mandatory access control for carrier grade linux clusters
play

Mandatory Access Control for Carrier-Grade Linux Clusters (as part - PowerPoint PPT Presentation

Sep 08, 2023 •413 likes •841 views

Mandatory Access Control for Carrier-Grade Linux Clusters (as part of the DSI project) Miroslaw.Zakrzewski@Ericsson.ca Ericsson Research Canada Open System Lab Montral Canada http://www.risq.ericsson.ca Rev PA1 2002-05-22 1 Ericsson

  1. Mandatory Access Control for Carrier-Grade Linux Clusters (as part of the DSI project) Miroslaw.Zakrzewski@Ericsson.ca Ericsson Research Canada Open System Lab Montréal – Canada http://www.risq.ericsson.ca Rev PA1 2002-05-22 1 Ericsson Canada

  2. The purpose of the presentation is to explain about ongoing implementation of a Distributed Security Module that provides Mandatory Access Control within a Linux Cluster. Rev PA1 2002-05-22 2 Ericsson Canada

  3. Outline • Introduction • DSI Characteristics • Access Control - General Architecture • Distributed Security Module • Security Distribution in DSM • Demo Architecture (Local and Remote Access) • Challenges Rev PA1 2002-05-22 3 Ericsson Canada

  4. Introduction (1/5) Subject Access Request Access Control Decision = function(Subject,Resource) Resource Rev PA1 2002-05-22 4 Ericsson Canada

  5. Introduction (2/5) • Discretionary Access Control – Ordinary users involved in the security policy definition – Access decisions based on user identity and ownership – Two category of users : – completely trusted administrators (root) – Completely untrusted ordinary user Rev PA1 2002-05-22 5 Ericsson Canada

  6. Introduction (3/5) • Mandatory Access Control – policy definition and assignment of security attributes is controlled by a system security administrator – access decisions are based on labels that contain a variety of security-relevant information (every subject and object in the system is labelled) Rev PA1 2002-05-22 6 Ericsson Canada

  7. Introduction (4/5) • Cluster: A collection of interconnected stand-alone computers working together to solve a problem as a single computing entity Rev PA1 2002-05-22 7 Ericsson Canada

  8. Introduction (5/5) • Access Control and Clusters S CLUSTER Node S R R R Rev PA1 2002-05-22 8 Ericsson Canada

  9. Cluster Access Types • Cluster Local Access – subject and resource on the same node inside the cluster • Cluster Remote Access – subject and resource on different nodes inside the cluster • Cluster Outside Access – subject inside cluster, resource outside cluster – subject outside cluster, resource inside cluster • No Cluster Access – both subject and resource outside cluster Rev PA1 2002-05-22 9 Ericsson Canada

  10. DSI Characteristics (please see paper on DSI) • Process Level Approach – Controlling Single Process • Pre-emptive Security – Run-time changes of security attributes – Security can be modified without stopping the system • Minimal Impact – Performance – Transparency • Distributed – Clusters Rev PA1 2002-05-22 10 Ericsson Canada

  11. Access Control – General Architecture (1/2) SnIDx Security Server SnID1 SnID2 Subject 2 Subject 1 (Process) (Process) SID SID SnID, SID Resource Resource (Comm.) (Comm.) Resource SID (File) SID SID Rev PA1 2002-05-22 11 Ericsson Canada

  12. Access Control – General Architecture (2/2) User Mode SM Access Process DSP Legend: Security Policy Control SM Security Manager DSP Distributed Security Policy LSM Linux Security Module DIR DSP Internal Representation Kernel Mode System Calls Interface DSIlsmACS.o DIR (LSM) Rev PA1 2002-05-22 12 Ericsson Canada

  13. Distributed Security Module • DSM is implemented in Kernel Space. – Performance – Transparency • DSM uses LSM Framework. (please see paper on LSM) – Pre-emptive security – Process Level Approach • DSM uses IP Options. – Distribution Rev PA1 2002-05-22 13 Ericsson Canada

  14. Linux Security Module Framework (LSM) (Used by Distributed Security Module) • Patch to Linux Kernel by WireX (based on NSA prototype) • Security Hooks - points the kernel to allow the control of nearly every system operation – 140 hooks – 29 classes • Flexible: – Easy to add user defined security implementations • Function pointers in terms of programming Rev PA1 2002-05-22 14 Ericsson Canada

  15. LSM Installation for Kernel 2.4.17 http://lsm.immunix.org get lsm-full-2002_01_15 patch for kernel 2.4.17 gunzip lsm-full-2002_01_15-2.4.17.patch.gz cd /usr/src/linux patch –p1 < /home/lmcmzak/lsm-full-2002_01_15-2.4.17.patch rebuild the kernel Rev PA1 2002-05-22 15 Ericsson Canada

  16. LSM Framework • New Code <linux/security> <include/linux/security.h> • New Global struct security_operations *security_ops; /* pointer to all security operation in the kernel */ struct security_operations dummy_security_ops; /* set of dummy functions */ Rev PA1 2002-05-22 16 Ericsson Canada

  17. LSM Framework • Function to Register and UnRegister Security Operation to the Kernel int register_security (struct security_operations *ops); int unregister_security (struct security_operations *ops); Rev PA1 2002-05-22 17 Ericsson Canada

  18. Linux Access Control User Mode Subject (Process) System Call Kernel Mode System Calls Interface Object (File) Rev PA1 2002-05-22 18 Ericsson Canada

  19. Linux Access Control and LSM Framework User Mode Subject (Process) System Call Kernel Mode System Calls Interface Function Call Object Dummy Module (File) Rev PA1 2002-05-22 19 Ericsson Canada

  20. Linux Access Control and DSM User Mode Subject (Process) SSec System Call Kernel Mode System Calls Interface Function Call Distributed Security Module Object (File) A = f(SSec,TSec,Class) TSec Rev PA1 2002-05-22 20 Ericsson Canada

  21. Labels in DSM – Objects attached to Linux structures – Example : task label (object attached to task structure struct task_struct <linux/sched.h>) struct task_struct { . void *security; . } Rev PA1 2002-05-22 21 Ericsson Canada

  22. Task Security Label Format in DSM typedef struct { int sid; ... ... void *task; } task_security_t; Rev PA1 2002-05-22 22 Ericsson Canada

  23. Task Label in relation to task structure in DSM Kernel Stack 8 Kb block task_security_t task Struct Task_Struct security Rev PA1 2002-05-22 23 Ericsson Canada

  24. Task Label Attachment in DSM • All running tasks are labelled when the security module is loaded ( sid is set to default value ) • After the security module is loaded the tasks are labelled using security hooks (two step process) : – Fork : sid of parent – Exec : sid can be modified based on the sid stored in the image (SID is embedded in the ELF format) Rev PA1 2002-05-22 24 Ericsson Canada

  25. Security System Calls in DSM • Set Node ID • Change Task SID • Set Policy • Check Alarms Rev PA1 2002-05-22 25 Ericsson Canada

  26. Security Distribution • Security Information transfer – IP level (first) – IP header modification – Kernel hooks for IP traffic handling – Security information (SID, SnID) transfer as an option in IP header – Implementation based on Selopt implementation for SELinux by James Morris • IP Options – Commercial Internet Protocol Security Option (CIPSO) – Federal Information Processing Standard (FIPS) - 188 Rev PA1 2002-05-22 26 Ericsson Canada

  27. Security Distribution • Network Labels – Labels used when performing remote access (subject and resource on different nodes) – Security Node ID (SnID) and Security ID (SID) of the subject are added to the IP message – On the receiving side these two information are extracted and used to build the network security ID (NSID) NSID = Function ( SnID, SID) – NSID is used as a local label for access control decisions Rev PA1 2002-05-22 27 Ericsson Canada

  28. Security Distribution • Network Buffer Label – Socket Buffer (<linux/skbuff.h>) – object to contain network packets in kernel struct sk_buff { . void *lsm_security; . } Rev PA1 2002-05-22 28 Ericsson Canada

  29. Network Labels • sk_buff Security Label Format typedef struct { int sid; . . . struct sk_buff *sk_buff; } sk_buff_security_t; Rev PA1 2002-05-22 29 Ericsson Canada

  30. Network Labels • sk_buff Security Label Attachment (sending side) – Security ID of sk_buff is taken from Security ID of the sending socket – Security Node ID is set up by the security server and is global in LSM module Rev PA1 2002-05-22 30 Ericsson Canada

  31. Network Labels • Security Information in Network Message – Message is modified on IP layer (adding options) – Security Node ID is taken from LSM module and attached to the message – Security ID is taken from sk_buff Security Label and attached to the message Rev PA1 2002-05-22 31 Ericsson Canada

  32. Network Labels • sk_buff Security Label Attachment (receiving side) – Extracting Security Node Id (SnID) and Security ID (SID) from the incoming message – Converting SnID and SID pair to Network Security ID (NID) based on the conversion table : NID = Fun(SnID,SID) – NID will be treated as a local label (local access control) Rev PA1 2002-05-22 32 Ericsson Canada

  33. Demo Architecture SnID2 SnID1 Shell Shell Server Client (HTTP Server) (HTTP Client) Resource Resource (Socket) (Socket) Resource Resource (Device) (Device) Hardware Hardware Rev PA1 2002-05-22 33 Ericsson Canada

Recommend

Outline Unix-style access control, contd CSci 5271 Multilevel and mandatory access control

Outline Unix-style access control, contd CSci 5271 Multilevel and mandatory access control

Outline Unix-style access control, contd CSci 5271 Multilevel and mandatory access control Introduction to Computer Security Access control, contd Announcements intermission Stephen McCamant Capability-based access control University

380 views • 7 slides
Access Control and Protection Overview Access control: What and Why Abstract Models of

Access Control and Protection Overview Access control: What and Why Abstract Models of

Access Control and Protection Overview Access control: What and Why Abstract Models of Access Control Discretionary acces control Mandatory access control Real systems: Unix Access Control Model Access control Access

817 views • 47 slides
Outline Multilevel and mandatory access control CSci 5271 Capability-based access control

Outline Multilevel and mandatory access control CSci 5271 Capability-based access control

Outline Multilevel and mandatory access control CSci 5271 Capability-based access control Introduction to Computer Security Announcements intermission Day 11: OS security: higher assurance Stephen McCamant OS trust and assurance University

303 views • 9 slides
Outline Multilevel and mandatory access control CSci 5271 Introduction to Computer Security

Outline Multilevel and mandatory access control CSci 5271 Introduction to Computer Security

Outline Multilevel and mandatory access control CSci 5271 Introduction to Computer Security Announcements intermission Day 10: OS security: access control Stephen McCamant Capability-based access control University of Minnesota, Computer

245 views • 5 slides
Outline Multilevel and mandatory access control CSci 5271 Introduction to Computer Security

Outline Multilevel and mandatory access control CSci 5271 Introduction to Computer Security

Outline Multilevel and mandatory access control CSci 5271 Introduction to Computer Security Announcements intermission Day 10: OS security: access control Stephen McCamant Capability-based access control University of Minnesota, Computer

486 views • 7 slides
Mandatory Access Control in Linux CMPSC 443 - Spring 2012 Introduction Computer and Network

Mandatory Access Control in Linux CMPSC 443 - Spring 2012 Introduction Computer and Network

Mandatory Access Control in Linux CMPSC 443 - Spring 2012 Introduction Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse443-s12/ CSE443 Introduction to Computer and Network Security - Spring 2012 - Professor Jaeger

231 views • 20 slides
Mandatory Access Control Mandatory Access Control 1 DAC DAC and Trojan Horse d T j H Brown:

Mandatory Access Control Mandatory Access Control 1 DAC DAC and Trojan Horse d T j H Brown:

Mandatory Access Control Mandatory Access Control 1 DAC DAC and Trojan Horse d T j H Brown: read, write Employee Brown Read Employee Black Brown: read write Black, Brown: read, write REJECTED! Blacks Employee Black is not allowed

565 views • 38 slides
D e f i n i t i o n o f S E L i n u x 80:20:DE:AD:BE:EF 80:20:DE:AD:BE:EF

D e f i n i t i o n o f S E L i n u x 80:20:DE:AD:BE:EF 80:20:DE:AD:BE:EF

D e f i n i t i o n o f S E L i n u x 80:20:DE:AD:BE:EF 80:20:DE:AD:BE:EF Mandatory Access Control ... refers to a type of access control by which the operating system constrains the ability of a subject or initiator to

599 views • 47 slides
Outline Basics of access control Unix-style access control CSci 5271 Introduction to Computer

Outline Basics of access control Unix-style access control CSci 5271 Introduction to Computer

Outline Basics of access control Unix-style access control CSci 5271 Introduction to Computer Security Announcements intermission Day 10: OS security: access control Multilevel and mandatory access control Stephen McCamant University of

324 views • 10 slides
Building a Remote Control Robot with Automotive Grade Linux Leon Anavi Konsulko Group

Building a Remote Control Robot with Automotive Grade Linux Leon Anavi Konsulko Group

Building a Remote Control Robot with Automotive Grade Linux Leon Anavi Konsulko Group leon.anavi@konsulko.com Embedded Linux Conference Europe 2017 23-25 October, Prague, Czech Republic Agenda Overview of AGL Selecting hardware

622 views • 30 slides
Access Control Access Control 1 Access Control Access control : ensures that all direct

Access Control Access Control 1 Access Control Access control : ensures that all direct

Access Control Access Control 1 Access Control Access control : ensures that all direct accesses to object are authorized a scheme for mapping users to allowed actions Protection objects : system resources for which protection is

576 views • 21 slides
Power Your Car with Automo0ve Grade Linux Automo&amp;ve Linux

Power Your Car with Automo0ve Grade Linux Automo&amp;ve Linux

Power Your Car with Automo0ve Grade Linux Automo&amp;ve Linux Summit 2017 Walt Miner ( @VStarWalt ) Community Manager, AGL , The Linux

594 views • 37 slides
Role-Based Access Control Corban Rivera CS 6204, Spring 2005 1 Trusted Computer System

Role-Based Access Control Corban Rivera CS 6204, Spring 2005 1 Trusted Computer System

Role-Based Access Control Corban Rivera CS 6204, Spring 2005 1 Trusted Computer System Evaluation Criteria (TCSEC) Background MAC Mandatory Access Control Firm security levels DAC Discretionary Access Control Access

240 views • 6 slides
Access Control Lists in Linux &amp; Windows Vasudevan Nagendra &amp; Yaohui Chen Fall 2014:: CSE

Access Control Lists in Linux &amp; Windows Vasudevan Nagendra &amp; Yaohui Chen Fall 2014:: CSE

Fall 2014:: CSE 506:: Section 2 (PhD) Access Control Lists in Linux &amp; Windows Vasudevan Nagendra &amp; Yaohui Chen Fall 2014:: CSE 506:: Section 2 (PhD) Categorization: Access Control Mechanisms Discretionary Access Control (DAC): Owner

1k views • 33 slides
Outline OS security: authentication, contd Basics of access control CSci 5271 Introduction

Outline OS security: authentication, contd Basics of access control CSci 5271 Introduction

Outline OS security: authentication, contd Basics of access control CSci 5271 Introduction to Computer Security Announcements intermission OS security: access control Unix-style access control Stephen McCamant Multilevel and mandatory

656 views • 9 slides
DAC and Trojan Horse Brown: read, write Employee Mandatory Access Control Brown B Read

DAC and Trojan Horse Brown: read, write Employee Mandatory Access Control Brown B Read

DAC and Trojan Horse Brown: read, write Employee Mandatory Access Control Brown B Read Employee R d E l Black, Brown: read, write REJECTED! Blacks Employee Black is not allowed To access Employee Black 1 2 Mandatory Access

433 views • 6 slides
Computing using Linux: The Good and the Bad Christoph Lameter HPC and Linux Most of the

Computing using Linux: The Good and the Bad Christoph Lameter HPC and Linux Most of the

High Performance Computing using Linux: The Good and the Bad Christoph Lameter HPC and Linux Most of the supercomputers today run Linux. All of the computational clusters in corporations that I know of run Linux. Support for

419 views • 12 slides
Access Control Jackson Argo Rackspace MO After-hours April 28, 2016 What is Access Control?

Access Control Jackson Argo Rackspace MO After-hours April 28, 2016 What is Access Control?

Access Control Jackson Argo Rackspace MO After-hours April 28, 2016 What is Access Control? How Is Access Determined? Who Determines Access? Forms of Access Control SELinux Booleans iptables File Access Control Lists Apache Access Control

711 views • 36 slides
I. Clusters bajo Linux Isabel Campos Plasencia Responsable de Proyectos de Computacin 28, 29

I. Clusters bajo Linux Isabel Campos Plasencia Responsable de Proyectos de Computacin 28, 29

INSTITUTO DE BIOCOMPUTACIN Y FSICA DE SISTEMAS COMPLEJOS CURSO CLUSTERS &amp; GRID COMPUTING EN ENTORNOS DE SOFTWARE LIBRE I. Clusters bajo Linux Isabel Campos Plasencia Responsable de Proyectos de Computacin 28, 29 y 30 de Noviembre

663 views • 38 slides
detected by sender! Listen for carrier sense before transmitting Collision: What you

detected by sender! Listen for carrier sense before transmitting Collision: What you

Medium Access Control IEEE 802.11, Token Rings Wireless channel is a shared medium Need access control mechanism to avoid interference Why not CSMA/CD? 9/15/06 CS/ECE 438 - UIUC, Fall 2006 1 9/15/06 CS/ECE 438 - UIUC, Fall 2006 2

364 views • 8 slides
Replacing CONFIG_VT/linux-console David Herrmann FOSDEM 2013 What is CONFIG_VT? access control

Replacing CONFIG_VT/linux-console David Herrmann FOSDEM 2013 What is CONFIG_VT? access control

Replacing CONFIG_VT/linux-console David Herrmann FOSDEM 2013 What is CONFIG_VT? access control to graphics/input devices VT102 terminal emulator VGACON + FBCON What is it used-for? session dispatcher lightweight UI with little hardware

592 views • 21 slides
Chris Price OPNFV TSC Chairperson 4/5/16 OPNFV is a carrier-grade, OPNFV is a

Chris Price OPNFV TSC Chairperson 4/5/16 OPNFV is a carrier-grade, OPNFV is a

Chris Price OPNFV TSC Chairperson 4/5/16 OPNFV is a carrier-grade, OPNFV is a carrier-grade, integrated, open source integrated, open source platform to accelerate the platform to introduction of new NFV products and services. ETSI

274 views • 9 slides
Design and Implementa/on of a Carrier Grade So6ware Defined

Design and Implementa/on of a Carrier Grade So6ware Defined

1ST IEEE / IFIP Interna/onal Workshop on SDN Management and Orchestra/on Design and Implementa/on of a Carrier Grade So6ware Defined Telecommunica/on

604 views • 21 slides
1 General Access Control General Access Control Control of access to memory relatively easy:

1 General Access Control General Access Control Control of access to memory relatively easy:

Role of Access Control Before closing back doors we need to close front doors Access control: determines access to files &amp; processes in OS Fall 2008 We will return to these themes throughout the course Fall 2008 CS

512 views • 6 slides

More recommend