHITE PAPER▶Protect Your Cisco UCS Domain with Symantec NetBackupTECHNICAL WHITE PAPER▶Protect Your Cisco UCS Domain with Symantec NetBackup
TECHNICAL WHITE PAPER▶Protect Your Cisco UCS Domain with Symantec NetBackupSymantec
 

Recommended

Security Enhanced PostgreSQL - System-wide consistency in access control
Security Enhanced PostgreSQL - System-wide consistency in access controlSecurity Enhanced PostgreSQL - System-wide consistency in access control
Security Enhanced PostgreSQL - System-wide consistency in access controlKohei KaiGai
 
The Security-Enhanced PostgreSQL - "system wide" consistency in access control
The Security-Enhanced PostgreSQL - "system wide" consistency in access controlThe Security-Enhanced PostgreSQL - "system wide" consistency in access control
The Security-Enhanced PostgreSQL - "system wide" consistency in access controlKohei KaiGai
 
Label based Mandatory Access Control on PostgreSQL
Label based Mandatory Access Control on PostgreSQLLabel based Mandatory Access Control on PostgreSQL
Label based Mandatory Access Control on PostgreSQLKohei KaiGai
 
LAPP/SELinux - A secure web application platform powered by SELinux
LAPP/SELinux - A secure web application platform powered by SELinuxLAPP/SELinux - A secure web application platform powered by SELinux
LAPP/SELinux - A secure web application platform powered by SELinuxKohei KaiGai
 
LAPP/SELinux - A secure web application stack powered by SELinux
LAPP/SELinux - A secure web application stack powered by SELinuxLAPP/SELinux - A secure web application stack powered by SELinux
LAPP/SELinux - A secure web application stack powered by SELinuxKohei KaiGai
 
Asp net whitepaper
Asp net whitepaperAsp net whitepaper
Asp net whitepaperZayar Shwe
 
Datacenterarchitecture
DatacenterarchitectureDatacenterarchitecture
Datacenterarchitecturerlynes
 
TECHNICAL WHITE PAPER▶Protect Your Cisco UCS Domain with Symantec NetBackup
TECHNICAL WHITE PAPER▶Protect Your Cisco UCS Domain with Symantec NetBackupTECHNICAL WHITE PAPER▶Protect Your Cisco UCS Domain with Symantec NetBackup
TECHNICAL WHITE PAPER▶Protect Your Cisco UCS Domain with Symantec NetBackupSymantec
 
SE-PostgreSQL - System wide consistency of access control
SE-PostgreSQL - System wide consistency of access controlSE-PostgreSQL - System wide consistency of access control
SE-PostgreSQL - System wide consistency of access controlKohei KaiGai
 
LCJ2010-KaiGai-sepgsql
LCJ2010-KaiGai-sepgsqlLCJ2010-KaiGai-sepgsql
LCJ2010-KaiGai-sepgsqlKohei KaiGai
 
White Paper: Using Perforce 'Attributes' for Managing Game Asset Metadata
White Paper: Using Perforce 'Attributes' for Managing Game Asset MetadataWhite Paper: Using Perforce 'Attributes' for Managing Game Asset Metadata
White Paper: Using Perforce 'Attributes' for Managing Game Asset MetadataPerforce
 
system automation, integration and recovery
system automation, integration and recoverysystem automation, integration and recovery
system automation, integration and recoveryDerek Chang
 
Intro to Alfresco for Developers
Intro to Alfresco for DevelopersIntro to Alfresco for Developers
Intro to Alfresco for DevelopersJeff Potts
 
OWASP Dependency-Track Introduction
OWASP Dependency-Track IntroductionOWASP Dependency-Track Introduction
OWASP Dependency-Track IntroductionSergey Sotnikov
 
Oracle rac 10g best practices
Oracle rac 10g best practicesOracle rac 10g best practices
Oracle rac 10g best practicesHaseeb Alam
 
Data repositories -- Xiamen University 2012 06-08
Data repositories -- Xiamen University 2012 06-08Data repositories -- Xiamen University 2012 06-08
Data repositories -- Xiamen University 2012 06-08Jian Qin
 
Getting Memcached Secure
Getting Memcached SecureGetting Memcached Secure
Getting Memcached SecureKohei KaiGai
 
Solr -
Solr - Solr -
Solr - Hao Chen 陈浩
 
Rakuten LeoFs - distributed file system
Rakuten LeoFs - distributed file systemRakuten LeoFs - distributed file system
Rakuten LeoFs - distributed file systemRakuten Group, Inc.
 
Shared personalization service. How to scale to 15 k rps (Patrice Pelland)
Shared personalization service. How to scale to 15 k rps (Patrice Pelland)Shared personalization service. How to scale to 15 k rps (Patrice Pelland)
Shared personalization service. How to scale to 15 k rps (Patrice Pelland)Ontico
 
Planning For High Performance Web Application
Planning For High Performance Web ApplicationPlanning For High Performance Web Application
Planning For High Performance Web ApplicationYue Tian
 
Google App Engine At A Glance
Google App Engine At A GlanceGoogle App Engine At A Glance
Google App Engine At A GlanceStefan Christoph
 
Hadoop security overview_hit2012_1117rev
Hadoop security overview_hit2012_1117revHadoop security overview_hit2012_1117rev
Hadoop security overview_hit2012_1117revJason Shih
 
Lamp
LampLamp
Lampchetanmbhimewal
 
Authenticated key exchange protocols for parallel
Authenticated key exchange protocols for parallelAuthenticated key exchange protocols for parallel
Authenticated key exchange protocols for paralleljpstudcorner
 
Real-Time Data Flows with Apache NiFi
Real-Time Data Flows with Apache NiFiReal-Time Data Flows with Apache NiFi
Real-Time Data Flows with Apache NiFiManish Gupta
 
Os Pittaro
Os PittaroOs Pittaro
Os Pittarooscon2007
 
Basic Archive System overview
Basic Archive System overviewBasic Archive System overview
Basic Archive System overviewJan-Ivar Bøyum
 
20221116_DBTS_PGStrom_History
20221116_DBTS_PGStrom_History20221116_DBTS_PGStrom_History
20221116_DBTS_PGStrom_HistoryKohei KaiGai
 
20221111_JPUG_CustomScan_API
20221111_JPUG_CustomScan_API20221111_JPUG_CustomScan_API
20221111_JPUG_CustomScan_APIKohei KaiGai
 

More Related Content

Similar to LAPP/SELinux - A secure web application stack using SE-PostgreSQL

SE-PostgreSQL - System wide consistency of access control
SE-PostgreSQL - System wide consistency of access controlSE-PostgreSQL - System wide consistency of access control
SE-PostgreSQL - System wide consistency of access controlKohei KaiGai
 
LCJ2010-KaiGai-sepgsql
LCJ2010-KaiGai-sepgsqlLCJ2010-KaiGai-sepgsql
LCJ2010-KaiGai-sepgsqlKohei KaiGai
 
White Paper: Using Perforce 'Attributes' for Managing Game Asset Metadata
White Paper: Using Perforce 'Attributes' for Managing Game Asset MetadataWhite Paper: Using Perforce 'Attributes' for Managing Game Asset Metadata
White Paper: Using Perforce 'Attributes' for Managing Game Asset MetadataPerforce
 
system automation, integration and recovery
system automation, integration and recoverysystem automation, integration and recovery
system automation, integration and recoveryDerek Chang
 
Intro to Alfresco for Developers
Intro to Alfresco for DevelopersIntro to Alfresco for Developers
Intro to Alfresco for DevelopersJeff Potts
 
OWASP Dependency-Track Introduction
OWASP Dependency-Track IntroductionOWASP Dependency-Track Introduction
OWASP Dependency-Track IntroductionSergey Sotnikov
 
Oracle rac 10g best practices
Oracle rac 10g best practicesOracle rac 10g best practices
Oracle rac 10g best practicesHaseeb Alam
 
Data repositories -- Xiamen University 2012 06-08
Data repositories -- Xiamen University 2012 06-08Data repositories -- Xiamen University 2012 06-08
Data repositories -- Xiamen University 2012 06-08Jian Qin
 
Getting Memcached Secure
Getting Memcached SecureGetting Memcached Secure
Getting Memcached SecureKohei KaiGai
 
Rakuten LeoFs - distributed file system
Rakuten LeoFs - distributed file systemRakuten LeoFs - distributed file system
Rakuten LeoFs - distributed file systemRakuten Group, Inc.
 
Shared personalization service. How to scale to 15 k rps (Patrice Pelland)
Shared personalization service. How to scale to 15 k rps (Patrice Pelland)Shared personalization service. How to scale to 15 k rps (Patrice Pelland)
Shared personalization service. How to scale to 15 k rps (Patrice Pelland)Ontico
 
Planning For High Performance Web Application
Planning For High Performance Web ApplicationPlanning For High Performance Web Application
Planning For High Performance Web ApplicationYue Tian
 
Google App Engine At A Glance
Google App Engine At A GlanceGoogle App Engine At A Glance
Google App Engine At A GlanceStefan Christoph
 
Hadoop security overview_hit2012_1117rev
Hadoop security overview_hit2012_1117revHadoop security overview_hit2012_1117rev
Hadoop security overview_hit2012_1117revJason Shih
 
Authenticated key exchange protocols for parallel
Authenticated key exchange protocols for parallelAuthenticated key exchange protocols for parallel
Authenticated key exchange protocols for paralleljpstudcorner
 
Real-Time Data Flows with Apache NiFi
Real-Time Data Flows with Apache NiFiReal-Time Data Flows with Apache NiFi
Real-Time Data Flows with Apache NiFiManish Gupta
 
Basic Archive System overview
Basic Archive System overviewBasic Archive System overview
Basic Archive System overviewJan-Ivar Bøyum
 

Similar to LAPP/SELinux - A secure web application stack using SE-PostgreSQL (20)

SE-PostgreSQL - System wide consistency of access control
SE-PostgreSQL - System wide consistency of access controlSE-PostgreSQL - System wide consistency of access control
SE-PostgreSQL - System wide consistency of access control
 
LCJ2010-KaiGai-sepgsql
LCJ2010-KaiGai-sepgsqlLCJ2010-KaiGai-sepgsql
LCJ2010-KaiGai-sepgsql
 
White Paper: Using Perforce 'Attributes' for Managing Game Asset Metadata
White Paper: Using Perforce 'Attributes' for Managing Game Asset MetadataWhite Paper: Using Perforce 'Attributes' for Managing Game Asset Metadata
White Paper: Using Perforce 'Attributes' for Managing Game Asset Metadata
 
system automation, integration and recovery
system automation, integration and recoverysystem automation, integration and recovery
system automation, integration and recovery
 
Intro to Alfresco for Developers
Intro to Alfresco for DevelopersIntro to Alfresco for Developers
Intro to Alfresco for Developers
 
OWASP Dependency-Track Introduction
OWASP Dependency-Track IntroductionOWASP Dependency-Track Introduction
OWASP Dependency-Track Introduction
 
Oracle rac 10g best practices
Oracle rac 10g best practicesOracle rac 10g best practices
Oracle rac 10g best practices
 
Data repositories -- Xiamen University 2012 06-08
Data repositories -- Xiamen University 2012 06-08Data repositories -- Xiamen University 2012 06-08
Data repositories -- Xiamen University 2012 06-08
 
Getting Memcached Secure
Getting Memcached SecureGetting Memcached Secure
Getting Memcached Secure
 
Solr -
Solr - Solr -
Solr -
 
Rakuten LeoFs - distributed file system
Rakuten LeoFs - distributed file systemRakuten LeoFs - distributed file system
Rakuten LeoFs - distributed file system
 
Shared personalization service. How to scale to 15 k rps (Patrice Pelland)
Shared personalization service. How to scale to 15 k rps (Patrice Pelland)Shared personalization service. How to scale to 15 k rps (Patrice Pelland)
Shared personalization service. How to scale to 15 k rps (Patrice Pelland)
 
Planning For High Performance Web Application
Planning For High Performance Web ApplicationPlanning For High Performance Web Application
Planning For High Performance Web Application
 
Google App Engine At A Glance
Google App Engine At A GlanceGoogle App Engine At A Glance
Google App Engine At A Glance
 
Hadoop security overview_hit2012_1117rev
Hadoop security overview_hit2012_1117revHadoop security overview_hit2012_1117rev
Hadoop security overview_hit2012_1117rev
 
Lamp
LampLamp
Lamp
 
Authenticated key exchange protocols for parallel
Authenticated key exchange protocols for parallelAuthenticated key exchange protocols for parallel
Authenticated key exchange protocols for parallel
 
Real-Time Data Flows with Apache NiFi
Real-Time Data Flows with Apache NiFiReal-Time Data Flows with Apache NiFi
Real-Time Data Flows with Apache NiFi
 
Os Pittaro
Os PittaroOs Pittaro
Os Pittaro
 
Basic Archive System overview
Basic Archive System overviewBasic Archive System overview
Basic Archive System overview
 

More from Kohei KaiGai

20221116_DBTS_PGStrom_History
20221116_DBTS_PGStrom_History20221116_DBTS_PGStrom_History
20221116_DBTS_PGStrom_HistoryKohei KaiGai
 
20221111_JPUG_CustomScan_API
20221111_JPUG_CustomScan_API20221111_JPUG_CustomScan_API
20221111_JPUG_CustomScan_APIKohei KaiGai
 
20211112_jpugcon_gpu_and_arrow
20211112_jpugcon_gpu_and_arrow20211112_jpugcon_gpu_and_arrow
20211112_jpugcon_gpu_and_arrowKohei KaiGai
 
20210928_pgunconf_hll_count
20210928_pgunconf_hll_count20210928_pgunconf_hll_count
20210928_pgunconf_hll_countKohei KaiGai
 
20210731_OSC_Kyoto_PGStrom3.0
20210731_OSC_Kyoto_PGStrom3.020210731_OSC_Kyoto_PGStrom3.0
20210731_OSC_Kyoto_PGStrom3.0Kohei KaiGai
 
20210511_PGStrom_GpuCache
20210511_PGStrom_GpuCache20210511_PGStrom_GpuCache
20210511_PGStrom_GpuCacheKohei KaiGai
 
20210301_PGconf_Online_GPU_PostGIS_GiST_Index
20210301_PGconf_Online_GPU_PostGIS_GiST_Index20210301_PGconf_Online_GPU_PostGIS_GiST_Index
20210301_PGconf_Online_GPU_PostGIS_GiST_IndexKohei KaiGai
 
20201128_OSC_Fukuoka_Online_GPUPostGIS
20201128_OSC_Fukuoka_Online_GPUPostGIS20201128_OSC_Fukuoka_Online_GPUPostGIS
20201128_OSC_Fukuoka_Online_GPUPostGISKohei KaiGai
 
20201113_PGconf_Japan_GPU_PostGIS
20201113_PGconf_Japan_GPU_PostGIS20201113_PGconf_Japan_GPU_PostGIS
20201113_PGconf_Japan_GPU_PostGISKohei KaiGai
 
20201006_PGconf_Online_Large_Data_Processing
20201006_PGconf_Online_Large_Data_Processing20201006_PGconf_Online_Large_Data_Processing
20201006_PGconf_Online_Large_Data_ProcessingKohei KaiGai
 
20200828_OSCKyoto_Online
20200828_OSCKyoto_Online20200828_OSCKyoto_Online
20200828_OSCKyoto_OnlineKohei KaiGai
 
20200806_PGStrom_PostGIS_GstoreFdw
20200806_PGStrom_PostGIS_GstoreFdw20200806_PGStrom_PostGIS_GstoreFdw
20200806_PGStrom_PostGIS_GstoreFdwKohei KaiGai
 
20200424_Writable_Arrow_Fdw
20200424_Writable_Arrow_Fdw20200424_Writable_Arrow_Fdw
20200424_Writable_Arrow_FdwKohei KaiGai
 
20191211_Apache_Arrow_Meetup_Tokyo
20191211_Apache_Arrow_Meetup_Tokyo20191211_Apache_Arrow_Meetup_Tokyo
20191211_Apache_Arrow_Meetup_TokyoKohei KaiGai
 
20191115-PGconf.Japan
20191115-PGconf.Japan20191115-PGconf.Japan
20191115-PGconf.JapanKohei KaiGai
 
20190926_Try_RHEL8_NVMEoF_Beta
20190926_Try_RHEL8_NVMEoF_Beta20190926_Try_RHEL8_NVMEoF_Beta
20190926_Try_RHEL8_NVMEoF_BetaKohei KaiGai
 
20190925_DBTS_PGStrom
20190925_DBTS_PGStrom20190925_DBTS_PGStrom
20190925_DBTS_PGStromKohei KaiGai
 
20190909_PGconf.ASIA_KaiGai
20190909_PGconf.ASIA_KaiGai20190909_PGconf.ASIA_KaiGai
20190909_PGconf.ASIA_KaiGaiKohei KaiGai
 
20190516_DLC10_PGStrom
20190516_DLC10_PGStrom20190516_DLC10_PGStrom
20190516_DLC10_PGStromKohei KaiGai
 
20190418_PGStrom_on_ArrowFdw
20190418_PGStrom_on_ArrowFdw20190418_PGStrom_on_ArrowFdw
20190418_PGStrom_on_ArrowFdwKohei KaiGai
 

More from Kohei KaiGai (20)

20221116_DBTS_PGStrom_History
20221116_DBTS_PGStrom_History20221116_DBTS_PGStrom_History
20221116_DBTS_PGStrom_History
 
20221111_JPUG_CustomScan_API
20221111_JPUG_CustomScan_API20221111_JPUG_CustomScan_API
20221111_JPUG_CustomScan_API
 
20211112_jpugcon_gpu_and_arrow
20211112_jpugcon_gpu_and_arrow20211112_jpugcon_gpu_and_arrow
20211112_jpugcon_gpu_and_arrow
 
20210928_pgunconf_hll_count
20210928_pgunconf_hll_count20210928_pgunconf_hll_count
20210928_pgunconf_hll_count
 
20210731_OSC_Kyoto_PGStrom3.0
20210731_OSC_Kyoto_PGStrom3.020210731_OSC_Kyoto_PGStrom3.0
20210731_OSC_Kyoto_PGStrom3.0
 
20210511_PGStrom_GpuCache
20210511_PGStrom_GpuCache20210511_PGStrom_GpuCache
20210511_PGStrom_GpuCache
 
20210301_PGconf_Online_GPU_PostGIS_GiST_Index
20210301_PGconf_Online_GPU_PostGIS_GiST_Index20210301_PGconf_Online_GPU_PostGIS_GiST_Index
20210301_PGconf_Online_GPU_PostGIS_GiST_Index
 
20201128_OSC_Fukuoka_Online_GPUPostGIS
20201128_OSC_Fukuoka_Online_GPUPostGIS20201128_OSC_Fukuoka_Online_GPUPostGIS
20201128_OSC_Fukuoka_Online_GPUPostGIS
 
20201113_PGconf_Japan_GPU_PostGIS
20201113_PGconf_Japan_GPU_PostGIS20201113_PGconf_Japan_GPU_PostGIS
20201113_PGconf_Japan_GPU_PostGIS
 
20201006_PGconf_Online_Large_Data_Processing
20201006_PGconf_Online_Large_Data_Processing20201006_PGconf_Online_Large_Data_Processing
20201006_PGconf_Online_Large_Data_Processing
 
20200828_OSCKyoto_Online
20200828_OSCKyoto_Online20200828_OSCKyoto_Online
20200828_OSCKyoto_Online
 
20200806_PGStrom_PostGIS_GstoreFdw
20200806_PGStrom_PostGIS_GstoreFdw20200806_PGStrom_PostGIS_GstoreFdw
20200806_PGStrom_PostGIS_GstoreFdw
 
20200424_Writable_Arrow_Fdw
20200424_Writable_Arrow_Fdw20200424_Writable_Arrow_Fdw
20200424_Writable_Arrow_Fdw
 
20191211_Apache_Arrow_Meetup_Tokyo
20191211_Apache_Arrow_Meetup_Tokyo20191211_Apache_Arrow_Meetup_Tokyo
20191211_Apache_Arrow_Meetup_Tokyo
 
20191115-PGconf.Japan
20191115-PGconf.Japan20191115-PGconf.Japan
20191115-PGconf.Japan
 
20190926_Try_RHEL8_NVMEoF_Beta
20190926_Try_RHEL8_NVMEoF_Beta20190926_Try_RHEL8_NVMEoF_Beta
20190926_Try_RHEL8_NVMEoF_Beta
 
20190925_DBTS_PGStrom
20190925_DBTS_PGStrom20190925_DBTS_PGStrom
20190925_DBTS_PGStrom
 
20190909_PGconf.ASIA_KaiGai
20190909_PGconf.ASIA_KaiGai20190909_PGconf.ASIA_KaiGai
20190909_PGconf.ASIA_KaiGai
 
20190516_DLC10_PGStrom
20190516_DLC10_PGStrom20190516_DLC10_PGStrom
20190516_DLC10_PGStrom
 
20190418_PGStrom_on_ArrowFdw
20190418_PGStrom_on_ArrowFdw20190418_PGStrom_on_ArrowFdw
20190418_PGStrom_on_ArrowFdw
 

Recently uploaded

Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 

Recently uploaded (20)

Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 

LAPP/SELinux - A secure web application stack using SE-PostgreSQL

  • 1. LAPP/SELinux A secure web application stack using SE-PostgreSQL KaiGai Kohei <kaigai@ak.jp.nec.com> NEC OSS Promotion Center
  • 2. Self Introduction ▐ SELECT * FROM pg_developers WHERE name = 'KaiGai' Job NEC OSS Promotion Center, for 7 years Contributions • SMP Scalability Improvement of SELinux • Lead project to port SELinux into embedded platform • Development of SE-PostgreSQL • Access control support of large object, and so on... Interest Web system's security KaiGai lives here KaiGai lives here KaiGai is here KaiGai is here Page 2 The PostgreSQL Conference 2010, LAPP/SELinux -A secure web application stack using SE-PostgreSQL-
  • 3. ▐ Agenda 1. Backgrond 2. SE-PostgreSQL 3. Apache/SELinux plus 4. Demonstration 5. Future Plans
  • 4. Security nightmare in web systems (Reference: JSOC analysis report of the incursion trend, vol.12, vol.14, LAC) ▐ Rapid increasing of attacks to web systems ▐ More threats from Internals, rather than Externals What technology can improve the situation? Page 4 The PostgreSQL Conference 2010, LAPP/SELinux -A secure web application stack using SE-PostgreSQL-
  • 5. LAPP - A typical web application stack ▐ LAPP An information asset in An information asset in Linux, Apache, PostgreSQL, PHP/Perl DB being invisible might be DB being invisible might be visible in Filesystem visible in Filesystem ▐ Concerns in security Each layer has its own security mechanism Web-users are not mapped to users in OS/DB Application's PHP/Perl OS/DB layer could not distingiush OS/DB layer could not distingiush own checks (web applications) actual users, so all the security actual users, so all the security HTTP auth & Apache/httpd burdens are pushed to web-app's burdens are pushed to web-app's .htaccess (web server) Database PostgreSQL ACLs (Database server) Filesystem Linux permissions (Operating system) Page 5 The PostgreSQL Conference 2010, LAPP/SELinux -A secure web application stack using SE-PostgreSQL-
  • 6. Lack of conductor Page 6 The PostgreSQL Conference 2010, LAPP/SELinux -A secure web application stack using SE-PostgreSQL-
  • 7. LAPP/SELinux - concept ▐ SELinux performs as conductor System-wide privileges are assigned to all the users DB controls accesses based on the centralized policy It ensures least-privilege and consistency in access control. Application's PHP/Perl own checks (web applications) HTTP auth & Apache/httpd SELinux .htaccess (web server) centralized Database PostgreSQL in the system ACLs (Database server) Filesystem Linux Security permissions (Operating system) policy Page 7 The PostgreSQL Conference 2010, LAPP/SELinux -A secure web application stack using SE-PostgreSQL-
  • 8. Perspective from the model (1/2) Info asset System Filesystem SELinux permission checks Filesystem call security OS(Linux) policy Info asset Database SE-PgSQL SQL ACLs checks Database RDBMS (PostgreSQL) User Process Request Access Control Resources Object Manager ▐ Analogy between OS/DB Differences in the way to store and access information assets System-call for Filesystem, SQL for Database ▐ Role of access control It decides whats are allowed or disallowed between users and resources, and controls the given requests based on the decision. Same basis (security policy) ensures system-wide consistency. Page 8 The PostgreSQL Conference 2010, LAPP/SELinux -A secure web application stack using SE-PostgreSQL-
  • 9. Perspective from the model (2/2) privileges System and sshd comm Call Filesystem shell Shell process HTTP privileges reque st SQL httpd Database WebApp Instance Authentication User(Human) Request(1st) & Authorization User Agent Request(2nd) Resources ▐ Analogy between shell and web User is a human; An user-agent performs instead of himself. User-agent must have correct privileges reflecting the actual human. ▐ Role of authentication & anthorization It identifies the human connected, and assigns their privileges. • sshd assignes user/group-id on the login shell before the execution. • Apache does not change privileges of the web-application instance. Page 9 The PostgreSQL Conference 2010, LAPP/SELinux -A secure web application stack using SE-PostgreSQL-
  • 10. LAPP/SELinux - components ▐ SE-PostgreSQL A built-in enhancement of PostgreSQL Additional permission checks on the given queries according to the decision of SELinux It ensures consistency in access controls ▐ Apache/SELinux Plus A loadable module of the Apache/httpd 2.2.x It assignes a security context of the contents handler based on http authentication. It ensures least-privilege in access control; with utilization of OS/DB Page 10 The PostgreSQL Conference 2010, LAPP/SELinux -A secure web application stack using SE-PostgreSQL-
  • 11. ▐ Agenda 1. Backgrond 2. SE-PostgreSQL 3. Apache/SELinux plus 4. Demonstration 5. Future Plans
  • 12. Architecture of SE-PostgreSQL DB objects are DB objects are Query labeled with labeled with User Process Processor Database security context security context Query Question Database ACLs Question Security SE-PostgreSQL policy Security Providers PostgreSQL Answer Answer SELinux ▐ Security Providers Common entrypoints of access control features; like database ACLs. SE-PostgreSQL shall be an optional security provider. ▐ SE-PostgreSQL It tells SELinux whether the given query is allowed to run; (Need to deliver a pair of security context of the client and objects) SELinux returns its decision, then SE-PostgreSQL raises an error if access violation. Page 12 The PostgreSQL Conference 2010, LAPP/SELinux -A secure web application stack using SE-PostgreSQL-
  • 13. Decision making in access controls UserId/GroupId of the user process Linux Decision Permission Bits of the target files (Filesystem) (Allowed or Denied) Input Output Required permissions (r,w,x) ▐ SELinux performs like a function It returns its decision for the given arguments. Kernel internally gives them to SELinux, and follows its decision. Userspace application can also utilize the mechanism, as long as it can provide pair of the security context. ▐ Security context A SELinux specified identifier of processes and any other objects. Example) system_u:system_r:httpd_t:s0 system_u:object_r:postgresql_db_t:s0 Page 13 The PostgreSQL Conference 2010, LAPP/SELinux -A secure web application stack using SE-PostgreSQL-
  • 14. Decision making in access controls UserId/GroupId of the user process Security context of the user agent Security Linux Security context of the target object Permission Bits of the target files Policy Decision (Filesystem) (Allowed or Denied) Input Output Required permissions (r,w,x) Required permissions SELinux ▐ SELinux performs like a function It returns its decision for the given arguments. Kernel internally gives them to SELinux, and follows its decision. Userspace application can also utilize the mechanism, as long as it can provide pair of the security context. ▐ Security context A SELinux specified identifier of processes and any other objects. Example) system_u:system_r:httpd_t:s0 system_u:object_r:postgresql_db_t:s0 Page 14 The PostgreSQL Conference 2010, LAPP/SELinux -A secure web application stack using SE-PostgreSQL-
  • 15. Security context of the client process Is ititallowed to read? Is allowed to read? TCP/IP, Unclassified Classified -> Unclassified Classified -> Unclassified UNIX socket SE-PgSQL accept(2) Classified Policy sockfd getpeercon(3) Classified PostgreSQL SELinux Client Process Yes, allowed Yes, allowed ▐ Labeled networks SELinux provides an API to obtain security context of the peer process. int getpeercon(int sockfd, security_context_t *con); IPsec daemon exchanges the security context of peers prior to open the connection. Static fallback security context for non-SELinux'ed clients. It allows to identify the client process using security context. Page 15 The PostgreSQL Conference 2010, LAPP/SELinux -A secure web application stack using SE-PostgreSQL-
  • 16. Security context of the database objects postgres=> SELECT security_label, * FROM drink; security_label | id | name | price -----------------------------------------+----+--------+------- system_u:object_r:sepgsql_table_t:s0 | 1 | water | 110 system_u:object_r:sepgsql_table_t:s0 | 2 | tea | 130 system_u:object_r:sepgsql_table_t:s0:c0 | 3 | coke | 130 system_u:object_r:sepgsql_table_t:s0:c1 | 4 | coffee | 180 (4 rows) ▐ "security_label" system column It represents the security context of tuples. The tuple of pg_class shows properties of table, so it means the security context of the table, for example. ▐ Default security context On insertion, the default one shall be assigned based on the policy. User can also provide an explicit one, instead of the default. Page 16 The PostgreSQL Conference 2010, LAPP/SELinux -A secure web application stack using SE-PostgreSQL-
  • 17. Usage of SE-PostgreSQL (1/2) postgres=# CREATE TABLE customer (id integer primary key, name text, credit text); postgres=# ALTER TABLE customer ALTER credit SECURITY LABEL TO 'system_u:object_r:sepgsql_secret_table_t:s0'; postgres=# INSERT INTO customer VALUES (1, 'kaigai', '1111-2222-3333-4444'); postgres=# SELECT * FROM customer; LOG: SELinux: denied { select } ¥ scontext=staff_u:staff_r:staff_t:s0 ¥ tcontext=system_u:object_r:sepgsql_secret_table_t:s0 ¥ tclass=db_column name=customer.credit ERROR: SELinux: security policy violation postgres=# SELECT id, name FROM customer; id | name ----+-------- Client was not allowed to select Client was not allowed to select from the column labeled as from the column labeled as 1 | kaigai sepgsql_secret_table_t (1 row) sepgsql_secret_table_t Page 17 The PostgreSQL Conference 2010, LAPP/SELinux -A secure web application stack using SE-PostgreSQL-
  • 18. Usage of SE-PostgreSQL (2/2) postgres=# SELECT security_label, * FROM; security_label | id | name | price ---------------------------------------------------+----+--------+------- system_u:object_r:sepgsql_table_t:Unclassified | 1 | water | 100 system_u:object_r:sepgsql_table_t:Classified | 2 | coke | 120 system_u:object_r:sepgsql_ro_table_t:Classified | 3 | juice | 140 system_u:object_r:sepgsql_ro_table_t:Unclassified | 4 | coffee | 180 staff_u:object_r:sepgsql_table_t:Unclassified | 5 | beer | 240 ▐ On SELECT All the tuples are visible for Classified user, but Classified tuples are not visible Unclassified user. ▐ On UPDATE/DELETE Also, Classified tuples are updatable/deletable by Classified users. And, Read-only tuples are not updatable by confined users. ▐ On INSERT A default security context shall be assigned on the new tuple, and checks privilege to insert it. Page 18 The PostgreSQL Conference 2010, LAPP/SELinux -A secure web application stack using SE-PostgreSQL-
  • 19. System-wide consistency in access controls Classified User Login Process Consistent Consistent access controls access controls Security Inter-process Inter-process Policy Info Info communication communication SELinux Filesystem Networks IPC Objects Database channels channels Login User Least-privilege Least-privilege Process Unclassified ▐ SELinux provides its access control decision for ANY subsystems Linux kernel enforces the decision on accesses to filesystem objects, and etc... SE-PostgreSQL enforces the decision on accesses to database objects. Eventually, the centralized security policy controls all the accesses Page 19 The PostgreSQL Conference 2010, LAPP/SELinux -A secure web application stack using SE-PostgreSQL-
  • 20. Performance - SE-PostgreSQL comparison of pgbench results PostgreSQL v8.4.1 SE-PostgreSQL v8.4.1 450 400 350 transaction per second 300 250 200 150 100 50 0 20 40 60 80 100 120 140 160 180 200 database size (scaling factor) ▐ 2~4% of trade-off in performance userspace AVC minimizes the number of kernel invocations ▐ Environments CPU Xeon (2.33GHz) Dual, Mem: 2GB (shared_buffer=512m) measured by pgbench -c 2 -t 200000 Page 20 The PostgreSQL Conference 2010, LAPP/SELinux -A secure web application stack using SE-PostgreSQL-
  • 21. ▐ Agenda 1. Backgrond 2. SE-PostgreSQL 3. Apache/SELinux plus 4. Demonstration 5. Future Plans
  • 22. Who's privileges should be checked? privilege access privilege control HTTP Request Filesystem access Clients HTTP Authentication Web Application HTTP Authentication control Database ▐ Authentication, but no authorization Apache can check client's Web-ID/PASS (BASIC or DIGEST). 403 Error, or Apache launches web-application handlers. ▐ Problem Web-application performs with identical privilege of daemon process. It means OS/RDBMS cannot distinguish individual web-users. Web-applications have to work always correctly? It means web-applications have to be bugs/vulnerabilities free? Page 22 The PostgreSQL Conference 2010, LAPP/SELinux -A secure web application stack using SE-PostgreSQL-
  • 23. Web users Page 23 The PostgreSQL Conference 2010, LAPP/SELinux -A secure web application stack using SE-PostgreSQL-
  • 24. Not web-users [kaigai@saba ~]$ ps -C httpd -o label,pid,user,group,comm LABEL PID USER GROUP COMMAND system_u:system_r:httpd_t:s0 25132 root root httpd system_u:system_r:httpd_t:s0 25136 apache apache httpd system_u:system_r:httpd_t:s0 25137 apache apache httpd system_u:system_r:httpd_t:s0 25138 apache apache httpd system_u:system_r:httpd_t:s0 25139 apache apache httpd system_u:system_r:httpd_t:s0 25140 apache apache httpd system_u:system_r:httpd_t:s0 25141 apache apache httpd system_u:system_r:httpd_t:s0 25142 apache apache httpd system_u:system_r:httpd_t:s0 25143 apache apache httpd system_u:system_r:httpd_t:s0 25144 apache apache httpd Security context of the httpd daemon UNIX Uid/Gid of the httpd daemon used to access controls in SELinux used to discretionary access controls Page 24 The PostgreSQL Conference 2010, LAPP/SELinux -A secure web application stack using SE-PostgreSQL-
  • 25. Apache/SELinux Plus authorized privileges authorized privileges privilege access control privilege HTTP Request Filesystem access control mod_selinux.so module Web Application mod_selinux.so module Database ▐ Terms Authentication is a function of identifying the connected user. Authorization is a function of assigning the rights to resources. ▐ Apache/SELinux Plus (mod_selinux.so) It assigns a corresponding security context based on HTTP authentication prior to web-application launches. It enables to confine web-application's accesses. Unlike UNIX, no root capabilities are needed to change privileges. Page 25 The PostgreSQL Conference 2010, LAPP/SELinux -A secure web application stack using SE-PostgreSQL-
  • 26. System-image (1/2) : Per web-user separation Privileges reflecting to the web-user Privileges reflecting to the web-user Manager Employee Authentication Authentication & Authorization & Authorization Prevent violated accesses, Prevent violated accesses, even ififweb-app was bugged. even web-app was bugged. Other division Database Page 26 The PostgreSQL Conference 2010, LAPP/SELinux -A secure web application stack using SE-PostgreSQL-
  • 27. System image (2/2) : Per virtual host separation ▐ SELinux performs as a logical-wall Filesystem separating system resources. ▐ Using Multi-Category policy red Database http://www.red.com/ Filesystem http://www.blue.com/ http://www.green.com/ Database blue Logical wall: Logical wall: SELinux prevent accesses to any objects SELinux prevent accesses to any objects Filesystem accross the categories. accross the categories. green Web-app handles of Web-app handles of Database the "green" virtual host the "green" virtual host Page 27 The PostgreSQL Conference 2010, LAPP/SELinux -A secure web application stack using SE-PostgreSQL-
  • 28. Performance - Apache/SELinux Plus $$ab -c 88-t 60 -A <user:password> <URL> ab -c -t 60 -A <user:password> <URL> 700 CPU: Pentium4 3.20GHz, Apache: 2.2.13-2.fc12 CPU: Pentium4 3.20GHz, Apache: 2.2.13-2.fc12 600 TEST1) Regular HTML file TEST1) Regular HTML file # of requests per second TEST2) PHP Script TEST2) PHP Script 500 TEST3) PHP Script with DB connection TEST3) PHP Script with DB connection 400 TEST4) CGI Program TEST4) CGI Program 300 200 100 0 .html file .php script .php with DBconn .cgi program Apache (normal) Apache/SELinux Plus ▐ The cost to assign privileges is relatively large in lightweight request. ▐ Less differences in our major target (Web+DB applications) Other steps obscures the cost to assign privileges. Page 28 The PostgreSQL Conference 2010, LAPP/SELinux -A secure web application stack using SE-PostgreSQL-
  • 29. ▐ Agenda 1. Backgrond 2. SE-PostgreSQL 3. Apache/SELinux plus 4. Demonstration 5. Future Plans
  • 30. Demonstration Same web application Same HTTP Request with individual privileges Filesystem Authentication Authentication & Authorization & Authorization Consistent Database access control ▐ Apache/SELinux Plus launches a PHP script with individual privileges. ▐ The PHP script can access both of filesystem and database. Linux applies access controls on filesystems PostgreSQL applies access controls on databases Consistent access controls, although different mechanisms decide it. Page 30 The PostgreSQL Conference 2010, LAPP/SELinux -A secure web application stack using SE-PostgreSQL-
  • 31. ▐ Agenda 1. Backgrond 2. SE-PostgreSQL 3. Apache/SELinux plus 4. Demonstration 5. Future Plans
  • 32. Conceptual diagram of LAPP/SELinux Classified Web HTTP Req Application Consistent Consistent access controls access controls Security Inter-process Inter-process Policy Info Info communication communication SELinux Filesystem Networks IPC Objects Database channels channels HTTP Req Web Least-privilege Least-privilege Application Unclassified ▐ SE-PostgreSQL ensures system-wide consistency in access controls. ▐ Apache/SELinux Plus ensures least-privilege on web-applications. LAPP/SELinux provides a secure web-application platform. Page 32 The PostgreSQL Conference 2010, LAPP/SELinux -A secure web application stack using SE-PostgreSQL-
  • 33. Idea: Role Based Access Control System Only DDL, Only DDL, DML not allowed DML not allowed SQL with SQL with confined privileges Database confined privileges Administrator Execute Execute internet Backup SE-PostgreSQL System Log pg_dump/pg_restore Administrator customer Log File Page 33 The PostgreSQL Conference 2010, LAPP/SELinux -A secure web application stack using SE-PostgreSQL-
  • 34. Plan to upstream: SE-PostgreSQL ▐ Access control reworks ▐ Add security label support ▐ Add an optional security provider Logic pg_xxx_aclcheck Logic pg_xxx_aclcheck Logic pg_xxx_ownercheck Logic Main logic of PostgreSQL User data and System catalog Page 34 The PostgreSQL Conference 2010, LAPP/SELinux -A secure web application stack using SE-PostgreSQL-
  • 35. Plan to upstream: SE-PostgreSQL ▐ Access control reworks ▐ Add security label support ▐ Add an optional security provider Can I access it? Logic pg_xxx_aclcheck pg_xxx_aclcheck check_xxx_create pg_xxx_ownercheck Allowed, Logic Denied Logic Security Providers Logic Main logic of PostgreSQL User data and System catalog Page 35 The PostgreSQL Conference 2010, LAPP/SELinux -A secure web application stack using SE-PostgreSQL-
  • 36. Plan to upstream: SE-PostgreSQL ▐ Access control reworks ▐ Add security label support ▐ Add an optional security provider Can I access it? Logic pg_xxx_aclcheck pg_xxx_aclcheck check_xxx_create pg_xxx_ownercheck Allowed, Logic Denied Logic Security Providers Logic TopSecret Unclassified Main logic of PostgreSQL User data and System catalog Page 36 The PostgreSQL Conference 2010, LAPP/SELinux -A secure web application stack using SE-PostgreSQL-
  • 37. Plan to upstream: SE-PostgreSQL ▐ Access control reworks ▐ Add security label support ▐ Add an optional security provider Can I access it? Logic pg_xxx_aclcheck pg_xxx_aclcheck check_xxx_create pg_xxx_ownercheck Allowed, Logic Denied Smack SE-PgSQL Logic Security Providers Logic TopSecret Unclassified Main logic of PostgreSQL User data and System catalog Page 37 The PostgreSQL Conference 2010, LAPP/SELinux -A secure web application stack using SE-PostgreSQL-
  • 38. Summary of LAPP/SELinux ▐ Background Web Application's security is Hot issue now. ▐ Key concept Utilize SELinux as conductor of access control ▐ Key components SE-PostgreSQL Apache/SELinux Plus ▐ Road To SE-PostgreSQL being Upstreamed External Security Providers Security Label Support SELinux support; as one of the security providers Here we go! Let's join us on v9.1 development! Page 38 The PostgreSQL Conference 2010, LAPP/SELinux -A secure web application stack using SE-PostgreSQL-
  • 41.
  • 43. Management of the security labels ▐ Data format A tuple has its security context as an object identifier (4-bytes). • It minimizes the waste of storage to store security context. • It allows to lookup avc cached without text comparison. pg_seclabel system catalog holds its text representation. HeapTupleHeaderData seclabelTransIn() : User uint16 t_infomask; seclabelTransOut() uint16 t_infomask2; uint16 t_hoff; pg_seclabel system catalog Oid Security Identifier relid secid seclabel 1259 16384 'system_u:object_r:sepgsql_table_t:s0' Oid Object Identifier 1259 16385 'system_u:object_r:sepgsql_ro_table_t:s0' Data containts 1259 16386 'system_u:object_r:sepgsql_sysobj_t:s0' 2615 16408 'system_u:object_r:sepgsql_schema_t:s0' Page 43 The PostgreSQL Conference 2010, LAPP/SELinux -A secure web application stack using SE-PostgreSQL-
  • 44. Statement support to manage security context ▐ ALTER xxx SECURITY LABEL TO It allows to change security context of database objects. Use UPDATE statements for tuples within user tables. postgres=> ALTER TABLE t SECURITY LABEL TO 'user_u:object_r:sepgsql_ro_table_t:s0'; ALTER TABLE ▐ ALTER TABLE xxx SET WITH/WITHOUT SECURITY LABEL It allows to strip 'security_label' system column, if not necessary. Reduce row-level control and storage consumption on the table. postgres=> ALTER TABLE t SET WITHOUT SECURITY LABEL; ALTER TABLE postgres=> SELECT security_label, * FROM t; ERROR: column "security_label" does not exist Page 44 The PostgreSQL Conference 2010, LAPP/SELinux -A secure web application stack using SE-PostgreSQL-
  • 45. Apache/SELinux Plus configuration (1/2) # Apache/SELinux Plus configuration # --------------------------------- LoadModule selinux_module modules/mod_selinux.so selinuxServerDomain *:s0 <Directory "/var/www/html"> SetEnvIf Remote_Addr "192.168.1.[0-9]+$" ¥ SELINUX_DOMAIN=user_webapp_t:s0 selinuxDomainMap /var/www/mod_selinux.map selinuxDomainEnv SELINUX_DOMAIN selinuxDomainVal guest_webapp_t:s0 </Directory> Order to be applied Order to be applied # Apache/SELinux Plus user-mapping # -------------------------------- foo user_webapp_t:s0:c0 A pair of the http authorized A pair of the http authorized var user_webapp_t:s0:c1 username and security context username and security context baz user_webapp_t:s0:c2 Page 45 The PostgreSQL Conference 2010, LAPP/SELinux -A secure web application stack using SE-PostgreSQL-
  • 46. Apache/SELinux Plus configuration (2/2) # Apache/SELinux Plus (Per VirtualHost Separation) # ------------------------------------------------ LoadModule selinux_module modules/mod_selinux.so selinuxServerDomain *:s0-s0:c0.c1 <VirtualHost *:80> Web-server process MUST Web-server process MUST DocumentRoot /var/www/html dominate all the categories. dominate all the categories. ServerName red.example.com selinuxDomainVal *:s0:c0 </VirtualHost> <VirtualHost *:80> DocumentRoot /var/www/html ServerName blue.example.com selinuxDomainVal *:s0:c1 </VirtualHost> It assigns c1 category for all the HTTP It assigns c1 category for all the HTTP requests including anonymous ones. requests including anonymous ones. Page 46 The PostgreSQL Conference 2010, LAPP/SELinux -A secure web application stack using SE-PostgreSQL-