SlideShare a Scribd company logo
1 of 35
Download to read offline
Linux Kernel Security

Adapting 1960s Technology to
          st
 Meet 21 Century Threats

          James Morris
            Red Hat


      LinuxCon Boston 2010
Fig. 1




History
“The first fact to face is that UNIX was not
  developed with security, in any realistic
sense, in mind; this fact alone guarantees a
            vast number of holes.”

      Dennis Ritchie, “On the Security of UNIX”, 1979
Fig. 2




Unix DAC
DAC is “simple” and somewhat effective, but
    inadequate for modern environment:


Does not protect against flawed or malicious
                   code
Fig. 3




(Actually, DAC is not simple)
“It must be recognized that the mere notion of a
super-user is a theoretical, and usually practical,
      blemish on any protection scheme.”


                (also from Ritchie 1979)
Fig. 4




Enhanced DAC
POSIX Capabilities (privileges)


 Access Control Lists (ACLs)
Fig. 5




Namespaces
Network Access Control



                          Netfilter

                          iptables

                          ebtables


                 Fig. 6
Fig. 7




Cryptography
Disk Encryption:

     dm-crypt
     ecryptfs



Network Encryption:

      IPsec
System Hardening

ASLR

NX

GCC

/dev/mem


Kernel pointers
                                Fig. 8
Fig. 9



    The Inevitability of Failure
The Flawed Assumption of Security in Modern
         Computing Environments
Mandatory security


Trusted / protected path


      Assurance
Linux Security Modules



READ        LSM Hook




           LSM Module
SELinux


Generalized MAC

Very fine-grained

 Policy-flexible
Simplified Mandatory Access
  Control Kernel (SMACK)


     Simple label-based MAC


    Policy is written as triples:

      subject object [–rwxa]
TOMOYO


         Path-based MAC scheme

   Automatic real-time policy generation

Policy applied to trees of process invocation
AppArmor


   Pathname access control scheme


Security usability via familiar abstractions
Extending MAC


                Netlabel

                Secmark

                 NFSv4

                   sVirt
Audit


         Required for certification

Monitor syscall, LSM & misc. security events

            Actually quite useful
Integrity & Platform Security


            TPM

          IMA / EVM

            TXT

            VT-d
Anti Malware


     Best done in userland

... but, file scanning still desired

             fsnotify

             fanotify
Seccomp


Extremely lightweight sandboxing

    Reduces attack surface
Current Status


Meets extremely wide range of security goals


     Security features now mainstream


 Better equipped to address modern threats
Ongoing Challenges



    Continued refinement & hardening

Multiple security models hindering adoption

      Threats will continue to evolve
How to Help



                  Enable features

                 Report problems

                 Share knowledge



       Fig. 10
Resources


Linux Kernel Security Wiki

     LSM Mailing List

   LWN Security page
Questions ?
Useful URLs
Kernel Security Wiki
    http://security.wiki.kernel.org/

LSM Mailing List
    http://vger.kernel.org/vger-lists.html#linux-security-module

LWN Security Page
    http://lwn.net/Security/

“The Inevitability of Failure: The Flawed Assumption of Security in Modern
Computing Environments”
    http://csrc.nist.gov/nissc/1998/proceedings/paperF1.pdf

LSM Usenix Paper
    http://www.usenix.org/event/sec02/wright.html

Kernel Memory Protection
    http://lwn.net/Articles/329787/

Linux Security Model Comparison
    http://tomoyo.sourceforge.jp/wiki-e/?WhatIs#comparison
Useful URLs ...
SELinux
    http://selinuxproject.org/
“Have You Driven an SELinux Lately?” (OLS paper on current state)
    http://namei.org/ols-2008-selinux-paper.pdf
“Anatomy of Fedora Kiosk Mode”
    http://namei.org/presentations/fedora-kiosk-mode-foss-my-2008.pdf
“SELinux Memory Protection Tests”
    http://people.redhat.com/drepper/selinux-mem.html
“A seatbelt for server software: SELinux blocks real-world exploits”
    http://www.linuxworld.com/news/2008/022408-selinux.html

SMACK
    http://schaufler-ca.com/

AppArmor
    http://en.opensuse.org/Apparmor

TOMOYO
    http://tomoyo.sourceforge.jp/

“POSIX file capabilities: Parceling the power of root”
    http://www.ibm.com/developerworks/library/l-posixcap.html

“POSIX Access Control Lists on Linux”
    http://www.suse.de/~agruen/acl/linux-acls/online/
Useful URLs ...
"Implementing Native NFSv4 ACLs in Linux"
    http://lca2009.linux.org.au/slides/79.tar.gz

“Applying mount namespaces”
    http://www.ibm.com/developerworks/linux/library/l-mount-namespaces.html

“Disk encryption in Fedora: Past, present and future”
    http://is.gd/16012

“Limiting buffer overflows with ExecShield” (2005)
    http://www.redhat.com/magazine/009jul05/features/execshield/

“Linux Kernel Heap Tampering Detection”
    http://phrack.org/issues.html?issue=66&id=15#article

“System integrity in Linux”
    http://lwn.net/Articles/309441/
“Linux kernel integrity measurement using contextual inspection” (LKIM)
    http://portal.acm.org/citation.cfm?id=1314354.1314362

Intel TXT Site
    http://www.intel.com/technology/security/

IBM TCPA Resources
    http://www.research.ibm.com/gsal/tcpa/tcpa_rebuttal.pdf

Invisible Things Labs
    http://theinvisiblethings.blogspot.com/
Image Credits
1. Bell Labs
2. Duke University Ad*Access
3. Hao Chen, David Wagner, and Drew Dean.
4. “nofeel” (flickr)
5. Unknown
6. Ian Lloyd (flickr)
7. James Morris
8. Steve Jurvetson (flickr)
9. Michael Scott (flickr)
10. Alfred T Palmer (LoC)

More Related Content

What's hot

Basic Linux Security
Basic Linux SecurityBasic Linux Security
Basic Linux Securitypankaj009
 
2009-08-11 IBM Teach the Teachers (IBM T3), Linux Security Overview
2009-08-11 IBM Teach the Teachers (IBM T3), Linux Security Overview2009-08-11 IBM Teach the Teachers (IBM T3), Linux Security Overview
2009-08-11 IBM Teach the Teachers (IBM T3), Linux Security OverviewShawn Wells
 
XPDS16: XSM-Flask, current limitations and Ongoing work. - Anshul Makkar, Ct...
XPDS16:  XSM-Flask, current limitations and Ongoing work. - Anshul Makkar, Ct...XPDS16:  XSM-Flask, current limitations and Ongoing work. - Anshul Makkar, Ct...
XPDS16: XSM-Flask, current limitations and Ongoing work. - Anshul Makkar, Ct...The Linux Foundation
 
How Many Linux Security Layers Are Enough?
How Many Linux Security Layers Are Enough?How Many Linux Security Layers Are Enough?
How Many Linux Security Layers Are Enough?Michael Boelen
 
Unix Security
Unix SecurityUnix Security
Unix Securityreplay21
 
Hacktivity2014: Virtual Machine Introspection to Detect and Protect
Hacktivity2014: Virtual Machine Introspection to Detect and ProtectHacktivity2014: Virtual Machine Introspection to Detect and Protect
Hacktivity2014: Virtual Machine Introspection to Detect and ProtectTamas K Lengyel
 
Linux Operating System Vulnerabilities
Linux Operating System VulnerabilitiesLinux Operating System Vulnerabilities
Linux Operating System VulnerabilitiesInformation Technology
 
31c3 Presentation - Virtual Machine Introspection
31c3 Presentation - Virtual Machine Introspection31c3 Presentation - Virtual Machine Introspection
31c3 Presentation - Virtual Machine IntrospectionTamas K Lengyel
 
Hardening Linux and introducing Securix Linux
Hardening Linux and introducing Securix LinuxHardening Linux and introducing Securix Linux
Hardening Linux and introducing Securix LinuxSecurity Session
 
File System Implementation & Linux Security
File System Implementation & Linux SecurityFile System Implementation & Linux Security
File System Implementation & Linux SecurityGeo Marian
 
Virtual Machine Introspection in a Hyberid Honeypot Architecture
Virtual Machine Introspection in a Hyberid Honeypot ArchitectureVirtual Machine Introspection in a Hyberid Honeypot Architecture
Virtual Machine Introspection in a Hyberid Honeypot ArchitectureTamas K Lengyel
 
Virtual Machine Introspection with Xen on ARM
Virtual Machine Introspection with Xen on ARMVirtual Machine Introspection with Xen on ARM
Virtual Machine Introspection with Xen on ARMTamas K Lengyel
 
Linux Network Security
Linux Network SecurityLinux Network Security
Linux Network SecurityAmr Ali
 
Introduction To Linux Security
Introduction To Linux SecurityIntroduction To Linux Security
Introduction To Linux SecurityMichael Boman
 
Scalability, Fidelity and Stealth in the DRAKVUF Dynamic Malware Analysis System
Scalability, Fidelity and Stealth in the DRAKVUF Dynamic Malware Analysis SystemScalability, Fidelity and Stealth in the DRAKVUF Dynamic Malware Analysis System
Scalability, Fidelity and Stealth in the DRAKVUF Dynamic Malware Analysis SystemTamas K Lengyel
 
Futex Scaling for Multi-core Systems
Futex Scaling for Multi-core SystemsFutex Scaling for Multi-core Systems
Futex Scaling for Multi-core SystemsDavidlohr Bueso
 
BSides Algiers - Linux Kernel and Recent Security Protections - Djallal Harouni
BSides Algiers - Linux Kernel and Recent Security Protections - Djallal HarouniBSides Algiers - Linux Kernel and Recent Security Protections - Djallal Harouni
BSides Algiers - Linux Kernel and Recent Security Protections - Djallal HarouniShellmates
 

What's hot (20)

Security and Linux Security
Security and Linux SecuritySecurity and Linux Security
Security and Linux Security
 
Basic Linux Security
Basic Linux SecurityBasic Linux Security
Basic Linux Security
 
2009-08-11 IBM Teach the Teachers (IBM T3), Linux Security Overview
2009-08-11 IBM Teach the Teachers (IBM T3), Linux Security Overview2009-08-11 IBM Teach the Teachers (IBM T3), Linux Security Overview
2009-08-11 IBM Teach the Teachers (IBM T3), Linux Security Overview
 
Linux security
Linux securityLinux security
Linux security
 
XPDS16: XSM-Flask, current limitations and Ongoing work. - Anshul Makkar, Ct...
XPDS16:  XSM-Flask, current limitations and Ongoing work. - Anshul Makkar, Ct...XPDS16:  XSM-Flask, current limitations and Ongoing work. - Anshul Makkar, Ct...
XPDS16: XSM-Flask, current limitations and Ongoing work. - Anshul Makkar, Ct...
 
How Many Linux Security Layers Are Enough?
How Many Linux Security Layers Are Enough?How Many Linux Security Layers Are Enough?
How Many Linux Security Layers Are Enough?
 
Unix Security
Unix SecurityUnix Security
Unix Security
 
Linux Security
Linux SecurityLinux Security
Linux Security
 
Hacktivity2014: Virtual Machine Introspection to Detect and Protect
Hacktivity2014: Virtual Machine Introspection to Detect and ProtectHacktivity2014: Virtual Machine Introspection to Detect and Protect
Hacktivity2014: Virtual Machine Introspection to Detect and Protect
 
Linux Operating System Vulnerabilities
Linux Operating System VulnerabilitiesLinux Operating System Vulnerabilities
Linux Operating System Vulnerabilities
 
31c3 Presentation - Virtual Machine Introspection
31c3 Presentation - Virtual Machine Introspection31c3 Presentation - Virtual Machine Introspection
31c3 Presentation - Virtual Machine Introspection
 
Hardening Linux and introducing Securix Linux
Hardening Linux and introducing Securix LinuxHardening Linux and introducing Securix Linux
Hardening Linux and introducing Securix Linux
 
File System Implementation & Linux Security
File System Implementation & Linux SecurityFile System Implementation & Linux Security
File System Implementation & Linux Security
 
Virtual Machine Introspection in a Hyberid Honeypot Architecture
Virtual Machine Introspection in a Hyberid Honeypot ArchitectureVirtual Machine Introspection in a Hyberid Honeypot Architecture
Virtual Machine Introspection in a Hyberid Honeypot Architecture
 
Virtual Machine Introspection with Xen on ARM
Virtual Machine Introspection with Xen on ARMVirtual Machine Introspection with Xen on ARM
Virtual Machine Introspection with Xen on ARM
 
Linux Network Security
Linux Network SecurityLinux Network Security
Linux Network Security
 
Introduction To Linux Security
Introduction To Linux SecurityIntroduction To Linux Security
Introduction To Linux Security
 
Scalability, Fidelity and Stealth in the DRAKVUF Dynamic Malware Analysis System
Scalability, Fidelity and Stealth in the DRAKVUF Dynamic Malware Analysis SystemScalability, Fidelity and Stealth in the DRAKVUF Dynamic Malware Analysis System
Scalability, Fidelity and Stealth in the DRAKVUF Dynamic Malware Analysis System
 
Futex Scaling for Multi-core Systems
Futex Scaling for Multi-core SystemsFutex Scaling for Multi-core Systems
Futex Scaling for Multi-core Systems
 
BSides Algiers - Linux Kernel and Recent Security Protections - Djallal Harouni
BSides Algiers - Linux Kernel and Recent Security Protections - Djallal HarouniBSides Algiers - Linux Kernel and Recent Security Protections - Djallal Harouni
BSides Algiers - Linux Kernel and Recent Security Protections - Djallal Harouni
 

Viewers also liked

Unix features, posix and single unix specification
Unix features, posix and single unix specificationUnix features, posix and single unix specification
Unix features, posix and single unix specificationsudha rani
 
Operating Systems 1 (3/12) - Architectures
Operating Systems 1 (3/12) - ArchitecturesOperating Systems 1 (3/12) - Architectures
Operating Systems 1 (3/12) - ArchitecturesPeter Tröger
 
12. Computer Systems Hardware 2
12. Computer Systems   Hardware 212. Computer Systems   Hardware 2
12. Computer Systems Hardware 2New Era University
 
Operating system security (a brief)
Operating system security (a brief)Operating system security (a brief)
Operating system security (a brief)cnokia
 
Solaris Operating System - Oracle
 Solaris Operating System - Oracle Solaris Operating System - Oracle
Solaris Operating System - OracleMalan Amarasinghe
 
Chapter 10 - File System Interface
Chapter 10 - File System InterfaceChapter 10 - File System Interface
Chapter 10 - File System InterfaceWayne Jones Jnr
 
16. Computer Systems Basic Software 2
16. Computer Systems   Basic Software 216. Computer Systems   Basic Software 2
16. Computer Systems Basic Software 2New Era University
 
Operating system security
Operating system securityOperating system security
Operating system securityRachel Jeewa
 
Operating System Security
Operating System SecurityOperating System Security
Operating System SecurityRamesh Upadhaya
 
Operating system security
Operating system securityOperating system security
Operating system securitySarmad Makhdoom
 
Operating system security
Operating system securityOperating system security
Operating system securityRamesh Ogania
 
Chapter 10
Chapter 10Chapter 10
Chapter 10 Google
 
Intruders and Viruses in Network Security NS9
Intruders and Viruses in Network Security NS9Intruders and Viruses in Network Security NS9
Intruders and Viruses in Network Security NS9koolkampus
 

Viewers also liked (20)

OSCh3
OSCh3OSCh3
OSCh3
 
Cs1 3-operating systems
Cs1 3-operating systemsCs1 3-operating systems
Cs1 3-operating systems
 
Unix features, posix and single unix specification
Unix features, posix and single unix specificationUnix features, posix and single unix specification
Unix features, posix and single unix specification
 
Operating Systems 1 (3/12) - Architectures
Operating Systems 1 (3/12) - ArchitecturesOperating Systems 1 (3/12) - Architectures
Operating Systems 1 (3/12) - Architectures
 
OS Security 2009
OS Security 2009OS Security 2009
OS Security 2009
 
12. Computer Systems Hardware 2
12. Computer Systems   Hardware 212. Computer Systems   Hardware 2
12. Computer Systems Hardware 2
 
Operating system security (a brief)
Operating system security (a brief)Operating system security (a brief)
Operating system security (a brief)
 
Plan 9: Not (Only) A Better UNIX
Plan 9: Not (Only) A Better UNIXPlan 9: Not (Only) A Better UNIX
Plan 9: Not (Only) A Better UNIX
 
Unix ppt
Unix pptUnix ppt
Unix ppt
 
Solaris Operating System - Oracle
 Solaris Operating System - Oracle Solaris Operating System - Oracle
Solaris Operating System - Oracle
 
Chapter 10 - File System Interface
Chapter 10 - File System InterfaceChapter 10 - File System Interface
Chapter 10 - File System Interface
 
16. Computer Systems Basic Software 2
16. Computer Systems   Basic Software 216. Computer Systems   Basic Software 2
16. Computer Systems Basic Software 2
 
Chapter 14 - Protection
Chapter 14 - ProtectionChapter 14 - Protection
Chapter 14 - Protection
 
Operating system security
Operating system securityOperating system security
Operating system security
 
Operating System Security
Operating System SecurityOperating System Security
Operating System Security
 
Operating system security
Operating system securityOperating system security
Operating system security
 
Operating system security
Operating system securityOperating system security
Operating system security
 
Chapter 10
Chapter 10Chapter 10
Chapter 10
 
Intruders and Viruses in Network Security NS9
Intruders and Viruses in Network Security NS9Intruders and Viruses in Network Security NS9
Intruders and Viruses in Network Security NS9
 
Unix - An Introduction
Unix - An IntroductionUnix - An Introduction
Unix - An Introduction
 

Similar to Linux Kernel Security: Adapting 1960s Technology to Meet 21st Century Threats

The Golden Ticket: Docker and High Security Microservices by Aaron Grattafiori
The Golden Ticket: Docker and High Security Microservices by Aaron GrattafioriThe Golden Ticket: Docker and High Security Microservices by Aaron Grattafiori
The Golden Ticket: Docker and High Security Microservices by Aaron GrattafioriDocker, Inc.
 
Hardening Linux, introducing Securix GNU/Linux
Hardening Linux, introducing Securix GNU/LinuxHardening Linux, introducing Securix GNU/Linux
Hardening Linux, introducing Securix GNU/LinuxMartin Holovský
 
Docker, Linux Containers (LXC), and security
Docker, Linux Containers (LXC), and securityDocker, Linux Containers (LXC), and security
Docker, Linux Containers (LXC), and securityJérôme Petazzoni
 
Container security
Container securityContainer security
Container securityAnthony Chow
 
Docker, Linux Containers, and Security: Does It Add Up?
Docker, Linux Containers, and Security: Does It Add Up?Docker, Linux Containers, and Security: Does It Add Up?
Docker, Linux Containers, and Security: Does It Add Up?Jérôme Petazzoni
 
Lightweight Virtualization in Linux
Lightweight Virtualization in LinuxLightweight Virtualization in Linux
Lightweight Virtualization in LinuxSadegh Dorri N.
 
Fosdem 18: Securing embedded Systems using Virtualization
Fosdem 18: Securing embedded Systems using VirtualizationFosdem 18: Securing embedded Systems using Virtualization
Fosdem 18: Securing embedded Systems using VirtualizationThe Linux Foundation
 
Container Security: How We Got Here and Where We're Going
Container Security: How We Got Here and Where We're GoingContainer Security: How We Got Here and Where We're Going
Container Security: How We Got Here and Where We're GoingPhil Estes
 
An overview of unix rootkits
An overview of unix rootkitsAn overview of unix rootkits
An overview of unix rootkitsUltraUploader
 
Hunting Mac Malware with Memory Forensics
Hunting Mac Malware with Memory ForensicsHunting Mac Malware with Memory Forensics
Hunting Mac Malware with Memory ForensicsAndrew Case
 
Hunting Mac Malware with Memory Forensics
Hunting Mac Malware with Memory ForensicsHunting Mac Malware with Memory Forensics
Hunting Mac Malware with Memory ForensicsAndrew Case
 
Chapter 7 security tools i
Chapter 7   security tools iChapter 7   security tools i
Chapter 7 security tools iSyaiful Ahdan
 
Container security
Container securityContainer security
Container securityAnthony Chow
 
Linux Container Brief for IEEE WG P2302
Linux Container Brief for IEEE WG P2302Linux Container Brief for IEEE WG P2302
Linux Container Brief for IEEE WG P2302Boden Russell
 
Docker London: Container Security
Docker London: Container SecurityDocker London: Container Security
Docker London: Container SecurityPhil Estes
 
LCJ2010-KaiGai-Memcached
LCJ2010-KaiGai-MemcachedLCJ2010-KaiGai-Memcached
LCJ2010-KaiGai-MemcachedKohei KaiGai
 
LCC17 - Securing Embedded Systems with the Hypervisor - Lars Kurth, Citrix
LCC17 - Securing Embedded Systems with the Hypervisor - Lars Kurth, CitrixLCC17 - Securing Embedded Systems with the Hypervisor - Lars Kurth, Citrix
LCC17 - Securing Embedded Systems with the Hypervisor - Lars Kurth, CitrixThe Linux Foundation
 
Bugs Ex Ante by Kristaps Dzonsons
Bugs Ex Ante by Kristaps DzonsonsBugs Ex Ante by Kristaps Dzonsons
Bugs Ex Ante by Kristaps Dzonsonseurobsdcon
 

Similar to Linux Kernel Security: Adapting 1960s Technology to Meet 21st Century Threats (20)

The Golden Ticket: Docker and High Security Microservices by Aaron Grattafiori
The Golden Ticket: Docker and High Security Microservices by Aaron GrattafioriThe Golden Ticket: Docker and High Security Microservices by Aaron Grattafiori
The Golden Ticket: Docker and High Security Microservices by Aaron Grattafiori
 
Hardening Linux, introducing Securix GNU/Linux
Hardening Linux, introducing Securix GNU/LinuxHardening Linux, introducing Securix GNU/Linux
Hardening Linux, introducing Securix GNU/Linux
 
Docker, Linux Containers (LXC), and security
Docker, Linux Containers (LXC), and securityDocker, Linux Containers (LXC), and security
Docker, Linux Containers (LXC), and security
 
Container security
Container securityContainer security
Container security
 
Docker, Linux Containers, and Security: Does It Add Up?
Docker, Linux Containers, and Security: Does It Add Up?Docker, Linux Containers, and Security: Does It Add Up?
Docker, Linux Containers, and Security: Does It Add Up?
 
Lightweight Virtualization in Linux
Lightweight Virtualization in LinuxLightweight Virtualization in Linux
Lightweight Virtualization in Linux
 
System Integrity
System IntegritySystem Integrity
System Integrity
 
淺談探索 Linux 系統設計之道
淺談探索 Linux 系統設計之道 淺談探索 Linux 系統設計之道
淺談探索 Linux 系統設計之道
 
Fosdem 18: Securing embedded Systems using Virtualization
Fosdem 18: Securing embedded Systems using VirtualizationFosdem 18: Securing embedded Systems using Virtualization
Fosdem 18: Securing embedded Systems using Virtualization
 
Container Security: How We Got Here and Where We're Going
Container Security: How We Got Here and Where We're GoingContainer Security: How We Got Here and Where We're Going
Container Security: How We Got Here and Where We're Going
 
An overview of unix rootkits
An overview of unix rootkitsAn overview of unix rootkits
An overview of unix rootkits
 
Hunting Mac Malware with Memory Forensics
Hunting Mac Malware with Memory ForensicsHunting Mac Malware with Memory Forensics
Hunting Mac Malware with Memory Forensics
 
Hunting Mac Malware with Memory Forensics
Hunting Mac Malware with Memory ForensicsHunting Mac Malware with Memory Forensics
Hunting Mac Malware with Memory Forensics
 
Chapter 7 security tools i
Chapter 7   security tools iChapter 7   security tools i
Chapter 7 security tools i
 
Container security
Container securityContainer security
Container security
 
Linux Container Brief for IEEE WG P2302
Linux Container Brief for IEEE WG P2302Linux Container Brief for IEEE WG P2302
Linux Container Brief for IEEE WG P2302
 
Docker London: Container Security
Docker London: Container SecurityDocker London: Container Security
Docker London: Container Security
 
LCJ2010-KaiGai-Memcached
LCJ2010-KaiGai-MemcachedLCJ2010-KaiGai-Memcached
LCJ2010-KaiGai-Memcached
 
LCC17 - Securing Embedded Systems with the Hypervisor - Lars Kurth, Citrix
LCC17 - Securing Embedded Systems with the Hypervisor - Lars Kurth, CitrixLCC17 - Securing Embedded Systems with the Hypervisor - Lars Kurth, Citrix
LCC17 - Securing Embedded Systems with the Hypervisor - Lars Kurth, Citrix
 
Bugs Ex Ante by Kristaps Dzonsons
Bugs Ex Ante by Kristaps DzonsonsBugs Ex Ante by Kristaps Dzonsons
Bugs Ex Ante by Kristaps Dzonsons
 

More from James Morris

sVirt: Hardening Linux Virtualization with Mandatory Access Control
sVirt: Hardening Linux Virtualization with Mandatory Access ControlsVirt: Hardening Linux Virtualization with Mandatory Access Control
sVirt: Hardening Linux Virtualization with Mandatory Access ControlJames Morris
 
OLPC Networking Overview
OLPC Networking OverviewOLPC Networking Overview
OLPC Networking OverviewJames Morris
 
Cryptographic Hardware Support for the Linux Kernel - Netconf 2004
Cryptographic Hardware Support for the Linux Kernel - Netconf 2004Cryptographic Hardware Support for the Linux Kernel - Netconf 2004
Cryptographic Hardware Support for the Linux Kernel - Netconf 2004James Morris
 
SELinux Project Overview - Linux Foundation Japan Symposium 2008
SELinux Project Overview - Linux Foundation Japan Symposium 2008SELinux Project Overview - Linux Foundation Japan Symposium 2008
SELinux Project Overview - Linux Foundation Japan Symposium 2008James Morris
 
Mandatory Access Control Networking Update - Netonf 2006 Tokyo
Mandatory Access Control Networking Update - Netonf 2006 TokyoMandatory Access Control Networking Update - Netonf 2006 Tokyo
Mandatory Access Control Networking Update - Netonf 2006 TokyoJames Morris
 
Kernel Security for 2.8 - Kernel Summit 2004
Kernel Security for 2.8 - Kernel Summit 2004Kernel Security for 2.8 - Kernel Summit 2004
Kernel Security for 2.8 - Kernel Summit 2004James Morris
 
Better IPSec Security Association Resolution - Netconf 2006 Tokyo
Better IPSec Security Association Resolution - Netconf 2006 TokyoBetter IPSec Security Association Resolution - Netconf 2006 Tokyo
Better IPSec Security Association Resolution - Netconf 2006 TokyoJames Morris
 
The State of Security Enhanced Linux - FOSS.IN/2007
The State of Security Enhanced Linux - FOSS.IN/2007The State of Security Enhanced Linux - FOSS.IN/2007
The State of Security Enhanced Linux - FOSS.IN/2007James Morris
 
How and Why You Should Become a Kernel Hacker - FOSS.IN/2007
How and Why You Should Become a Kernel Hacker - FOSS.IN/2007How and Why You Should Become a Kernel Hacker - FOSS.IN/2007
How and Why You Should Become a Kernel Hacker - FOSS.IN/2007James Morris
 
Overview of NSA Security Enhanced Linux - FOSS.IN/2005
Overview of NSA Security Enhanced Linux - FOSS.IN/2005Overview of NSA Security Enhanced Linux - FOSS.IN/2005
Overview of NSA Security Enhanced Linux - FOSS.IN/2005James Morris
 
SELinux Kernel Internals and Architecture - FOSS.IN/2005
SELinux Kernel Internals and Architecture - FOSS.IN/2005SELinux Kernel Internals and Architecture - FOSS.IN/2005
SELinux Kernel Internals and Architecture - FOSS.IN/2005James Morris
 
Anatomy of Fedora Kiosk Mode (FOSS.MY/2008)
Anatomy of Fedora Kiosk Mode (FOSS.MY/2008)Anatomy of Fedora Kiosk Mode (FOSS.MY/2008)
Anatomy of Fedora Kiosk Mode (FOSS.MY/2008)James Morris
 

More from James Morris (12)

sVirt: Hardening Linux Virtualization with Mandatory Access Control
sVirt: Hardening Linux Virtualization with Mandatory Access ControlsVirt: Hardening Linux Virtualization with Mandatory Access Control
sVirt: Hardening Linux Virtualization with Mandatory Access Control
 
OLPC Networking Overview
OLPC Networking OverviewOLPC Networking Overview
OLPC Networking Overview
 
Cryptographic Hardware Support for the Linux Kernel - Netconf 2004
Cryptographic Hardware Support for the Linux Kernel - Netconf 2004Cryptographic Hardware Support for the Linux Kernel - Netconf 2004
Cryptographic Hardware Support for the Linux Kernel - Netconf 2004
 
SELinux Project Overview - Linux Foundation Japan Symposium 2008
SELinux Project Overview - Linux Foundation Japan Symposium 2008SELinux Project Overview - Linux Foundation Japan Symposium 2008
SELinux Project Overview - Linux Foundation Japan Symposium 2008
 
Mandatory Access Control Networking Update - Netonf 2006 Tokyo
Mandatory Access Control Networking Update - Netonf 2006 TokyoMandatory Access Control Networking Update - Netonf 2006 Tokyo
Mandatory Access Control Networking Update - Netonf 2006 Tokyo
 
Kernel Security for 2.8 - Kernel Summit 2004
Kernel Security for 2.8 - Kernel Summit 2004Kernel Security for 2.8 - Kernel Summit 2004
Kernel Security for 2.8 - Kernel Summit 2004
 
Better IPSec Security Association Resolution - Netconf 2006 Tokyo
Better IPSec Security Association Resolution - Netconf 2006 TokyoBetter IPSec Security Association Resolution - Netconf 2006 Tokyo
Better IPSec Security Association Resolution - Netconf 2006 Tokyo
 
The State of Security Enhanced Linux - FOSS.IN/2007
The State of Security Enhanced Linux - FOSS.IN/2007The State of Security Enhanced Linux - FOSS.IN/2007
The State of Security Enhanced Linux - FOSS.IN/2007
 
How and Why You Should Become a Kernel Hacker - FOSS.IN/2007
How and Why You Should Become a Kernel Hacker - FOSS.IN/2007How and Why You Should Become a Kernel Hacker - FOSS.IN/2007
How and Why You Should Become a Kernel Hacker - FOSS.IN/2007
 
Overview of NSA Security Enhanced Linux - FOSS.IN/2005
Overview of NSA Security Enhanced Linux - FOSS.IN/2005Overview of NSA Security Enhanced Linux - FOSS.IN/2005
Overview of NSA Security Enhanced Linux - FOSS.IN/2005
 
SELinux Kernel Internals and Architecture - FOSS.IN/2005
SELinux Kernel Internals and Architecture - FOSS.IN/2005SELinux Kernel Internals and Architecture - FOSS.IN/2005
SELinux Kernel Internals and Architecture - FOSS.IN/2005
 
Anatomy of Fedora Kiosk Mode (FOSS.MY/2008)
Anatomy of Fedora Kiosk Mode (FOSS.MY/2008)Anatomy of Fedora Kiosk Mode (FOSS.MY/2008)
Anatomy of Fedora Kiosk Mode (FOSS.MY/2008)
 

Recently uploaded

Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterMydbops
 
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...AliaaTarek5
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesKari Kakkonen
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfIngrid Airi González
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Strongerpanagenda
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesThousandEyes
 
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Scott Andery
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfNeo4j
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality AssuranceInflectra
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 

Recently uploaded (20)

Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL Router
 
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examples
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdf
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
 
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdf
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 

Linux Kernel Security: Adapting 1960s Technology to Meet 21st Century Threats

  • 1. Linux Kernel Security Adapting 1960s Technology to st Meet 21 Century Threats James Morris Red Hat LinuxCon Boston 2010
  • 3. “The first fact to face is that UNIX was not developed with security, in any realistic sense, in mind; this fact alone guarantees a vast number of holes.” Dennis Ritchie, “On the Security of UNIX”, 1979
  • 5. DAC is “simple” and somewhat effective, but inadequate for modern environment: Does not protect against flawed or malicious code
  • 6. Fig. 3 (Actually, DAC is not simple)
  • 7. “It must be recognized that the mere notion of a super-user is a theoretical, and usually practical, blemish on any protection scheme.” (also from Ritchie 1979)
  • 9. POSIX Capabilities (privileges) Access Control Lists (ACLs)
  • 11. Network Access Control Netfilter iptables ebtables Fig. 6
  • 13. Disk Encryption: dm-crypt ecryptfs Network Encryption: IPsec
  • 15. Fig. 9 The Inevitability of Failure The Flawed Assumption of Security in Modern Computing Environments
  • 16. Mandatory security Trusted / protected path Assurance
  • 17. Linux Security Modules READ LSM Hook LSM Module
  • 19. Simplified Mandatory Access Control Kernel (SMACK) Simple label-based MAC Policy is written as triples: subject object [–rwxa]
  • 20. TOMOYO Path-based MAC scheme Automatic real-time policy generation Policy applied to trees of process invocation
  • 21. AppArmor Pathname access control scheme Security usability via familiar abstractions
  • 22. Extending MAC Netlabel Secmark NFSv4 sVirt
  • 23. Audit Required for certification Monitor syscall, LSM & misc. security events Actually quite useful
  • 24. Integrity & Platform Security TPM IMA / EVM TXT VT-d
  • 25. Anti Malware Best done in userland ... but, file scanning still desired fsnotify fanotify
  • 27. Current Status Meets extremely wide range of security goals Security features now mainstream Better equipped to address modern threats
  • 28. Ongoing Challenges Continued refinement & hardening Multiple security models hindering adoption Threats will continue to evolve
  • 29. How to Help Enable features Report problems Share knowledge Fig. 10
  • 30. Resources Linux Kernel Security Wiki LSM Mailing List LWN Security page
  • 32. Useful URLs Kernel Security Wiki http://security.wiki.kernel.org/ LSM Mailing List http://vger.kernel.org/vger-lists.html#linux-security-module LWN Security Page http://lwn.net/Security/ “The Inevitability of Failure: The Flawed Assumption of Security in Modern Computing Environments” http://csrc.nist.gov/nissc/1998/proceedings/paperF1.pdf LSM Usenix Paper http://www.usenix.org/event/sec02/wright.html Kernel Memory Protection http://lwn.net/Articles/329787/ Linux Security Model Comparison http://tomoyo.sourceforge.jp/wiki-e/?WhatIs#comparison
  • 33. Useful URLs ... SELinux http://selinuxproject.org/ “Have You Driven an SELinux Lately?” (OLS paper on current state) http://namei.org/ols-2008-selinux-paper.pdf “Anatomy of Fedora Kiosk Mode” http://namei.org/presentations/fedora-kiosk-mode-foss-my-2008.pdf “SELinux Memory Protection Tests” http://people.redhat.com/drepper/selinux-mem.html “A seatbelt for server software: SELinux blocks real-world exploits” http://www.linuxworld.com/news/2008/022408-selinux.html SMACK http://schaufler-ca.com/ AppArmor http://en.opensuse.org/Apparmor TOMOYO http://tomoyo.sourceforge.jp/ “POSIX file capabilities: Parceling the power of root” http://www.ibm.com/developerworks/library/l-posixcap.html “POSIX Access Control Lists on Linux” http://www.suse.de/~agruen/acl/linux-acls/online/
  • 34. Useful URLs ... "Implementing Native NFSv4 ACLs in Linux" http://lca2009.linux.org.au/slides/79.tar.gz “Applying mount namespaces” http://www.ibm.com/developerworks/linux/library/l-mount-namespaces.html “Disk encryption in Fedora: Past, present and future” http://is.gd/16012 “Limiting buffer overflows with ExecShield” (2005) http://www.redhat.com/magazine/009jul05/features/execshield/ “Linux Kernel Heap Tampering Detection” http://phrack.org/issues.html?issue=66&id=15#article “System integrity in Linux” http://lwn.net/Articles/309441/ “Linux kernel integrity measurement using contextual inspection” (LKIM) http://portal.acm.org/citation.cfm?id=1314354.1314362 Intel TXT Site http://www.intel.com/technology/security/ IBM TCPA Resources http://www.research.ibm.com/gsal/tcpa/tcpa_rebuttal.pdf Invisible Things Labs http://theinvisiblethings.blogspot.com/
  • 35. Image Credits 1. Bell Labs 2. Duke University Ad*Access 3. Hao Chen, David Wagner, and Drew Dean. 4. “nofeel” (flickr) 5. Unknown 6. Ian Lloyd (flickr) 7. James Morris 8. Steve Jurvetson (flickr) 9. Michael Scott (flickr) 10. Alfred T Palmer (LoC)