Introduction to Selinux
Upcoming SlideShare
Loading in...5
×

Like this? Share it with your network

Share
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
1,607
On Slideshare
1,512
From Embeds
95
Number of Embeds
1

Actions

Shares
Downloads
51
Comments
0
Likes
0

Embeds 95

http://atuljha.com 95

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Security-Enhanced Linux by Atul Jha aka koolhead17 By Atul Jha
  • 2. SELinux: What?
  • 3. Mandatory Access Control Complements traditional Discretionary Access Control
  • 4. SELinux: Why?
  • 5. Integrity (Type Enforcement) Confidentiality (Multi Level Security) Role Based Access Control
  • 6. SELinux: Where?
  • 7. Kernel: Security server Object manager Access Vector Cache
  • 8. User space: Coreutils Policycoreutils Checkpolicy
  • 9. SELinux-policy: Configuration data Rules that govern access
  • 10. Policy models and concepts
  • 11. SELinux identities or User based access control: - First field in security context tuple - SELinux identities a way to map Linux logins to SELinux Users - User based access control mechanisme to isolate SELinux users
  • 12. Role Based Access Control: - Second field in security context tuple - Mechanism that enables SELinux users to switch types
  • 13. Type Enforcement: - Third field in security context tuple - Processes and objects are assigned types - Policy governs how types can interact
  • 14. Multi Level Security or Multi Category Security: - Fourth field in security context tuple
  • 15. MLS: - Processes and objects are assigned security levels - Security level is a sensitivity and compartment(s) - s0 SystemLow - s15:c0.c1023 SystemHigh 16 sensitivities 1024 compartments “No read up and no write down”
  • 16. MCS: - Alternative way to use MLS attribute - Only one sensitivity - 1024 categories - Semi-discretionary - MCS used in Svirt and Sandbox -X
  • 17. SELinux resources: http://www.selinuxproject.org/page/User_Resources