Introduction to Selinux

1,987 views

Published on

Published in: Business, Technology
0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
1,987
On SlideShare
0
From Embeds
0
Number of Embeds
170
Actions
Shares
0
Downloads
69
Comments
0
Likes
2
Embeds 0
No embeds

No notes for slide

Introduction to Selinux

  1. 1. Security-Enhanced Linux by Atul Jha aka koolhead17 By Atul Jha
  2. 2. SELinux: What?
  3. 3. Mandatory Access Control Complements traditional Discretionary Access Control
  4. 4. SELinux: Why?
  5. 5. Integrity (Type Enforcement) Confidentiality (Multi Level Security) Role Based Access Control
  6. 6. SELinux: Where?
  7. 7. Kernel: Security server Object manager Access Vector Cache
  8. 8. User space: Coreutils Policycoreutils Checkpolicy
  9. 9. SELinux-policy: Configuration data Rules that govern access
  10. 10. Policy models and concepts
  11. 11. SELinux identities or User based access control: - First field in security context tuple - SELinux identities a way to map Linux logins to SELinux Users - User based access control mechanisme to isolate SELinux users
  12. 12. Role Based Access Control: - Second field in security context tuple - Mechanism that enables SELinux users to switch types
  13. 13. Type Enforcement: - Third field in security context tuple - Processes and objects are assigned types - Policy governs how types can interact
  14. 14. Multi Level Security or Multi Category Security: - Fourth field in security context tuple
  15. 15. MLS: - Processes and objects are assigned security levels - Security level is a sensitivity and compartment(s) - s0 SystemLow - s15:c0.c1023 SystemHigh 16 sensitivities 1024 compartments “No read up and no write down”
  16. 16. MCS: - Alternative way to use MLS attribute - Only one sensitivity - 1024 categories - Semi-discretionary - MCS used in Svirt and Sandbox -X
  17. 17. SELinux resources: http://www.selinuxproject.org/page/User_Resources

×