• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Introduction to Selinux
 

Introduction to Selinux

on

  • 1,435 views

 

Statistics

Views

Total Views
1,435
Views on SlideShare
1,350
Embed Views
85

Actions

Likes
0
Downloads
45
Comments
0

1 Embed 85

http://atuljha.com 85

Accessibility

Categories

Upload Details

Uploaded via as OpenOffice

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Introduction to Selinux Introduction to Selinux Presentation Transcript

    • Security-Enhanced Linux by Atul Jha aka koolhead17 By Atul Jha
    • SELinux: What?
    • Mandatory Access Control Complements traditional Discretionary Access Control
    • SELinux: Why?
    • Integrity (Type Enforcement) Confidentiality (Multi Level Security) Role Based Access Control
    • SELinux: Where?
    • Kernel: Security server Object manager Access Vector Cache
    • User space: Coreutils Policycoreutils Checkpolicy
    • SELinux-policy: Configuration data Rules that govern access
    • Policy models and concepts
    • SELinux identities or User based access control: - First field in security context tuple - SELinux identities a way to map Linux logins to SELinux Users - User based access control mechanisme to isolate SELinux users
    • Role Based Access Control: - Second field in security context tuple - Mechanism that enables SELinux users to switch types
    • Type Enforcement: - Third field in security context tuple - Processes and objects are assigned types - Policy governs how types can interact
    • Multi Level Security or Multi Category Security: - Fourth field in security context tuple
    • MLS: - Processes and objects are assigned security levels - Security level is a sensitivity and compartment(s) - s0 SystemLow - s15:c0.c1023 SystemHigh 16 sensitivities 1024 compartments “No read up and no write down”
    • MCS: - Alternative way to use MLS attribute - Only one sensitivity - 1024 categories - Semi-discretionary - MCS used in Svirt and Sandbox -X
    • SELinux resources: http://www.selinuxproject.org/page/User_Resources