selinux protected paths revisited
play

SELinux Protected Paths Revisited Trent Jaeger Department of - PowerPoint PPT Presentation

Feb 24, 2024 •376 likes •629 views

SELinux Protected Paths Revisited Trent Jaeger Department of Computer Science and Engineering Pennsylvania State University March 1, 2006 Department of Computer Science & Engineering 1 Talk Topics Mechanism for MAC enforcement between

  1. SELinux Protected Paths Revisited Trent Jaeger Department of Computer Science and Engineering Pennsylvania State University March 1, 2006 Department of Computer Science & Engineering 1

  2. Talk Topics  Mechanism for MAC enforcement between 2 machines  Labeled IPsec  Protected Paths  Are we ready?  Distributed System MAC  What else do we need?  Claims  Distributed enforcement: distributed, shared monitor  Trust in that enforcement: trust representation  Simplicity and scalability: can virtual machines help? Department of Computer Science & Engineering 2

  3. Mandatory Access Control Appl Appl Appl SELinux MAC Linux Kernel Policy Module Department of Computer Science & Engineering 3

  4. Mandatory Access Control Appl Appl Appl SELinux MAC X File Policy Module Linux Kernel Department of Computer Science & Engineering 4

  5. Network MAC System System X Appl Appl Appl Appl Appl Appl Linux Kernel SELinux MAC Linux Kernel SELinux MAC Module Policy Module Policy Department of Computer Science & Engineering 5

  6. Client-Server MAC Server Client Worker Appl Appl Appl Appl Appl Server Linux Kernel SELinux MAC Linux Kernel SELinux MAC Module Policy Module Policy Department of Computer Science & Engineering 6

  7. Location-independent MAC Base System Remote System Appl Appl New Appl Appl Master Create Linux Kernel SELinux MAC Linux Kernel SELinux MAC Module Policy Module Policy Department of Computer Science & Engineering 7

  8. Labeled IPsec Leverage IPsec Advantages  Secure communication  Easy to integrate to kernel MAC  Add MAC Labeling to IPsec  Control application access to IPsec “channels”  Can only send/receive with MAC permission  Results  Application to application control is possible  BLP controls between applications on different machines  Applications can use labeling information   Label child processes Part of Linux 2.6.16-rc* kernel  Will be in 2.6.16 kernel  Department of Computer Science & Engineering 8

  9. Client-Server Usage System System Worker Appl Appl Appl Appl Appl Appl Access Access OS Kernel MAC OS Kernel MAC Control Control Policy Policy Module Module (1) Black must be able to access green policy (among others) (2) Black can extract label of SA for socket (3) Prototyped using getsockopt(…, SO_PEERSEC) Department of Computer Science & Engineering 9

  10. Get Peer Label  TCP  Is a socket connected? (TCP_ESTABLISHED)  getsockopt(.. SO_PEERSEC ..)  dst_entry cache of socket (labeled SA)  UDP  Connectionless  Set IP_PASSSEC socket option  recvmsg now returns context as well  For UNIX stream, dgram (soon) and INET stream, dgram  Work by Catherine Zhang at IBM Research Department of Computer Science & Engineering 10

  11. Use Labels in Client Control  Network Services  vsftpd, xinetd  Get label using TCP method  Configuration  Get xinetd to use labels based on configuration  Storage Security  Proxy-based  Server proxy limits access based on client label  Server is trusted  Client proxy connects based on client label  Client proxy processes need not be trusted Department of Computer Science & Engineering 11

  12. Distributed MAC Goal  Protected Paths  From “Inevitability of Failure”  Direct, Authenticated Communication  Integrity-preserved from input to output  Get peer’s label reliably  Comparable to  Authenticated IPC  UNIX domain sockets  Where are we relative to achieving protected paths for real?  Are protected paths enough? Department of Computer Science & Engineering 12

  13. Protected Paths Operating Systems Operating Systems Window Manager Window Manager Application Application Xserver Xserver Network Department of Computer Science & Engineering 13

  14. Protected Paths Operating Systems Operating Systems Window Manager Window Manager Application Application Xserver Xserver Network MAC Label Department of Computer Science & Engineering 14

  15. Protected Paths Operating Systems Operating Systems Window Manager Window Manager Application Application Xserver Xserver Network Attest MAC Label User Department of Computer Science & Engineering 15

  16. Protected Path Challenges  User-to-Application  Xserver Control  Window Manager Control  Application-to-OS  Labeled IPsec  Application Control Using Label  OS-to-OS  Reference Monitoring  MAC Policy, Labeling  Remote Attestation, Building Trust from Secure Hardware Department of Computer Science & Engineering 16

  17. Existing Solutions  Distributed Policy Management  E.g., Tivoli Access Manager, Microsoft Windows Domains  Virtual Machine Systems  NetTop  Terra  Logic of Authentication  Taos and Secure Boot  Trust Management Systems  E.g., PolicyMaker, KeyNote, etc.  Trust Negotiation Department of Computer Science & Engineering 17

  18. Secure Coalition System  Recent IBM Technical Report -- RC23865  Work with J. McCune at CMU; S. Berger, R. Caceres, R. Sailer at IBM Research Department of Computer Science & Engineering 18

  19. Distributed, Shared Monitor  Distributed, Shared Reference Monitor  TPM attestation of each physical machine’s reference monitor  Common enforcement properties: monitoring, MAC policy Department of Computer Science & Engineering 19

  20. Virtual Machines  Advantages  Coarser-grained protections  Coarser-grained policy  Simpler reference monitor  VM per application (simplify policy within VM)  Challenges  Dynamic policy (Yin and Wang, USENIX 2005)  Doesn’t fix user-to-user (Nitpicker’s, ACSAC 2005)  Translate into client-specific rights (finer-grained)  Scalable construction, maintenance of trust Department of Computer Science & Engineering 20

  21. Building Trust  Build Trust in Other System’s Reference Monitoring  And MAC Policy  And Labeling of Subjects and Objects  Why is this necessary?  Internet-scale  Register TPM and physical protection, but a different admin  Administration errors  Misconfiguration of a machine  Malice  Compromised platform  Build trust from secure hardware up Department of Computer Science & Engineering 21

  22. Internet-Scale Distributed Systems  Simple Langauge of Trust  Limited by Reference Monitoring Properties  Monotonic Reasoning  Multiple Layers of Reasoning  Machine  Virtual Machine  Coalition  Building Systems to Test Soundness/Completeness  Web Hosting  Internet Suspend/Resume  Distributed Computations -- Student Testing Department of Computer Science & Engineering 22

  23. Summary  Aim: Network MAC to Distributed System MAC  Have IPsec MAC controls  What is an appropriate goal for distributed system MAC  Protected Paths plus Remote Attestation plus Virtual Machines?  Distributed, Shared Reference Monitor  Several Challenges Remain  Trust across systems  Compatibility (policy, labeling) across systems  Service awareness  Building all the way to the user Department of Computer Science & Engineering 23

  24. Questions?  Contact  Trent Jaeger, tjaeger@cse.psu.edu  Penn State SIIS Lab, siis.cse.psu.edu  www.cse.psu.edu/~tjaeger  DSRM prototype report  IBM Tech Report  RC23865 -- With McCune, Berger, Caceres, Sailer  Linux kernel  www.kernel.org  SELinux  www.nsa.gov/selinux Department of Computer Science & Engineering 24

Recommend

What is SELinux trying to tell me? The 4 key causes of SELinux errors. SELinux Problem

What is SELinux trying to tell me? The 4 key causes of SELinux errors. SELinux Problem

What is SELinux trying to tell me? The 4 key causes of SELinux errors. SELinux Problem Solutions 1.SELinux == Labeling 2.SELinux Needs to Know 3.SELinux Policy/Apps can have bugs. 4.You could be COMPROMISED!!!! SELinux == Labeling Every

611 views • 11 slides
Hands-on SELinux: A Practical Introduction Security Training Course Dr. Charles J. Antonelli

Hands-on SELinux: A Practical Introduction Security Training Course Dr. Charles J. Antonelli

Hands-on SELinux: A Practical Introduction Security Training Course Dr. Charles J. Antonelli The University of Michigan 2012 Roadmap Day 1: Why SELinux? Overview of SELinux Using SELinux SELinux Permissive Domains Day

1.71k views • 60 slides
Hands-on SELinux: A Practical Introduction Security Training Course Dr. Charles J. Antonelli

Hands-on SELinux: A Practical Introduction Security Training Course Dr. Charles J. Antonelli

Hands-on SELinux: A Practical Introduction Security Training Course Dr. Charles J. Antonelli The University of Michigan 2013 Roadmap Day 1: Why SELinux? Overview of SELinux Using SELinux SELinux Permissive Domains Day

694 views • 45 slides
SELinux Policy Within Package Managers Why policy is special 1 SELinux? Policy? What?

SELinux Policy Within Package Managers Why policy is special 1 SELinux? Policy? What?

SELinux Policy Within Package Managers Why policy is special 1 SELinux? Policy? What? SELinux is a MAC system for Linux Enabled by default on Fedora, RHEL Available on Ubuntu, Gentoo, Debian, etc Policies are available for

579 views • 16 slides
Dynamics Reading Group Optimal paths: Revisited Paul Ritchie Supervisor: Jan Sieber 19th

Dynamics Reading Group Optimal paths: Revisited Paul Ritchie Supervisor: Jan Sieber 19th

Dynamics Reading Group Optimal paths: Revisited Paul Ritchie Supervisor: Jan Sieber 19th November 2015 Paul Ritchie , Supervisor: Jan Sieber Optimal paths: Revisited 19th November 2015 Overview Stochastic differential equation: x = f (

345 views • 16 slides
Fully dynamic all-pairs shortest paths with worst-case update-time revisited Ittai Abraham 1 Shiri

Fully dynamic all-pairs shortest paths with worst-case update-time revisited Ittai Abraham 1 Shiri

Fully dynamic all-pairs shortest paths with worst-case update-time revisited Ittai Abraham 1 Shiri Chechik 2 Sebastian Krinninger 3 1 Hebrew University of Jerusalem 2 Tel-Aviv University 3 Max Planck Institute for Informatics Saarland Informatics

918 views • 65 slides
An Introduction to SELinux Presentation Toshaan Bharvani - VanTosh bvba < toshaan@vantosh.com

An Introduction to SELinux Presentation Toshaan Bharvani - VanTosh bvba < toshaan@vantosh.com

An Introduction to SELinux Toshaan Bharvani - VanTosh bvba Introduction How to use it SELinux states Managing SELinux FroSCon 2012 Policies 25 August 2012 The End An Introduction to SELinux Presentation Toshaan Bharvani - VanTosh

466 views • 29 slides
"Interesting" Paths = Shortest Paths? "Interesting" Paths Shortest Paths!

"Interesting" Paths = Shortest Paths? "Interesting" Paths Shortest Paths!

WiSP : Weighted Shortest Paths for RDF graphs Gonzalo Tartari, Aidan Hogan DCC, Universidad de Chile "Interesting" Paths = Shortest Paths? "Interesting" Paths Shortest Paths! (Many of the) Existing Approaches Enumerate

783 views • 52 slides
SENG: An Enhanced Policy SENG: An Enhanced Policy Language for SELinux Language for SELinux

SENG: An Enhanced Policy SENG: An Enhanced Policy Language for SELinux Language for SELinux

SENG: An Enhanced Policy SENG: An Enhanced Policy Language for SELinux Language for SELinux Paul Kuliniewicz <kuliniew@purdue.edu> CERIAS, Purdue University Overview Overview What's wrong with macros? Can we do better?

947 views • 60 slides
Security- -Enhanced Darwin: Enhanced Darwin: Security Porting SELinux to Mac OS X Porting

Security- -Enhanced Darwin: Enhanced Darwin: Security Porting SELinux to Mac OS X Porting

Security- -Enhanced Darwin: Enhanced Darwin: Security Porting SELinux to Mac OS X Porting SELinux to Mac OS X SELinux Symposium 2007 ELinux Symposium 2007 S Chris Vance Information Systems Security Operation, SPARTA, Inc.

700 views • 26 slides
Plan Discrete paths as Heyting algebras Discrete paths as categories Discrete paths as quantales

Plan Discrete paths as Heyting algebras Discrete paths as categories Discrete paths as quantales

Discrete paths as Heyting algebras Discrete paths as categories Discrete paths as quantales Counting idempotents Conclusions Algebra and logic of discrete paths 1 Luigi Santocanale LIS (team LIRICA), Aix-Marseille Universit e, France S

1.31k views • 108 slides
State of SELinux Paul Moore September 2017 Kernel Changes Obligatory Container Slide

State of SELinux Paul Moore September 2017 Kernel Changes Obligatory Container Slide

State of SELinux Paul Moore September 2017 Kernel Changes Obligatory Container Slide Individual file labeling for cgroup, cgroup2, and tracefs Allows for labels unique to each container, enabling SELinux enforced separation for these

482 views • 16 slides
Current Flight Paths Current Flight Paths Current approach and departure paths are all over

Current Flight Paths Current Flight Paths Current approach and departure paths are all over

Current Flight Paths Current Flight Paths Current approach and departure paths are all over water and avoid noise sensitive areas Flight paths are typically based on guidance from ground based navigational aids which result in linear

455 views • 13 slides
SELinux Example: I may chmod o+a the file containing 506 grades, which violates

SELinux Example: I may chmod o+a the file containing 506 grades, which violates

12/6/12 MAC vs. DAC By default, Unix/Linux provides Discretionary Access Control The user (subject) has discretion to set security policies (or not) SELinux Example: I may chmod o+a the file containing 506 grades,

412 views • 5 slides
SElinux filesystem filesystem labeling labeling SElinux and type enforcement and type

SElinux filesystem filesystem labeling labeling SElinux and type enforcement and type

SElinux filesystem filesystem labeling labeling SElinux and type enforcement and type enforcement November 13, 2020 Administrative Administrative submittal instructions submittal instructions answer the lab assignments

356 views • 24 slides
General Introduction to Protected Areas and IUCNs Role in Protected Areas Sub-Regional

General Introduction to Protected Areas and IUCNs Role in Protected Areas Sub-Regional

General Introduction to Protected Areas and IUCNs Role in Protected Areas Sub-Regional Workshop for West Asia and North Africa on Capacity Building for the Implementation of the CBD Programme of Work on Protected Areas Dubai, 16-20 April 2012

692 views • 31 slides
of I Want to use all paths How Why Using Multiple Paths to Handle Failures y B of HI Yo d

of I Want to use all paths How Why Using Multiple Paths to Handle Failures y B of HI Yo d

Potpourri Announcements Lab 5 is oat No classy next week hotline of I Want to use all paths How Why Using Multiple Paths to Handle Failures y B of HI Yo d Quickly detecting and switching Control II Data Can we do Never drop a packet

544 views • 6 slides
Using SELinux with container runtimes Because privileged containers are scary Lukas Vrabec

Using SELinux with container runtimes Because privileged containers are scary Lukas Vrabec

Using SELinux with container runtimes Because privileged containers are scary Lukas Vrabec Senior Software Engineer Security Technologies 1 Who am I ? Lukas Vrabec SELinux Evangelist Member of Security Technologies team at Red

971 views • 70 slides
Hom and Ext, Revisited Justin Lyle Lawrence, KS justin.lyle@ku.edu April 28, 2018 JL Hom and

Hom and Ext, Revisited Justin Lyle Lawrence, KS justin.lyle@ku.edu April 28, 2018 JL Hom and

Hom and Ext, Revisited Hom and Ext, Revisited Justin Lyle Lawrence, KS justin.lyle@ku.edu April 28, 2018 JL Hom and Ext, Revisited Hom and Ext, Revisited Joint work with Hailong Dao and Mohammad Eghbali JL Hom and Ext, Revisited Hom

872 views • 45 slides
Protected Areas A PRIMER What is a protected area? A clearly defined geographical space,

Protected Areas A PRIMER What is a protected area? A clearly defined geographical space,

Protected Areas A PRIMER What is a protected area? A clearly defined geographical space, recognized, dedicated and managed, through legal or other effective means, to achieve the long-term conservation of nature with associated ecosystem

779 views • 23 slides
SELinux Don Porter CSE 506 MAC vs. DAC By default, Unix/Linux provides Discretionary

SELinux Don Porter CSE 506 MAC vs. DAC By default, Unix/Linux provides Discretionary

SELinux Don Porter CSE 506 MAC vs. DAC By default, Unix/Linux provides Discretionary Access Control The user (subject) has discretion to set security policies (or not) Example: I may chmod o+a the file containing 506

640 views • 27 slides
What's New with SELinux Stephen D. Smalley sds@tycho.nsa.gov National Information Assurance

What's New with SELinux Stephen D. Smalley sds@tycho.nsa.gov National Information Assurance

What's New with SELinux Stephen D. Smalley sds@tycho.nsa.gov National Information Assurance Research Laboratory National Security Agency National Information Assurance Research Laboratory 1 Advances in SELinux Deploying new

440 views • 25 slides
Graphs II - Shortest paths Single Source Shortest Paths All Sources Shortest Paths some drawings

Graphs II - Shortest paths Single Source Shortest Paths All Sources Shortest Paths some drawings

Graphs II - Shortest paths Single Source Shortest Paths All Sources Shortest Paths some drawings and notes from prof. Tom Cormen Single Source SP Context: directed graph G=(V ,E,w), weighted edges The shortest path (SP) between

881 views • 69 slides
Are We Protected? Are We Protected? The Adequacy of Existing Legal Frameworks for Protecting

Are We Protected? Are We Protected? The Adequacy of Existing Legal Frameworks for Protecting

Are We Protected? Are We Protected? The Adequacy of Existing Legal Frameworks for Protecting Privacy in the Biometric Age t e o et c ge Tim Parker Barrister at Law Barrister-at-Law Denis Chang S.C.s Chambers Teaching Consultant U i

519 views • 9 slides

More recommend