securing linux
play

Securing Linux Hyungjoon Koo and Anke Li Fall 2014:: CSE 506:: - PowerPoint PPT Presentation

Mar 03, 2024 •1.08k likes •1.39k views

Fall 2014:: CSE 506:: Section 2 (PhD) Securing Linux Hyungjoon Koo and Anke Li Fall 2014:: CSE 506:: Section 2 (PhD) Outline Overview Background: necessity & brief history Core concepts LSM (Linux Security Module)

  1. Fall 2014:: CSE 506:: Section 2 (PhD) Securing Linux Hyungjoon Koo and Anke Li

  2. Fall 2014:: CSE 506:: Section 2 (PhD) Outline • Overview – Background: necessity & brief history – Core concepts • LSM (Linux Security Module) – Requirements – Design • SELinux – Key elements – Security context: identity (SID), role, type/domain • AppArmor – Key elements – Application policy profile • SELinux vs AppArmor

  3. Fall 2014:: CSE 506:: Section 2 (PhD) Why a new access control model • Limited traditional access control for Linux – Discretionary Access Control (DAC) • Provide only a coarse access control • 9 bits model ( rwx per owner, group and others) • Has setuid , setgid and sticky bit - not enough • Cases when a fine-grained access control needs – Does passwd require root access to printers? – Suppose I have a secret diary and the app to read it • Can I restrict my app from reading/writing a socket over network? – Alice might have multiple roles • Surfing the web, writing a report, and managing a firewall

  4. Fall 2014:: CSE 506:: Section 2 (PhD) Brief history • Increasing the demand for reference monitor in Linux – A mechanism to enforce access control – Originate from orange book from the NSA: too generic • Adopting LSM in Linux Kernel – Originally a set of kernel modules in 2.2, updated in 2.4 – LSM (Linux Security Module) Feature in 2.6 • SELinux developed by the NSA and released in 2001 • Default choice for Fedora/RedHat Linux • Lots of early works – Subdomain ( AppArmor ), Flask ( SELinux ), OpenWall , …

  5. Fall 2014:: CSE 506:: Section 2 (PhD) Reference monitor • A component that authorizes access requests at the RMI defined by individual hooks which invokes module to submit a query to the policy store From Operating System Security (Fig 2.3)

  6. Fall 2014:: CSE 506:: Section 2 (PhD) Core concepts • Idea: Define policies to decide if applications/users have the privilege to proceed a given operation – MAC: Mandatory access control – Least Privileges • Broadly covered security policy – To all subjects, all objects and all operations – As everything in Linux is represented as a FILE • files, directories, devices, sockets, ports, pipes, and IPCs

  7. Fall 2014:: CSE 506:: Section 2 (PhD) Linux Security Module (LSM) • Implementation of a reference monitor • Requirements – Modularized security – Loadable modules – Centralized MAC – LSM API

  8. Fall 2014:: CSE 506:: Section 2 (PhD) LSM design • Definition – How to invoke permission check? • By calling the initiated function pointers in security_ops • Aka LSM hooks – One hook is shown below: static inline int security_inode_create (struct inode *dir, struct dentry *dentry, int mode) { if (unlikely (IS_PRIVATE (dir))) return 0; return security_ops->inode_create (dir, dentry, mode); } • Placement • Implementation

  9. Fall 2014:: CSE 506:: Section 2 (PhD) LSM design - hooking • Simple diagram of hooking Process 1 Process 2 … Process N int 0x80 User Space Kernel Space System Call Handler LSM System call Func ptr Hook to LSM lsm_open() open() 0xffffaaaa lsm_open(), 0xffffbbbb read() 0xffffaaba lsm_read(), 0xffffbbcb lsm_read() write() 0xffffaaca lsm_write(), 0xffffbbdb lsm_write() getdents() 0xffffaada lsm_getdents(), 0xffffbbeb lsm_getdents() … … …

  10. Fall 2014:: CSE 506:: Section 2 (PhD) LSM design • Definition • Placement – Where to place those hooks? • Entry of system call (not all of them) • Determined by source code analysis – Inline function • E.g., security_inode_create • Implementation

  11. Fall 2014:: CSE 506:: Section 2 (PhD) LSM design – hooking example • open () hook process – Process syscall in user • file path • operation – Invoke syscall in kernel – Lookup inode – Check DAC – Hook & check MAC – Grant access From Operating System Security (Fig 9.2)

  12. Fall 2014:: CSE 506:: Section 2 (PhD) LSM design • Definition • Placement • Implementation – Where to find the function which hooks point to? – SELinux, AppArmor, LIDS, etc. – Does placement need to change in different LSMs? • Theoretically yes • Practically, the placement of hooks is stabilized

  13. Fall 2014:: CSE 506:: Section 2 (PhD) SELinux at a glance • Security Policies – Centralized store for access control – Can be modified by the SELinux system administrator – Determined by security contexts (=user, role, type) – Specification of permissions – Labeled with information for each file • Based on TE (Type Enforcement) and RBAC model • Operations to objects for subjects – append, create, rename, rwx, (un)link, (un)lock, … • Object classes – file, IPC, network, object, …

  14. Fall 2014:: CSE 506:: Section 2 (PhD) Some valid questions • How can SELinux internally incorporate with DAC? – DAC then MAC • Who writes the policy? – Admin • Isn't it hard to write a policy? – Indeed, and complicated (for SELinux ) • What happens if there is wrong policy? – Hell API names are admittedly confusing

  15. Fall 2014:: CSE 506:: Section 2 (PhD) Security context • Consist of three security attributes – User identity (SID, Security identifier) • SELinux user account associated with a subject or object • Different from traditional UNIX account (i.e /etc/passwd ) – Type or domain – Role (RBAC)

  16. Fall 2014:: CSE 506:: Section 2 (PhD) Security context • Consist of three security attributes – User identity (SID, Security identifier) – Type or domain • Postfix _t (i.e user_t, passwd_t, shadow_t , … ) • Divide subjects and objects into related groups • Typically type is assigned to an object, and domain to a process • Primary attribute to make fine-grained authorization decisions – Role (RBAC)

  17. Fall 2014:: CSE 506:: Section 2 (PhD) Security context • Consist of three security attributes – User identity (SID, Security identifier) – Type or domain – Role (RBAC) • Postfix _r (i.e sysadm_r, user_r, object_r , … ) • User might have multiple roles • Associate the role with domains (types) that it can access • Not assign permissions directly • Limits a set of permission ahead of time • If role is not authorized to enter a domain then denied

  18. Fall 2014:: CSE 506:: Section 2 (PhD) Security context example • Putting all together – Alice wants to change her password • SID alice with the user role, user_r • Role permitted to run typical user processes • Any process with user_t to execute the passwd_exec_t label role user_r types {user_t user_firefox_t} <perm> <sub_type> <obj_type>:<obj_class> <op_set> Allow user_t passwd_exec_t:file execute Allow passwd_t shadow_t:file {read write} <file_path_expr> <obj_context> /usr/bin/passwd system_u:object_r:passwd_exec_t /etc/shadow.* system_u:object_r:shadow_t

  19. Fall 2014:: CSE 506:: Section 2 (PhD) Decision making with policy • Access decision – Based on security context – allow, auditallow, dontaudit, and neverallow • Q: how can we decide policy for a temporary object? – temp processes (i.e fork) and files • A: transition decision – Process creation: domain transmission – File creation: type transmission (labelling) type_transition <curr_type> <exe_file_type>:process <res_type> type_transition user_t passwd_exec_t:process passwd_t

  20. Fall 2014:: CSE 506:: Section 2 (PhD) Transition decision examples • Process creation • File creation – Domain decision – Type decision From SELinux Ch2

  21. Fall 2014:: CSE 506:: Section 2 (PhD) Implementation • Policy sources – .te files (type enforcement) • Define rules and macros( m4 ) & assign permissions – . fc files (file context) • Define file contexts, supporting regular expression – RBAC files – User declarations • Makefile (target: policy, install, …) • Policy compiler – Merge all policies to policy.conf – Generate policy binary, centralized policy storage

  22. Fall 2014:: CSE 506:: Section 2 (PhD) AppArmor at a glance • Another mainstream of LSM implementation • Much simpler framework than SELinux – Targeted policy – An “application security system” – Pathname based – Work in two modes: • enforce mode and complain mode – One policy file per application • Used by some popular Linux distributions – Ubuntu, openSUSE, etc.

  23. Fall 2014:: CSE 506:: Section 2 (PhD) How AppArmor works? • Designed to be a complement to DAC – Can’t provide complete access control • Born to be targeted policy – unconfined_t in SELinux • Application based access control – One policy file per application – Protect system against applications • File + POSIX capabilities

  24. Fall 2014:: CSE 506:: Section 2 (PhD) AppArmor profile • Capability rules: capability setuid, capability dac_override, • Network rules: network (read, write) inet, deny network bind inet, • File rules: /path/to/file rw, /dir/** r,

  25. Fall 2014:: CSE 506:: Section 2 (PhD) SELinux vs AppArmor • Whole system vs. only a set of applications • Types & domains vs. defining permission directly • Strict MAC implementation vs. Partially implement • Extended attributes vs. pathname • Difficulty to configure – SELinux needs 4x bigger conf. file than AppArmor • Overhead? – 7% vs. 2%

  26. Fall 2014:: CSE 506:: Section 2 (PhD) Conclusion • SELinux and AppArmor can both greatly enhance OS security. • Choice depends on what you need.

Recommend

Securing Linux VMs in a Hosted Environment mikbras@microsoft.com Goal attacks from the

Securing Linux VMs in a Hosted Environment mikbras@microsoft.com Goal attacks from the

Securing Linux VMs in a Hosted Environment mikbras@microsoft.com Goal attacks from the outside To protect Linux VMs from outside attacks (from processes running on the host). Injecting code into the boot chain. Stealing data from

559 views • 18 slides
Securing Linux John Kristoff jtk@depaul.edu http://condor.depaul.edu/~jkristof/ +1 312 362-5878

Securing Linux John Kristoff jtk@depaul.edu http://condor.depaul.edu/~jkristof/ +1 312 362-5878

Securing Linux John Kristoff jtk@depaul.edu http://condor.depaul.edu/~jkristof/ +1 312 362-5878 DePaul University Chicago, IL 60604 NWU Security Day John Kristoff - DePaul University 1 Starting comments A mish-mash of

678 views • 32 slides
Linux Kung Fu Introduction What is Linux? Why Linux? What is the difference between a client

Linux Kung Fu Introduction What is Linux? Why Linux? What is the difference between a client

Linux Kung Fu Introduction What is Linux? Why Linux? What is the difference between a client and a server? What is Linux? Linux generally refers to a group of Unix-like free and open-source operating system distributions that use the Linux

562 views • 53 slides
Wireless LAN Setup &amp; Optimizing Wireless Client in Linux Hacking and Cracking Wireless

Wireless LAN Setup &amp; Optimizing Wireless Client in Linux Hacking and Cracking Wireless

Wireless LAN Setup &amp; Optimizing Wireless Client in Linux Hacking and Cracking Wireless LAN Setup Host Based AP ( hostap ) in Linux &amp; freeBSD Securing &amp; Managing Wireless LAN : Implementing 802.1x EAP-TLS PEAP-MSCHAPv2

278 views • 14 slides
IoT Security Image: xkcd How is securing IoT different from securing any other system? IoT

IoT Security Image: xkcd How is securing IoT different from securing any other system? IoT

IoT Security Image: xkcd How is securing IoT different from securing any other system? IoT is a system of systems, with A great deal of heterogeneity (sensing, computation, communication, energy) New types of devices appearing all

1.35k views • 65 slides
Wireless LAN Security Setup &amp; Optimizing Wireless Client in Linux Hacking and Cracking

Wireless LAN Security Setup &amp; Optimizing Wireless Client in Linux Hacking and Cracking

Wireless LAN Security Setup &amp; Optimizing Wireless Client in Linux Hacking and Cracking Wireless LAN Setup Host Based AP ( hostap ) in Linux &amp; freeBSD Securing &amp; Managing Wireless LAN : Implementing 802.1x EAP-TLS

417 views • 29 slides
Building&amp;Hacking modern iOS apps Wojciech Regua @_r3ggi wojciech.regula@securing.pl

Building&amp;Hacking modern iOS apps Wojciech Regua @_r3ggi wojciech.regula@securing.pl

www.securing.pl Building&amp;Hacking modern iOS apps Wojciech Regua @_r3ggi wojciech.regula@securing.pl @_r3ggi wojciech.regula@securing.pl www.securing.pl www.securing.pl WHOAMI -Senior IT Security Consultant @ SecuRing -Focused on

998 views • 67 slides
Linux from Sensors to Servers ! When is Linux Not Linux? ! 1 1 Linux runs across a huge range

Linux from Sensors to Servers ! When is Linux Not Linux? ! 1 1 Linux runs across a huge range

Linux from Sensors to Servers ! When is Linux Not Linux? ! 1 1 Linux runs across a huge range of systems ! CC BY-SA 2.0 FHKE, Flickr 2 Whats the difference between Linux on a big thing and Linux on a little thing? ! 3 ! Whats the

900 views • 52 slides
Computing using Linux: The Good and the Bad Christoph Lameter HPC and Linux Most of the

Computing using Linux: The Good and the Bad Christoph Lameter HPC and Linux Most of the

High Performance Computing using Linux: The Good and the Bad Christoph Lameter HPC and Linux Most of the supercomputers today run Linux. All of the computational clusters in corporations that I know of run Linux. Support for

419 views • 12 slides
Linux Overview Amir Hossein Payberah payberah@gmail.com 1 Agenda Linux Overview Linux

Linux Overview Amir Hossein Payberah payberah@gmail.com 1 Agenda Linux Overview Linux

Linux Overview Amir Hossein Payberah payberah@gmail.com 1 Agenda Linux Overview Linux Distributions Linux vs Windows Linux Architecture Linux Security 2 What is Linux? Similar Operating System To Microsoft Windows, Sun

1.11k views • 55 slides
Interviews with Different Users About Their Linux Setups Steven Ovadia My Linux Rig

Interviews with Different Users About Their Linux Setups Steven Ovadia My Linux Rig

The State of Desktop Linux: Interviews with Different Users About Their Linux Setups Steven Ovadia My Linux Rig www.mylinuxrig.com @steven_ovadia *** Associate Professor/Web Services Librarian LaGuardia Community College About My Linux

458 views • 27 slides
Introduction to Linux Fundamentals of Computer Science Outline Operating Systems Linux

Introduction to Linux Fundamentals of Computer Science Outline Operating Systems Linux

Introduction to Linux Fundamentals of Computer Science Outline Operating Systems Linux History Linux Architecture Logging in to Linux Command Format Linux Filesystem Directory and File Commands Wildcard Characters

686 views • 19 slides
Introduction to Linux Aline Abler Aline Abler Linux, whats that? The pieces of a Linux

Introduction to Linux Aline Abler Aline Abler Linux, whats that? The pieces of a Linux

Linux, whats that? The pieces of a Linux system Linux Concepts Distributions Desktop environments Switching to Linux Epilogue Introduction to Linux Aline Abler Aline Abler Linux, whats that? The pieces of a Linux system Linux

767 views • 57 slides
GNU/Linux Why use it? What is Linux? Linux is a UNIX-like, GPL-licensed open-source kernel. The

GNU/Linux Why use it? What is Linux? Linux is a UNIX-like, GPL-licensed open-source kernel. The

GNU/Linux Why use it? What is Linux? Linux is a UNIX-like, GPL-licensed open-source kernel. The GNU userland consists of libc, the init system (SystemD) X11 GUI toolkits etc. Ask the audience Who has used

442 views • 22 slides
SANS Securing The Human Training Department of Safety Securing the Human Training Web

SANS Securing The Human Training Department of Safety Securing the Human Training Web

SANS Securing The Human Training Department of Safety Securing the Human Training Web based Centrally Administrated Divisionally managed Consistent content Central reporting Ability to add custom content (Policy's)

761 views • 10 slides
Linux You Can Drive My Car Embedded Linux Conference

Linux You Can Drive My Car Embedded Linux Conference

Linux You Can Drive My Car Embedded Linux Conference 2017 Walt Miner ( @VStarWalt ) Community Manager, AGL , The Linux FoundaGon

721 views • 55 slides
Securing and Protecting Securing and Protecting Water Rights and Uses in Water Rights and Uses

Securing and Protecting Securing and Protecting Water Rights and Uses in Water Rights and Uses

Securing and Protecting Securing and Protecting Water Rights and Uses in Water Rights and Uses in Arizona Arizona L. William Staudenmaier One Arizona Center 400 East Van Buren Street, Suite 1900 Phoenix, Arizona 85004 2202 602.382.6000 |

574 views • 32 slides
Securing a future for our horses. Securing a future for our sport. TABLE OF CONTENTS

Securing a future for our horses. Securing a future for our sport. TABLE OF CONTENTS

Securing a future for our horses. Securing a future for our sport. TABLE OF CONTENTS Industry-United Initiative ............................................ 2 The TAA Difference .................................................... 3 Life After

466 views • 19 slides
Linux For Beginners April 26, 2016 Dualboot Linux and Windows Dualboot Linux and Windows

Linux For Beginners April 26, 2016 Dualboot Linux and Windows Dualboot Linux and Windows

Linux For Beginners April 26, 2016 Dualboot Linux and Windows Dualboot Linux and Windows Reinstall usually keeps personal files Advantages of Linux More secure Package manager Software installation is easy, fast and secure Keeps

528 views • 15 slides
Linux Kung Fu Stephen James UBNetDef, Spring 2017 Introduction What is Linux? What is the

Linux Kung Fu Stephen James UBNetDef, Spring 2017 Introduction What is Linux? What is the

Linux Kung Fu Stephen James UBNetDef, Spring 2017 Introduction What is Linux? What is the difference between a client and a server? What is Linux? Linux generally refers to a group of Unix-like free and open-source operating system

607 views • 48 slides
AOS Linux Tutorial Introduction to Linux Michael Havas Dept. of Atmospheric and Oceanic Sciences

AOS Linux Tutorial Introduction to Linux Michael Havas Dept. of Atmospheric and Oceanic Sciences

AOS Linux Tutorial Introduction to Linux Michael Havas Dept. of Atmospheric and Oceanic Sciences McGill University September 15, 2011 Outline 1 Introduction to Linux Benefits of Linux What Exactly is Linux? The Free-Software Philosophy 2

898 views • 69 slides
The State of the Linux Desktop An OSDL Perspective John Cherry OSDL Desktop Linux (DTL)

The State of the Linux Desktop An OSDL Perspective John Cherry OSDL Desktop Linux (DTL)

The State of the Linux Desktop An OSDL Perspective John Cherry OSDL Desktop Linux (DTL) September 23, 2006 1 2 The State of the Linux Desktop Riding the Open Software Wave The Linux Desktop Markets Linux Desktop Market Data The Linux

543 views • 40 slides
Linux Basics 2 Pre-Lab Everyone installed Linux on their

Linux Basics 2 Pre-Lab Everyone installed Linux on their

Computer Systems and Networks ECPE 170 Jeff Shafer University of the Pacific Linux Basics 2 Pre-Lab Everyone installed Linux on

617 views • 25 slides
Securing Internet Routing Securing Internet Routing $ Local ISP Sharon Goldberg g Princeton

Securing Internet Routing Securing Internet Routing $ Local ISP Sharon Goldberg g Princeton

Jobtalk Securing Internet Routing Securing Internet Routing $ Local ISP Sharon Goldberg g Princeton University Based on work with: Based on work with: Boaz Barak, Shai Halevi, Aaron Jaggard, Vijay Ramachandran, Jennifer Rexford, Eran

1.12k views • 42 slides

More recommend