Advertisement
An introduction to MAC RBAC and LSM
An introduction to MAC RBAC and LSM
An introduction to MAC RBAC and LSM
An introduction to MAC RBAC and LSM
An introduction to MAC RBAC and LSM
An introduction to MAC RBAC and LSM
An introduction to MAC RBAC and LSM
An introduction to MAC RBAC and LSM
An introduction to MAC RBAC and LSM
An introduction to MAC RBAC and LSM
An introduction to MAC RBAC and LSM
An introduction to MAC RBAC and LSM

Check these out next

Intro to Exploitation
Intro to Exploitation
UTD Computer Security Group
Ubuntu 16.04 LTS Security Features
Ubuntu 16.04 LTS Security Features
Dustin Kirkland
Linux Security
Linux Security
nayakslideshare
Introduction To Linux Security
Introduction To Linux Security
Michael Boman
Linux Security Crash Course
Linux Security Crash Course
UTD Computer Security Group
Basic Linux Security
Basic Linux Security
pankaj009
Slackware Demystified [SELF 2011]
Slackware Demystified [SELF 2011]
Vincent Batts
Metasploit For Beginners
Metasploit For Beginners
Ramnath Shenoy
1 of 12

An introduction to MAC RBAC and LSM

Jun. 15, 2016
Download to read offline
Software

An Introduction to MAC, RBAC and LSM to better understanding the theory behind hardening tools such SELinux, GrSecurity and more.

Francesco Pira
DevOps Engineer at Leonardo
Advertisement
Advertisement
Advertisement

Recommended

Linux 4.6 and memory protectionsLinux 4.6 and memory protections
Linux 4.6 and memory protectionsFrancesco Pira339 views8 slides
Getting started with GrSecurityGetting started with GrSecurity
Getting started with GrSecurityFrancesco Pira766 views16 slides
Getting started with AppArmorGetting started with AppArmor
Getting started with AppArmorFrancesco Pira1.1K views14 slides
ApparmorApparmor
Apparmorn|u - The Open Security Community2.7K views17 slides
How Many Linux Security Layers Are Enough?How Many Linux Security Layers Are Enough?
How Many Linux Security Layers Are Enough?Michael Boelen6.7K views51 slides
Windows Security Crash CourseWindows Security Crash Course
Windows Security Crash CourseUTD Computer Security Group486 views41 slides

More Related Content

Slideshows for you(20)

Intro to ExploitationIntro to Exploitation
Intro to Exploitation
UTD Computer Security Group104 views
Ubuntu 16.04 LTS Security FeaturesUbuntu 16.04 LTS Security Features
Ubuntu 16.04 LTS Security Features
Dustin Kirkland40.4K views
Linux SecurityLinux Security
Linux Security
nayakslideshare2.2K views
Introduction To Linux SecurityIntroduction To Linux Security
Introduction To Linux Security
Michael Boman1.4K views
Linux Security Crash CourseLinux Security Crash Course
Linux Security Crash Course
UTD Computer Security Group553 views
Basic Linux SecurityBasic Linux Security
Basic Linux Security
pankaj0092.8K views
Slackware Demystified [SELF 2011]Slackware Demystified [SELF 2011]
Slackware Demystified [SELF 2011]
Vincent Batts579 views
Metasploit For BeginnersMetasploit For Beginners
Metasploit For Beginners
Ramnath Shenoy985 views
Lifnaaaaaa eLifnaaaaaa e
Lifnaaaaaa e
henelpj84 views
Security, Hack1ng and Hardening on Linux - an OverviewSecurity, Hack1ng and Hardening on Linux - an Overview
Security, Hack1ng and Hardening on Linux - an Overview
Kaiwan Billimoria1.2K views
Anıl kurmuş pacsec3Anıl kurmuş pacsec3
Anıl kurmuş pacsec3
PacSecJP482 views
DigiPinguïns: browsers tips & tricks (Liese De Vos)DigiPinguïns: browsers tips & tricks (Liese De Vos)
DigiPinguïns: browsers tips & tricks (Liese De Vos)
Avansa Mid- en Zuidwest415 views
RustRust
Rust
Naga Dinesh313 views
MOSP Walkthrough 2009MOSP Walkthrough 2009
MOSP Walkthrough 2009
Andrew Roughan721 views
Atom withhandlypackagesAtom withhandlypackages
Atom withhandlypackages
Sho Ikeda73 views
Linux securityLinux security
Linux security
trilokchandra prakash2.8K views
Linux Operating System VulnerabilitiesLinux Operating System Vulnerabilities
Linux Operating System Vulnerabilities
Information Technology7.3K views
IEEE Posix StandardsIEEE Posix Standards
IEEE Posix Standards
Hussain Biedouh2K views
What is Firewall?What is Firewall?
What is Firewall?
NetProtocol Xpert440 views
Threats, Vulnerabilities & Security measures in LinuxThreats, Vulnerabilities & Security measures in Linux
Threats, Vulnerabilities & Security measures in Linux
Amitesh Bharti3.9K views

Similar to An introduction to MAC RBAC and LSM(20)

Open Source Malware LabOpen Source Malware Lab
Open Source Malware Lab
ThreatConnect1.8K views
BACKFiL Finding Files you left on the serverBACKFiL Finding Files you left on the server
BACKFiL Finding Files you left on the server
tmccurry1.1K views
2014 04-03 xyratex event2014 04-03 xyratex event
2014 04-03 xyratex event
Shawn Wells115 views
LibreSocial - P2P Framework for Social Networks - OverviewLibreSocial - P2P Framework for Social Networks - Overview
LibreSocial - P2P Framework for Social Networks - Overview
Kalman Graffi887 views
BlackHat USA 2013 Arsenal - Sparty : A FrontPage and SharePoint Security Audi...BlackHat USA 2013 Arsenal - Sparty : A FrontPage and SharePoint Security Audi...
BlackHat USA 2013 Arsenal - Sparty : A FrontPage and SharePoint Security Audi...
Aditya K Sood22.3K views
AraknoArakno
Arakno
Roberto Sponchioni272 views
Attribute Based Access ControlAttribute Based Access Control
Attribute Based Access Control
Chandra Sharma6.7K views
Storage Solutions from General AtomicsStorage Solutions from General Atomics
Storage Solutions from General Atomics
Igor Sfiligoi210 views
Kali LinuxKali Linux
Kali Linux
Jack Gidding4.9K views
Building A New Operating System - Subhajeet Mukherjee @ SfBayACMBuilding A New Operating System - Subhajeet Mukherjee @ SfBayACM
Building A New Operating System - Subhajeet Mukherjee @ SfBayACM
Subhajeet Mukherjee200 views
Non-Invasive Elimination of Logical Access Control Vulnerabilities in Web A...Non-Invasive Elimination of Logical Access Control Vulnerabilities in Web A...
Non-Invasive Elimination of Logical Access Control Vulnerabilities in Web A...
Denis Kolegov1.8K views
Ppt linuxPpt linux
Ppt linux
Gurpreet Kaur1.4K views
Kolegov tkachenko-Non-Invasive Elimination of Logical Access Control Vulnerab...Kolegov tkachenko-Non-Invasive Elimination of Logical Access Control Vulnerab...
Kolegov tkachenko-Non-Invasive Elimination of Logical Access Control Vulnerab...
Positive Hack Days806 views
Operating SystemOperating System
Operating System
ushabarad1429.6K views
Streamlined data sharing and analysis to accelerate cancer researchStreamlined data sharing and analysis to accelerate cancer research
Streamlined data sharing and analysis to accelerate cancer research
Ian Foster608 views
Hiding files.pptxHiding files.pptx
Hiding files.pptx
KashifHussain64775564 views
Progressive Provenance Capture Through Re-computationProgressive Provenance Capture Through Re-computation
Progressive Provenance Capture Through Re-computation
Paul Groth407 views
Oracle Database 12c Attack VectorsOracle Database 12c Attack Vectors
Oracle Database 12c Attack Vectors
Martin Toshev2.2K views
Introduction to MesosIntroduction to Mesos
Introduction to Mesos
koboltmarky655 views
Presentation v1 (1)Presentation v1 (1)
Presentation v1 (1)
koboltmarky199 views
Advertisement

Recently uploaded(20)

The scale-up, the autonomy and the nuclear submarineThe scale-up, the autonomy and the nuclear submarine
The scale-up, the autonomy and the nuclear submarine
Thomas Pierrain0 views
operator ppt.pptoperator ppt.ppt
operator ppt.ppt
MrSharadtechnical2 views
seminarppt (2).pptxseminarppt (2).pptx
seminarppt (2).pptx
VrushankChops13 views
DATA CENTERS.pdfDATA CENTERS.pdf
DATA CENTERS.pdf
CesarSanchez52315 views
Transforming Healthcare: The Role of CMMS in Hospital Facility Maintenance an...Transforming Healthcare: The Role of CMMS in Hospital Facility Maintenance an...
Transforming Healthcare: The Role of CMMS in Hospital Facility Maintenance an...
Srinivasan AT4 views
SE_RE-II-CH5 (3).pdfSE_RE-II-CH5 (3).pdf
SE_RE-II-CH5 (3).pdf
AZKANAAZ15 views
Are you ready for AI? Is AI ready for you?Are you ready for AI? Is AI ready for you?
Are you ready for AI? Is AI ready for you?
KonfHubTechConferenc124 views
Data Conversion.pptData Conversion.ppt
Data Conversion.ppt
Amit Sharma2 views
D&AA Lecture 2 insertion sort.pptD&AA Lecture 2 insertion sort.ppt
D&AA Lecture 2 insertion sort.ppt
HaniaKhan751 view
3 Common SEO Mistakes And How To Avoid Them 3 Common SEO Mistakes And How To Avoid Them 
3 Common SEO Mistakes And How To Avoid Them 
Flexsin 3 views
How to export EML files into Outlook PST formats?How to export EML files into Outlook PST formats?
How to export EML files into Outlook PST formats?
MailsDaddy7 views
harnessing_the_power_of_artificial_intelligence_for_software_development.pptxharnessing_the_power_of_artificial_intelligence_for_software_development.pptx
harnessing_the_power_of_artificial_intelligence_for_software_development.pptx
sarah david5 views
Hotel GDSHotel GDS
Hotel GDS
ChetnaPatil344 views
DETECTION OF QR CODE.pptx DETECTION OF QR CODE.pptx
DETECTION OF QR CODE.pptx
ELECTRONICSCOMMUNICA63 views
0x01 - Breaking into Linux VMs for Fun and Profit0x01 - Breaking into Linux VMs for Fun and Profit
0x01 - Breaking into Linux VMs for Fun and Profit
Russell Sanford18 views
Enterprise Messaging with RabbitMQ.pdfEnterprise Messaging with RabbitMQ.pdf
Enterprise Messaging with RabbitMQ.pdf
Ortus Solutions, Corp0 views
Formal Specification through ModelingFormal Specification through Modeling
Formal Specification through Modeling
Mohammed Assiri39 views
W1-Intro to python.pptxW1-Intro to python.pptx
W1-Intro to python.pptx
NaziaPerwaiz22 views
TDD - Seriously, try it! - OpensouthcodeTDD - Seriously, try it! - Opensouthcode
TDD - Seriously, try it! - Opensouthcode
Nacho Cougil13 views
Confluent Partner Tech Talk with SVAConfluent Partner Tech Talk with SVA
Confluent Partner Tech Talk with SVA
confluent61 views

An introduction to MAC RBAC and LSM

  1. Hardening Two June 13, 2016 Francesco Pira (fpira.com) An Introduction to MAC, RBAC and LSM The theory behind hardening tools
  2. Hardening Two June 13, 2016 Francesco Pira (fpira.com) Before we start… • each system has its own security requirements • each system has different overriding security requirements • sometimes you need to combine multiple solutions • showed approaches are build into the system
  3. Hardening Two June 13, 2016 Francesco Pira (fpira.com) Information Main security requirements Confidentiality Availability Integrity
  4. Hardening Two June 13, 2016 Francesco Pira (fpira.com) Keywords • roles • subjects • objects • policy • policy defines behaviour of roles / subjects / objects as higher abstraction of users as abstraction of executables as abstraction of system resources as a set of rules (usually system-wide)
  5. Hardening Two June 13, 2016 Francesco Pira (fpira.com) Available options • DAC, Discretionary Access Control • MAC, Mandatory Access Control • RBAC, Role-Based Access Control * DAC and MAC are mutually exclusive. RBAC can coexist with others.
  6. Hardening Two June 13, 2016 Francesco Pira (fpira.com) Discretionary Access Control • focuses on availability • user in control • user can forward privileges • user can revoke permissions • can’t be used in hardening tools!
  7. Hardening Two June 13, 2016 Francesco Pira (fpira.com) Mandatory Access Control • focuses on confidentiality • acts system-wide • by design: 1 trusted admin, no roles • controls access to objects • subjects can’t change the policy • neither users at lower level can do
  8. Hardening Two June 13, 2016 Francesco Pira (fpira.com) Role-Based Access Control • focuses on integrity • needs authentication • each role access only data who is allowed to (default is deny) • not mandatory by design • can coexist with MAC if the hierarchy is a tree • policy tied to roles, roles tied to users • usually implemented via ACL
  9. Hardening Two June 13, 2016 Francesco Pira (fpira.com) Hooking the kernel: LSM • a framework embedded in the Linux kernel • designed not to degrade system performance • hardening tools via modules • system resources have hooks • hooks -> pointers to module functions (low-level API, kind of) • table of (dummy) functions called security_ops • dummy functions replaced at boot time with (e.g.) SELinux ones
  10. Hardening Two June 13, 2016 Francesco Pira (fpira.com) Hooking the kernel: LSM Resource request Sys call DAC check LSM hook complete request LSM module engine SELinux* kernel space user space * as an example
  11. Hardening Two June 13, 2016 Francesco Pira (fpira.com) LSM hooks • hooks are divided into categories • task hooks • program loading hooks • IPC hooks • filesystem hooks • network hooks • and more…
  12. Hardening Two June 13, 2016 Francesco Pira (fpira.com) Questions? Thank you!
Advertisement