integrating flexible support for security policies into
play

Integrating Flexible Support for Security Policies into the Linux - PowerPoint PPT Presentation

Jun 14, 2023 •340 likes •542 views

Integrating Flexible Support for Security Policies into the Linux Operating System http://www.nsa.gov/selinux Stephen D. Smalley sds@tycho.nsa.gov Information Assurance Research Group National Security Agency (Slight modifications by David

  1. Integrating Flexible Support for Security Policies into the Linux Operating System http://www.nsa.gov/selinux Stephen D. Smalley sds@tycho.nsa.gov Information Assurance Research Group National Security Agency (Slight modifications by David Martin for 91.562 in red)  Information Assurance Research Group � 1

  2. Outline • Motivation and Background • What SELinux Provides • SELinux Status and Adoption • Ongoing and Future Development  Information Assurance Research Group � 2

  3. Why Secure the Operating System? • Information attacks don’t require a corrupt user. • Applications can be circumvented. • Must process in the clear. • Network is too far. • Hardware is too close. • End system security requires a secure OS. • Secure end-to-end transactions requires secure end systems.  Information Assurance Research Group � 3

  4. Mandatory Access Control • MAC : mandatory access control – Beware confusion with Media Access Control, Message Authentication Code • A “missing link” of security in current operating systems. • Defined by three major properties: – Administratively-defined security policy. – Control over all subjects (processes) and objects. – Decisions based on all security-relevant information.  Information Assurance Research Group � 4

  5. Discretionary Access Control • Existing access control mechanism of current OSes. • Limited to user identity / ownership. • Vulnerable to malicious or flawed software. • Subject to every user's discretion (or whim). • Only distinguishes admin vs. non-admin for users. • Only supports coarse-grained privileges for programs. • Unbounded privilege escalation.  Information Assurance Research Group � 5

  6. What can MAC offer? • Strong separation of security domains • System, application, and data integrity • Ability to limit program privileges • Processing pipeline guarantees • Authorization limits for legitimate users  Information Assurance Research Group � 6

  7. MAC Implementation Issues • Must overcome limitations of traditional MAC – More than just Multi-Level Security / BLP (Bell- LaPadula) • MLS/BLP: Strict hierarchy of security labels Top Secret > Secret > Confidential > Unclassified • No reading from higher level, no writing to lower level • Policy flexibility required – One size does not fit all! • Maximize security transparency – Compatibility for applications and existing usage.  Information Assurance Research Group � 7

  8. Prior Research Prototypes • Distributed Trusted Mach (DTMach) – Outgrowth of TMach and LOCK OSes – Integrated flexible MAC framework into Mach OS • Distributed Trusted Operating System (DTOS) – Improved design and implementation in Mach – Studies of policies, composability, security, assurability • Flux Advanced Security Kernel (Flask) – Integrated DTOS security architecture into Flux OS – Added support for dynamic policies and revocation – Basis for SELinux  Information Assurance Research Group � 8

  9. Decision to move to Linux • Recognized need to move to a mainstream platform • Past strategies not producing desired results • National Security Council interest in Open Source • Technology transfer opportunities • Linux chosen as best alternative  Information Assurance Research Group � 9

  10. SELinux provides Flexible MAC • Flexible MAC integrated into Linux kernel • Application of the Flask security architecture • Integrated into major kernel subsystems • Provides object class and permission abstractions • Labels kernel objects with security contexts – Both in memory and on file system: processes, IPC mechanisms, and anything accessed through a file descriptor: files, devices, sockets, etc. • Enforces access decisions on kernel operations – Basically, every interesting system call is subject to MAC checks  Information Assurance Research Group � 10

  11. SELinux Policy Engine • Referred to as the “security server” due to origins. • Implements a combination of: – Role-Based Access Control – Type Enforcement – Multi-Level Security (optional) • Security Policy specified through a set of configuration files.  Information Assurance Research Group � 11

  12. Type Enforcement • Domains for processes, types for objects • Control access to objects (domain-to-type) • Control process interactions (domain-to-domain) • Control entry into domains • Bind domains to code (through types)  Information Assurance Research Group � 12

  13. Type Enforcement: Rules • Let sshd bind a TCP socket to the SSH port. – allow sshd_t ssh_port_t:tcp_socket name_bind; domain object : class permission to grant • Let sshd read the host private key file. – allow sshd_t sshd_key_t:file read; • Let sshd create its PID file. – allow sshd_t var_run_t:dir { search add_name }; – allow sshd_t sshd_var_run_t:file { create write }; – type_transition sshd_t var_run_t:file sshd_var_run_t; domain obj-to-create new-obj-type  Information Assurance Research Group � 13

  14. Role-Based Access Control • Roles for processes • Specifies domains that can be entered by each role • Specifies roles that are authorized for each user • Initial domain associated with each user role • Ease of management of RBAC with fine granularity of TE  Information Assurance Research Group � 14

  15. SELinux Status • Initial public release in Dec 2000, regular updates • Active public mailing list, >900 members • Motivated development of Linux Security Module (LSM) framework (2001) – LSM adopted into Linux 2.5 development series (2002) – Provides infrastructure for supporting SELinux • SELinux adopted into Linux 2.6 stable series (2003)  Information Assurance Research Group � 15

  16. SELinux Adoption • Integrated into Red Hat distributions – Fedora Core 3 or later – Red Hat Enterprise Linux 4 (supported product) • Integrated into Hardened Gentoo for servers • Partial support in Debian and SuSE – requires additional packages available separately • Foundation for NetTop • Basis for Trusted Computer Solution's Trusted Linux • Port exists for FreeBSD 5 (SEBSD)  Information Assurance Research Group � 16

  17. Ongoing Development • Enhanced MLS support (TCS, IBM) • Security-Enhanced X (originally NSA, now TCS) • Enhanced Audit subsystem (IBM, Red Hat) • IPSEC integration (IBM) • Enhanced application integration (Red Hat) • Policy tools / infrastructure (Tresys, MITRE, IBM) • Scalability and performance (NEC, Red Hat, IBM)  Information Assurance Research Group � 17

  18. Future Work • Integrate SELinux into other userspace object managers. • Modify other applications to better leverage SELinux. • Enhance policy tools and infrastructure. • Integrate with non-MAC policies (e.g. Crypto) • Enhance revocation support. • Develop flexible trusted path mechanism. • Develop NFSv4 support and upstream it.  Information Assurance Research Group � 18

  19. Questions? • Download code and documents from http:// www.nsa.gov/selinux • Mailing list: Send 'subscribe selinux' to majordomo@tycho.nsa.gov • Contact our team at: selinux-team@tycho.nsa.gov • Contact me at: sds@tycho.nsa.gov • SELinux for Distributions: http://selinux.sourceforge.net  Information Assurance Research Group � 19

Recommend

Food security and climate change Integrating a cross-cutting Integrating a cross-cutting issue

Food security and climate change Integrating a cross-cutting Integrating a cross-cutting issue

Food security and climate change Integrating a cross-cutting Integrating a cross-cutting issue into sector policies and their practical application Topics What is driving the food security crisis? How it is threatened further by

642 views • 36 slides
Outline Security Principles and Policies Security terms and concepts CS 239 Security

Outline Security Principles and Policies Security terms and concepts CS 239 Security

Outline Security Principles and Policies Security terms and concepts CS 239 Security policies Computer Security Basic concepts Peter Reiher Security policies for real systems January 13, 2005 Lecture 2 Lecture 2 Page 1

347 views • 9 slides
Flexible Operation Integrating thermal power with Renewable Energy & Challenges Y M Babu 1

Flexible Operation Integrating thermal power with Renewable Energy & Challenges Y M Babu 1

Flexible Operation Integrating thermal power with Renewable Energy & Challenges Y M Babu 1 Technical Services, Noida Why Flexible Operation? Limitations with Renewable generation has called for flexible operation: Intermittent and

953 views • 29 slides
Security Policies Security Policies for Large Who is allowed to do what when Systems

Security Policies Security Policies for Large Who is allowed to do what when Systems

Security Policies Security Policies for Large Who is allowed to do what when Systems And what happens if they do CS 239 something else Security for Networks and And whos responsible for making sure System Software thats

245 views • 3 slides
Experiences on how to p contact with end-users (policies and ISO security (policies and ISO

Experiences on how to p contact with end-users (policies and ISO security (policies and ISO

Experiences on how to p contact with end-users (policies and ISO security (policies and ISO security standards at campuses) p ) Brian OHora, BSc (Hons) & MBA Technology Management Information Systems Services, TCD TERENA E2E

325 views • 15 slides
Policies to support RWH and Climate Resilience for Food Security & Nutrition (FSN) Rainwater

Policies to support RWH and Climate Resilience for Food Security & Nutrition (FSN) Rainwater

Policies to support RWH and Climate Resilience for Food Security & Nutrition (FSN) Rainwater Harvesting Symposium 2015 1st June 2015 Addis Ababa, Ethiopia Presented by: Philip Osano I. Introduction The impacts of climate change will a ff

144 views • 12 slides
Flexible Containment for Executing Untrusted Code Darrell Hyatt Introduction Standard

Flexible Containment for Executing Untrusted Code Darrell Hyatt Introduction Standard

Flexible Containment for Executing Untrusted Code Darrell Hyatt Introduction Standard security model is insufficient for security- critical applications Result sandboxing (among other things) Tailoring of policies to programs

221 views • 11 slides
Security Summer 2016 Cornell University 1 Today Security policies Enforcement

Security Summer 2016 Cornell University 1 Today Security policies Enforcement

CS 4410 Operating Systems Security Summer 2016 Cornell University 1 Today Security policies Enforcement Authenticating people Passwords 2 Security policy Security policies prescribe what must be done and what must not be

431 views • 13 slides
Com puter Security - Part Three Last tim e Multilevel and multilateral security Threats

Com puter Security - Part Three Last tim e Multilevel and multilateral security Threats

Com puter Security - Part Three Last tim e Multilevel and multilateral security Threats Security policies Confidentiality Policies Policy The Bell-LaPadula Model Specification Integrity Policies The Biba

698 views • 49 slides
Security Principles, Policies, and Tools CS 236 On-Line MS Program Networks and Systems

Security Principles, Policies, and Tools CS 236 On-Line MS Program Networks and Systems

Security Principles, Policies, and Tools CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Lecture 2 Page 1 CS 236 Online Outline Security design principles Security policies Basic concepts Security

419 views • 12 slides
DE-PBS/SCSS: SEL & SWPBIS Integration Module 1 AGENDA Rationale for Integrating/Aligning

DE-PBS/SCSS: SEL & SWPBIS Integration Module 1 AGENDA Rationale for Integrating/Aligning

INTEGRATING THE SWPBIS AND SEL APPROACHES R E S E AR C H AN D R E C O M M E N D E D S TR ATE GI E S Lead author: Dr. Sara Whitcomb (University of Massachusetts Amherst) Funding and support from: DE Positive Behavior Support Project School

157 views • 15 slides
Integrating biodiversity in poverty eradication policies Good practices in Development

Integrating biodiversity in poverty eradication policies Good practices in Development

Integrating biodiversity in poverty eradication policies Good practices in Development Cooperation context Arnold Jacques de Dixmude, European Commission EuropeAid's approach 1) Saving habitats, protected areas and productive landscapes,

466 views • 14 slides
Security Policies CS461/ECE422 Computer Security I Fall 2009 -1 Overview Natural language

Security Policies CS461/ECE422 Computer Security I Fall 2009 -1 Overview Natural language

Security Policies CS461/ECE422 Computer Security I Fall 2009 -1 Overview Natural language policies Example policies Implementation policies High level Low level -2 Reading Material Computer Security,

764 views • 40 slides
Integrating biodiversity in poverty eradication policies Good practices from Europe Arnold

Integrating biodiversity in poverty eradication policies Good practices from Europe Arnold

Integrating biodiversity in poverty eradication policies Good practices from Europe Arnold Jacques de Dixmude, European Commission Maria Schultz, , Stockholm Resilience Center Outline 1. Within Europe B&ES and livelihood of the

340 views • 17 slides
I TU EC HI PSSA Project Support for Harm onization of the I CT Policies in Sub-Sahara

I TU EC HI PSSA Project Support for Harm onization of the I CT Policies in Sub-Sahara

I TU EC HI PSSA Project Support for Harm onization of the I CT Policies in Sub-Sahara Africa, Sadc Harm oniseed Legal Cyber Security Fram ew ork For Southern Africa 2 nd Stakeholders W orkshop on National Transposition of SADC

483 views • 22 slides
Modelling the Effects of Integrating Key Tobacco Control Policies with Health Provider Advice on

Modelling the Effects of Integrating Key Tobacco Control Policies with Health Provider Advice on

Modelling the Effects of Integrating Key Tobacco Control Policies with Health Provider Advice on Quit Attempts Among South Africans Lekan Ayo-Yusuf , BDS, MPH, PhD Dept of Community Dentistry & School of Health Systems & Public Health

552 views • 5 slides
Security Policies EGI OMB meeting 27 July 2017 David Kelsey (STFC/RAL) www.egi.eu EGI-Engage

Security Policies EGI OMB meeting 27 July 2017 David Kelsey (STFC/RAL) www.egi.eu EGI-Engage

Updated (VO) Community Security Policies EGI OMB meeting 27 July 2017 David Kelsey (STFC/RAL) www.egi.eu EGI-Engage is co-funded by the Horizon 2020 Framework Programme of the European Union under grant number 654142 EGI security policies

319 views • 12 slides
Complex Security Policy? A Longitudinal Analysis of Deployed Content Security Policies Sebastian

Complex Security Policy? A Longitudinal Analysis of Deployed Content Security Policies Sebastian

Complex Security Policy? A Longitudinal Analysis of Deployed Content Security Policies Sebastian Roth , Timothy Barron, Stefano Calzavara, Nick Nikiforakis & Ben Stock Network and Distributed System Security Symposium (NDSS '20) Cross-Site

878 views • 31 slides
AeRO Australian eResearch Organisations IT User Support Project Integrating user support for

AeRO Australian eResearch Organisations IT User Support Project Integrating user support for

AeRO Australian eResearch Organisations IT User Support Project Integrating user support for eResearch services within institutions. Lessons learned from AeRO Stage 2 User Support Project Hamish Holewa Project Manager Loretta Davis

225 views • 22 slides
Integrating SELinux and Security-typed Languages Sandra Rueda - ruedarod@cse.psu.edu Boniface

Integrating SELinux and Security-typed Languages Sandra Rueda - ruedarod@cse.psu.edu Boniface

Integrating SELinux and Security-typed Languages Sandra Rueda - ruedarod@cse.psu.edu Boniface Hicks, Trent Jaeger, Patrick McDaniel Systems and Internet Infrastructure Security Lab Department of Computer Science and Engineering SIIS Lab -

492 views • 25 slides
Security Enhanced (SE) Android: Bringing Flexible MAC to Android Stephen Smalley and Robert Craig

Security Enhanced (SE) Android: Bringing Flexible MAC to Android Stephen Smalley and Robert Craig

Security Enhanced (SE) Android: Bringing Flexible MAC to Android Stephen Smalley and Robert Craig Trusted Systems Research National Security Agency Motivation Android security relies on Linux DAC. To protect the system from apps. To

480 views • 21 slides
The The Beverly Beverly Middle Middle School School Flexible Flexible Learning Learning

The The Beverly Beverly Middle Middle School School Flexible Flexible Learning Learning

Transformative Learning Through Architecture The The Beverly Beverly Middle Middle School School Flexible Flexible Learning Learning Academy Academy FLEXIBLE Flexible Classroom Studios ACADEMY Flexible Configurations Flexible Support

499 views • 32 slides
More Enforceable Security Policies by Lujo Bauer, Jarred Ligatti and David W alker Presented by

More Enforceable Security Policies by Lujo Bauer, Jarred Ligatti and David W alker Presented by

More Enforceable Security Policies by Lujo Bauer, Jarred Ligatti and David W alker Presented by Khoo Yit Phang April 21, 2008 To Build Secure Systems... 1.What sort of security policies can and should w e demand of our system? 2.What mechanism

325 views • 15 slides
CS412 Software Security Security Policies Mathias Payer EPFL, Spring 2019 Mathias Payer CS412

CS412 Software Security Security Policies Mathias Payer EPFL, Spring 2019 Mathias Payer CS412

CS412 Software Security Security Policies Mathias Payer EPFL, Spring 2019 Mathias Payer CS412 Software Security Security Policies A policy is a deliberate system of principles to guide decisions and achieve rational outcomes. A policy is a

532 views • 41 slides

More recommend