Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Introduction to Selinux


Published on

Published in: Business, Technology
  • Be the first to comment

Introduction to Selinux

  1. 1. Security-Enhanced Linux by Atul Jha aka koolhead17 By Atul Jha
  2. 2. SELinux: What?
  3. 3. Mandatory Access Control Complements traditional Discretionary Access Control
  4. 4. SELinux: Why?
  5. 5. Integrity (Type Enforcement) Confidentiality (Multi Level Security) Role Based Access Control
  6. 6. SELinux: Where?
  7. 7. Kernel: Security server Object manager Access Vector Cache
  8. 8. User space: Coreutils Policycoreutils Checkpolicy
  9. 9. SELinux-policy: Configuration data Rules that govern access
  10. 10. Policy models and concepts
  11. 11. SELinux identities or User based access control: - First field in security context tuple - SELinux identities a way to map Linux logins to SELinux Users - User based access control mechanisme to isolate SELinux users
  12. 12. Role Based Access Control: - Second field in security context tuple - Mechanism that enables SELinux users to switch types
  13. 13. Type Enforcement: - Third field in security context tuple - Processes and objects are assigned types - Policy governs how types can interact
  14. 14. Multi Level Security or Multi Category Security: - Fourth field in security context tuple
  15. 15. MLS: - Processes and objects are assigned security levels - Security level is a sensitivity and compartment(s) - s0 SystemLow - s15:c0.c1023 SystemHigh 16 sensitivities 1024 compartments “No read up and no write down”
  16. 16. MCS: - Alternative way to use MLS attribute - Only one sensitivity - 1024 categories - Semi-discretionary - MCS used in Svirt and Sandbox -X
  17. 17. SELinux resources: