SlideShare une entreprise Scribd logo

Flask: Flux Advanced Security Kernel

Luis Espinal
Luis Espinal

A technical and historical presentation of Flask, an architecture for building secure operating systems kernels with an inclusion on the evolution of security in distributed environments and a quick overview of NSA's SELinux, a partial FLASK implementation. Created as a team effort by Luis Espinal, Samantha Rassner and Sanjay Kumar.

Technologie
1  sur  36
Télécharger pour lire hors ligne
Flask: Flux Advanced Security Kernel  ECE 579S, September, 2010  Worchester Polytechnic Institute  By – Samantha Rassner – Sanjay Kumar – Luis Espinal
A Brief History… Early OS and Networking 1946 – ENIAC, the first digital computer 1961, 1963 – CTSS, the first multiple user mainframe and remote login 1964 – Multics, first multithreaded, mutliuser operating system 1965 – ARPANET and the first WAN connection made Rassner, Kumar, Espinal. ECE 579S, 2010 2
Unix and the Internet 1972 – Unix is released as a scaled down and portable Multics 1982 – IM PC is available to consumers 1986 – Mach Kernel is proposed to streamline and “secure” client-server architecture 1987, 1988 – T1 backbone begins, the Internet is opened to commercial traffic Rassner, Kumar, Espinal. ECE 579S, 2010 3
Security? What Security? 1982 – The fist virus, the Elk Cloner 1988 – Morris Worm, first Internet attack, crashed 6k of 60k computers on ARPANET 1988, 1989 – Tmach and SDOS attempt to implement DoD secure systems 1991 – Linux released as open source, many developers use and improve the Linux kernel Rassner, Kumar, Espinal. ECE 579S, 2010 4
And then… 1998 - NSA analyzes mainstream operating systems for security capability 1999 - NSA and U of Utah develop FLASK to address security “missing links” and create a platform for future secure systems 2003 - SELinux implements FLASK and is incorporated into Linux kernel 2.6 Rassner, Kumar, Espinal. ECE 579S, 2010 5
Evolution of Secure Distributed OS • In the early days, security was a guard at the door • User identification in place of user authentication • Network closed to the public, only people using machines were the developers • Developers often bypassed permission (logging in as root) to facilitate programming Rassner, Kumar, Espinal. ECE 579S, 2010 6
Remember the Secure Design Principles… • Least privilege • Fail-safe defaults • Economy of mechanism • Complete mediation • Open design • Separation of privilege • Least common mechanism • Psychological acceptability Rassner, Kumar, Espinal. ECE 579S, 2010 7
Adding Security After the Fact • Bell-LaPadula security models often directly conflicted with operating system practices • Network protocols designed for communication, not security • Systems are as strong as their weakest link – Internet security (circa 1980s) • Scope of threats on a public Internet are very different than in the University and research centers Rassner, Kumar, Espinal. ECE 579S, 2010 8
Modern Security Approach • User management – root is for admins only! • Access Control lists • Firewalls, antivirus • IPSec, SSL, TLS • AES, DES, WPA, etc. • Still the same basic kernel… – Needs to be more flexible to support least privilege – Needs Mandatory Access Control in addition to Discretionary Access Control • In 1999 NSA defined next-gen requirements Rassner, Kumar, Espinal. ECE 579S, 2010 9
Flask • OS Security Architecture – Flexible security policies • Flux advanced security kernel – Prototyped on fluke OS • Developed at University of Utah in 1999 • Implemented by NSA in Security Enhanced Linux ( SELinux) Rassner, Kumar, Espinal. ECE 579S, 2010 10
Security Policy Requirements • Fine grained access rights – Enforcement of policy in system service components • Controlling the propagation of access rights – Consult policy on every access • Revocation of access rights – Prevent access after revocation of policy Rassner, Kumar, Espinal. ECE 579S, 2010 11
Flask Architecture • Object Manager – Enforcer of Security Policy • Security Server – Makes Security policy decisions • Access Vector Cache – Speeds up Policy decsions Rassner, Kumar, Espinal. ECE 579S, 2010 12
Flask Architecture Rassner, Kumar, Espinal. ECE 579S, 2010 13
Object Manager • Retrieve Access Interfaces – Provides APIs to provide access to objects • Labeling Interfaces – Assign Security attributes to Objects • Polyinstantiation Interfaces – Provide member resources support Rassner, Kumar, Espinal. ECE 579S, 2010 14
Object Manager - Labels • Labels are security attributes – Also called security context • Security Context – Variable length string – Example: “identity:role:domain” in SELinux • Security Identifier – 32 bit value – Maps to Security Context Rassner, Kumar, Espinal. ECE 579S, 2010 15
Object Manager - Labeling Client (SID –C) Creates Client Object Object Manager Security Server Obj SID Obj SID Obj SID/ Context Map SID New SID New SID Policy Logic ( SID,SID,Obj Type) New SID Request Label Rules S Enforcement Policy Rassner, Kumar, Espinal. ECE 579S, 2010 16
Polyinstantiation • Resource sharing among clients • Multiple Instantiations of resource (Memebers) • Distinct SIDs for each instantiation • SELinux uses /tmp/resourceid as polyinstantiated resource Rassner, Kumar, Espinal. ECE 579S, 2010 17
PolyInstantiation Client (SID –C) Creates Client Object Object Manager Obj SID SID Poly Obj SID Obj SID Security Server Obj SID/ Context Map OBJ OBJ OBJ SID SID SID Mbr SID New SID Enforcement Mbr SID Req Policy Policy Logic ( SID,SID,Obj Type) Label Rules S Rassner, Kumar, Espinal. ECE 579S, 2010 18
Security Server • Makes Policy decisions for access • Maps Security Context to SID • Polyinstantiation Support • Support Load/Unload of Policies • Support Policy Revocation Rassner, Kumar, Espinal. ECE 579S, 2010 19
Access Vector Cache • Speeds up access to policy decision • Cache of Security policies provided by Security Server • Intercepts policy revocation requests Rassner, Kumar, Espinal. ECE 579S, 2010 20
SELinux • An implementation of FLASK – Separates protection (enforcement) from security (policy) • SELinux MLS Policy Implements BLP – Implements a reliable, trusted MAC/MLS • Via trusted channels and type enforcement • Polyinstantiated/multi-level directories – Useful against inference attacks – Example. access to /tmp is polyinstantiated according to domain’s security context from Paul Moore’s “Trusted Computing with SELinux, RedHat 2008 Summit Rassner, Kumar, Espinal. ECE 579S, 2010 21
SELinux At A Glance • Integrated in the mainline 2.6 series Linux kernels • Based on LSM Plugin Architecture – LSM, a partial implementation of FLASK • Integrated with existing DAC typical of Unix systems • Backwards Compatible – Applications do not need to be compiled or written specifically for SELinux from Paul Moore’s “Trusted Computing with SELinux, RedHat 2008 Summit Rassner, Kumar, Espinal. ECE 579S, 2010 22
SELinux’s FLASK Architecture from Paul Moore’s “Trusted Computing with SELinux, RedHat 2008 Summit Rassner, Kumar, Espinal. ECE 579S, 2010 23
LSM Architecture From Wright et al “Linux Security Module Framework”, 2002 Rassner, Kumar, Espinal. ECE 579S, 2010 24
SELinux LSM Architecture From Anatomy of Security-Enhanced Linux (SELinux) Architecture and implementation M. Tim Jones, Consultant Engineer, Emulex Corp. 2008 Rassner, Kumar, Espinal. ECE 579S, 2010 25
SELinux Kernel Architecture From SELinux by Example, Caplan, MacMillan, Mayer. Prentice Hall, 2007 26 Rassner, Kumar, Espinal. ECE 579S, 2010
SELinux Policies • Policy Flexibility Via Extended Attributes – Can be used to implement • Domain types • RBAC • Need-to-know categories – Applicable to • Process • File/Resource • User from Paul Moore’s “Trusted Computing with SELinux, RedHat 2008 Summit Rassner, Kumar, Espinal. ECE 579S, 2010 27
SELinux – Trusted MAC/MLS • MLS supported in security contexts – user:role:type:sensitivity[:category,...][- sensitivity[:category,...]] • Trusted Paths – Client-Server Identification at IPC Level (as in FLASK) • Type Enforcement – No access by default, no super user from Paul Moore’s “Trusted Computing with SELinux”, RedHat 2008 Summit Rassner, Kumar, Espinal. ECE 579S, 2010 28
SELinux – Type Enforcement • Gives precedence to MAC over DAC – There is no access by default (no super user). • Based on security context labeling • Used for implementing least-privilege – Controls domain transition • explicit who-can-access-what-and-how • Allows variable granularity of policies controlling – Labeled file access – Labeled networking – Labeled printing Rassner, Kumar, Espinal. ECE 579S, 2010 29
Type Enforcement Concepts • Rights are based on labels in a security context, not on process (owner/group) id. • A security context contains labels • A label applied to a process is a domain • A label applied to a resource is a type • Optionally, a role is an association of a domain to a type for a given permission. • Labels and roles defined under /etc/selinux/ from SELinux How To http://www.linuxtopia.org/online_books/getting_started_with_SELinux/ Rassner, Kumar, Espinal. ECE 579S, 2010 30
Type Enforcement Example • Example: – allow user_t bin_t : file {read execute getattr}; • user_t is a domain,a label applied to unprivileged processes • bin_t is a type, a label for executables under /usr/bin • This rule indicates unprivileged users can exec, read and get attributes from executable files under /usr/bin • Used for implementing least-privilege From SELinux by Example, Caplan, MacMillan, Mayer. Prentice Hall, 2007 Rassner, Kumar, Espinal. ECE 579S, 2010 31
Type Enforcement Example (con’t) allow user_t bin_t : file {read execute getattr}; From SELinux by Example, Caplan, MacMillan, Mayer. Prentice Hall, 2007 Rassner, Kumar, Espinal. ECE 579S, 2010 32
/etc/passwd – standard Linux From SELinux by Example, Caplan, MacMillan, Mayer. Prentice Hall, 2007 Rassner, Kumar, Espinal. ECE 579S, 2010 33
/etc/passwd - SELinux From SELinux by Example, Caplan, MacMillan, Mayer. Prentice Hall, 2007 Rassner, Kumar, Espinal. ECE 579S, 2010 34
Notes • LSM is a partial implementation of FLASK – Does not provide for access revocation of executing transactions – Requires support for extended attributes (not present in NFS)_ • Other Implementations (Path-based) – TOMOYO Linux • Linux Kernel mainline version 2.6.30 – SMACK (Simplified Mandatory Access Control Kernel) – AppArmor • Available with Ubuntu by default Rassner, Kumar, Espinal. ECE 579S, 2010 35
References • SELinux by Example, Caplan, MacMillan, Mayer. Prentice Hall, 2007 • SELinux How To - http://www.linuxtopia.org/online_books/getting_started_with_SELinux/ • Paul Moore’s “Trusted Computing with SELinux”, RedHat 2008 Summit – http://www.redhat.com/promo/summit/2008/downloads/pdf/Wednesday_245pm_Paul_Moore _Whats_New_Infrastructure.pdf • Anatomy of Security-Enhanced Linux (SELinux) Architecture and implementation, M. Tim Jones, Consultant Engineer, Emulex Corp. 2008 – http://www.ibm.com/developerworks/linux/library/l-selinux/ • The Flask Security Architecture: System Support for Diverse Security Policies. Spencer et al. Usenix 1999. • The Inevitability of Failure: The Flawed Assumption of Security in Modern Computing Environments. Loscocco et al. 1998. • Security is No Secret. Joab Jackson. Government Computer News. 2008. • http://www.multicians.org/ • http://www.computerhistory.org/timeline/ • Issues in secure distributed operating system design., Wong, Raymond M., Digest of Papers - IEEE Computer Society International Conference, Feb 1989. p.338-341 • Red Hat Enterprise Linux 4: Red Hat SELinux Guide, http://www.redhat.com/docs/manuals/enterprise/RHEL-4-Manual/selinux-guide/selg-chapter- 0013.html • A comparison of secure UNIX operating systems, Wong, R.M., Computer Security Applications Conference, 1990., Proceedings of the Sixth Annual (0-8186-2105-2) 1990. p.333-333 Rassner, Kumar, Espinal. ECE 579S, 2010 36

Recommandé

Flask: Flux Advanced Security Kernel. A Project Report
Flask: Flux Advanced Security Kernel. A Project ReportFlask: Flux Advanced Security Kernel. A Project Report
Flask: Flux Advanced Security Kernel. A Project ReportLuis Espinal
 
Red Hat Linux Certified Professional step by step guide Tech Arkit
Red Hat Linux Certified Professional step by step guide Tech ArkitRed Hat Linux Certified Professional step by step guide Tech Arkit
Red Hat Linux Certified Professional step by step guide Tech ArkitRavi Kumar
 
Introduction to tcpdump
Introduction to tcpdumpIntroduction to tcpdump
Introduction to tcpdumpLev Walkin
 
FreeBSD and Hardening Web Server
FreeBSD and Hardening Web ServerFreeBSD and Hardening Web Server
FreeBSD and Hardening Web ServerMuhammad Moinur Rahman
 
Workgroup vs domain
Workgroup vs domainWorkgroup vs domain
Workgroup vs domaintameemyousaf
 
Docker Networking Deep Dive
Docker Networking Deep DiveDocker Networking Deep Dive
Docker Networking Deep DiveDocker, Inc.
 
Windows Server 2008 R2 Overview
Windows Server 2008 R2 OverviewWindows Server 2008 R2 Overview
Windows Server 2008 R2 OverviewAlexander Schek
 
Server configuration
Server configurationServer configuration
Server configurationAisha Talat
 

Recommandé

Flask: Flux Advanced Security Kernel. A Project Report
Flask: Flux Advanced Security Kernel. A Project ReportFlask: Flux Advanced Security Kernel. A Project Report
Flask: Flux Advanced Security Kernel. A Project ReportLuis Espinal
 
Red Hat Linux Certified Professional step by step guide Tech Arkit
Red Hat Linux Certified Professional step by step guide Tech ArkitRed Hat Linux Certified Professional step by step guide Tech Arkit
Red Hat Linux Certified Professional step by step guide Tech ArkitRavi Kumar
 
Introduction to tcpdump
Introduction to tcpdumpIntroduction to tcpdump
Introduction to tcpdumpLev Walkin
 
FreeBSD and Hardening Web Server
FreeBSD and Hardening Web ServerFreeBSD and Hardening Web Server
FreeBSD and Hardening Web ServerMuhammad Moinur Rahman
 
Workgroup vs domain
Workgroup vs domainWorkgroup vs domain
Workgroup vs domaintameemyousaf
 
Docker Networking Deep Dive
Docker Networking Deep DiveDocker Networking Deep Dive
Docker Networking Deep DiveDocker, Inc.
 
Windows Server 2008 R2 Overview
Windows Server 2008 R2 OverviewWindows Server 2008 R2 Overview
Windows Server 2008 R2 OverviewAlexander Schek
 
Server configuration
Server configurationServer configuration
Server configurationAisha Talat
 
Disk quota and sysd procd
Disk quota and sysd procdDisk quota and sysd procd
Disk quota and sysd procdGaurav Mishra
 
Presentation On Group Policy in Windows Server 2012 R2 By Barek-IT
Presentation On Group Policy in Windows Server 2012 R2 By Barek-ITPresentation On Group Policy in Windows Server 2012 R2 By Barek-IT
Presentation On Group Policy in Windows Server 2012 R2 By Barek-ITMd. Abdul Barek
 
Linux introduction, class 1
Linux introduction, class 1Linux introduction, class 1
Linux introduction, class 1Adrian Mikeliunas
 
User administration concepts and mechanisms
User administration concepts and mechanismsUser administration concepts and mechanisms
User administration concepts and mechanismsDuressa Teshome
 
Linux programming lecture_notes
Linux programming lecture_notesLinux programming lecture_notes
Linux programming lecture_notesIMRAN KHAN
 
RedHat Linux
RedHat LinuxRedHat Linux
RedHat LinuxApo
 
Selinux
SelinuxSelinux
SelinuxMohitgupta8560
 
Access control list acl - permissions in linux
Access control list acl - permissions in linuxAccess control list acl - permissions in linux
Access control list acl - permissions in linuxSreenatha Reddy K R
 
Domain Driven Design: como modelar uma aplicação em Node.js com DDD
Domain Driven Design: como modelar uma aplicação em Node.js com DDDDomain Driven Design: como modelar uma aplicação em Node.js com DDD
Domain Driven Design: como modelar uma aplicação em Node.js com DDDDaniel Baptista Dias
 
Linux Troubleshooting
Linux TroubleshootingLinux Troubleshooting
Linux TroubleshootingKeith Wright
 
Dhcp server configuration
Dhcp server configurationDhcp server configuration
Dhcp server configurationUttamAgarwal9
 
Introduction to Linux
Introduction to Linux Introduction to Linux
Introduction to Linux Harish R
 
Sistemas distribuidos
Sistemas distribuidosSistemas distribuidos
Sistemas distribuidosTensor
 
Dhcp presentation
Dhcp presentationDhcp presentation
Dhcp presentationIndian Institute of Technology, Bombay
 
Bài 3: Triển khai dịch vụ Active Directory - Giáo trình FPT
Bài 3: Triển khai dịch vụ Active Directory - Giáo trình FPTBài 3: Triển khai dịch vụ Active Directory - Giáo trình FPT
Bài 3: Triển khai dịch vụ Active Directory - Giáo trình FPTMasterCode.vn
 
Aspectos legales del cloud computing ISSA Chile
Aspectos legales del cloud computing ISSA ChileAspectos legales del cloud computing ISSA Chile
Aspectos legales del cloud computing ISSA ChileManuel Leiva
 
Linux
Linux Linux
Linux Kevin James
 
Docker Security Overview
Docker Security OverviewDocker Security Overview
Docker Security OverviewSreenivas Makam
 
Client Server Architecture
Client Server ArchitectureClient Server Architecture
Client Server ArchitectureAshir Mubeen
 
Presentation on samba server
Presentation on samba serverPresentation on samba server
Presentation on samba serverVeeral Bhateja
 
Linux Kernel Security Overview - KCA 2009
Linux Kernel Security Overview - KCA 2009Linux Kernel Security Overview - KCA 2009
Linux Kernel Security Overview - KCA 2009James Morris
 
Zero Trust Run-time Kubernetes Security made easy with AccuKnox
Zero Trust Run-time Kubernetes Security made easy with AccuKnoxZero Trust Run-time Kubernetes Security made easy with AccuKnox
Zero Trust Run-time Kubernetes Security made easy with AccuKnoxAccuKnox
 

Contenu connexe

Tendances

Disk quota and sysd procd
Disk quota and sysd procdDisk quota and sysd procd
Disk quota and sysd procdGaurav Mishra
 
Presentation On Group Policy in Windows Server 2012 R2 By Barek-IT
Presentation On Group Policy in Windows Server 2012 R2 By Barek-ITPresentation On Group Policy in Windows Server 2012 R2 By Barek-IT
Presentation On Group Policy in Windows Server 2012 R2 By Barek-ITMd. Abdul Barek
 
User administration concepts and mechanisms
User administration concepts and mechanismsUser administration concepts and mechanisms
User administration concepts and mechanismsDuressa Teshome
 
Linux programming lecture_notes
Linux programming lecture_notesLinux programming lecture_notes
Linux programming lecture_notesIMRAN KHAN
 
RedHat Linux
RedHat LinuxRedHat Linux
RedHat LinuxApo
 
Access control list acl - permissions in linux
Access control list acl - permissions in linuxAccess control list acl - permissions in linux
Access control list acl - permissions in linuxSreenatha Reddy K R
 
Domain Driven Design: como modelar uma aplicação em Node.js com DDD
Domain Driven Design: como modelar uma aplicação em Node.js com DDDDomain Driven Design: como modelar uma aplicação em Node.js com DDD
Domain Driven Design: como modelar uma aplicação em Node.js com DDDDaniel Baptista Dias
 
Linux Troubleshooting
Linux TroubleshootingLinux Troubleshooting
Linux TroubleshootingKeith Wright
 
Dhcp server configuration
Dhcp server configurationDhcp server configuration
Dhcp server configurationUttamAgarwal9
 
Introduction to Linux
Introduction to Linux Introduction to Linux
Introduction to Linux Harish R
 
Sistemas distribuidos
Sistemas distribuidosSistemas distribuidos
Sistemas distribuidosTensor
 
Bài 3: Triển khai dịch vụ Active Directory - Giáo trình FPT
Bài 3: Triển khai dịch vụ Active Directory - Giáo trình FPTBài 3: Triển khai dịch vụ Active Directory - Giáo trình FPT
Bài 3: Triển khai dịch vụ Active Directory - Giáo trình FPTMasterCode.vn
 
Aspectos legales del cloud computing ISSA Chile
Aspectos legales del cloud computing ISSA ChileAspectos legales del cloud computing ISSA Chile
Aspectos legales del cloud computing ISSA ChileManuel Leiva
 
Docker Security Overview
Docker Security OverviewDocker Security Overview
Docker Security OverviewSreenivas Makam
 
Client Server Architecture
Client Server ArchitectureClient Server Architecture
Client Server ArchitectureAshir Mubeen
 
Presentation on samba server
Presentation on samba serverPresentation on samba server
Presentation on samba serverVeeral Bhateja
 

Tendances (20)

Disk quota and sysd procd
Disk quota and sysd procdDisk quota and sysd procd
Disk quota and sysd procd
 
Presentation On Group Policy in Windows Server 2012 R2 By Barek-IT
Presentation On Group Policy in Windows Server 2012 R2 By Barek-ITPresentation On Group Policy in Windows Server 2012 R2 By Barek-IT
Presentation On Group Policy in Windows Server 2012 R2 By Barek-IT
 
Linux introduction, class 1
Linux introduction, class 1Linux introduction, class 1
Linux introduction, class 1
 
User administration concepts and mechanisms
User administration concepts and mechanismsUser administration concepts and mechanisms
User administration concepts and mechanisms
 
Linux programming lecture_notes
Linux programming lecture_notesLinux programming lecture_notes
Linux programming lecture_notes
 
RedHat Linux
RedHat LinuxRedHat Linux
RedHat Linux
 
Selinux
SelinuxSelinux
Selinux
 
Access control list acl - permissions in linux
Access control list acl - permissions in linuxAccess control list acl - permissions in linux
Access control list acl - permissions in linux
 
Domain Driven Design: como modelar uma aplicação em Node.js com DDD
Domain Driven Design: como modelar uma aplicação em Node.js com DDDDomain Driven Design: como modelar uma aplicação em Node.js com DDD
Domain Driven Design: como modelar uma aplicação em Node.js com DDD
 
Linux Troubleshooting
Linux TroubleshootingLinux Troubleshooting
Linux Troubleshooting
 
Dhcp server configuration
Dhcp server configurationDhcp server configuration
Dhcp server configuration
 
Introduction to Linux
Introduction to Linux Introduction to Linux
Introduction to Linux
 
Sistemas distribuidos
Sistemas distribuidosSistemas distribuidos
Sistemas distribuidos
 
Dhcp presentation
Dhcp presentationDhcp presentation
Dhcp presentation
 
Bài 3: Triển khai dịch vụ Active Directory - Giáo trình FPT
Bài 3: Triển khai dịch vụ Active Directory - Giáo trình FPTBài 3: Triển khai dịch vụ Active Directory - Giáo trình FPT
Bài 3: Triển khai dịch vụ Active Directory - Giáo trình FPT
 
Aspectos legales del cloud computing ISSA Chile
Aspectos legales del cloud computing ISSA ChileAspectos legales del cloud computing ISSA Chile
Aspectos legales del cloud computing ISSA Chile
 
Linux
Linux Linux
Linux
 
Docker Security Overview
Docker Security OverviewDocker Security Overview
Docker Security Overview
 
Client Server Architecture
Client Server ArchitectureClient Server Architecture
Client Server Architecture
 
Presentation on samba server
Presentation on samba serverPresentation on samba server
Presentation on samba server
 

Similaire à Flask: Flux Advanced Security Kernel

Linux Kernel Security Overview - KCA 2009
Linux Kernel Security Overview - KCA 2009Linux Kernel Security Overview - KCA 2009
Linux Kernel Security Overview - KCA 2009James Morris
 
Zero Trust Run-time Kubernetes Security made easy with AccuKnox
Zero Trust Run-time Kubernetes Security made easy with AccuKnoxZero Trust Run-time Kubernetes Security made easy with AccuKnox
Zero Trust Run-time Kubernetes Security made easy with AccuKnoxAccuKnox
 
Soc analyst course content v3
Soc analyst course content v3Soc analyst course content v3
Soc analyst course content v3ShivamSharma909
 
Soc analyst course content
Soc analyst course contentSoc analyst course content
Soc analyst course contentShivamSharma909
 
Immutable Infrastructure Security
Immutable Infrastructure SecurityImmutable Infrastructure Security
Immutable Infrastructure SecurityRicky Sanders
 
IBM Spectrum Scale Security
IBM Spectrum Scale Security IBM Spectrum Scale Security
IBM Spectrum Scale Security Sandeep Patil
 
Openstack security presentation 2013
Openstack security presentation 2013Openstack security presentation 2013
Openstack security presentation 2013brian_chong
 
130418 makan pourzandi - esf -- an elastic security framework for cloud inf...
130418 makan pourzandi - esf -- an elastic security framework for cloud inf...130418 makan pourzandi - esf -- an elastic security framework for cloud inf...
130418 makan pourzandi - esf -- an elastic security framework for cloud inf...Ptidej Team
 
SELinux Project Overview - Linux Foundation Japan Symposium 2008
SELinux Project Overview - Linux Foundation Japan Symposium 2008SELinux Project Overview - Linux Foundation Japan Symposium 2008
SELinux Project Overview - Linux Foundation Japan Symposium 2008James Morris
 
Slide Deck – Session 6 – FRSecure CISSP Mentor Program 2017
Slide Deck – Session 6 – FRSecure CISSP Mentor Program 2017Slide Deck – Session 6 – FRSecure CISSP Mentor Program 2017
Slide Deck – Session 6 – FRSecure CISSP Mentor Program 2017FRSecure
 
Applied Security for Containers, OW2con'18, June 7-8, 2018, Paris
Applied Security for Containers, OW2con'18, June 7-8, 2018, ParisApplied Security for Containers, OW2con'18, June 7-8, 2018, Paris
Applied Security for Containers, OW2con'18, June 7-8, 2018, ParisOW2
 
3 Telecom+Network Part1
3 Telecom+Network Part13 Telecom+Network Part1
3 Telecom+Network Part1Alfred Ouyang
 
Come gestire l'encryption dei dati con SKLM
Come gestire l'encryption dei dati con SKLMCome gestire l'encryption dei dati con SKLM
Come gestire l'encryption dei dati con SKLMLuigi Perrone
 
The Future of Embedded and IoT Security: Kaspersky Operating System
The Future of Embedded and IoT Security: Kaspersky Operating SystemThe Future of Embedded and IoT Security: Kaspersky Operating System
The Future of Embedded and IoT Security: Kaspersky Operating SystemKaspersky Lab
 
IBM Spectrum Scale Secure- Secure Data in Motion and Rest
IBM Spectrum Scale Secure- Secure Data in Motion and RestIBM Spectrum Scale Secure- Secure Data in Motion and Rest
IBM Spectrum Scale Secure- Secure Data in Motion and RestSandeep Patil
 
Getting Started with Runtime Security on Azure Kubernetes Service (AKS)
Getting Started with Runtime Security on Azure Kubernetes Service (AKS)Getting Started with Runtime Security on Azure Kubernetes Service (AKS)
Getting Started with Runtime Security on Azure Kubernetes Service (AKS)DevOps.com
 
Safe and secure autonomous systems
Safe and secure autonomous systemsSafe and secure autonomous systems
Safe and secure autonomous systemsAlan Tatourian
 

Similaire à Flask: Flux Advanced Security Kernel (20)

Linux Kernel Security Overview - KCA 2009
Linux Kernel Security Overview - KCA 2009Linux Kernel Security Overview - KCA 2009
Linux Kernel Security Overview - KCA 2009
 
Zero Trust Run-time Kubernetes Security made easy with AccuKnox
Zero Trust Run-time Kubernetes Security made easy with AccuKnoxZero Trust Run-time Kubernetes Security made easy with AccuKnox
Zero Trust Run-time Kubernetes Security made easy with AccuKnox
 
Soc analyst course content v3
Soc analyst course content v3Soc analyst course content v3
Soc analyst course content v3
 
Soc analyst course content
Soc analyst course contentSoc analyst course content
Soc analyst course content
 
Immutable Infrastructure Security
Immutable Infrastructure SecurityImmutable Infrastructure Security
Immutable Infrastructure Security
 
IBM Spectrum Scale Security
IBM Spectrum Scale Security IBM Spectrum Scale Security
IBM Spectrum Scale Security
 
Openstack security presentation 2013
Openstack security presentation 2013Openstack security presentation 2013
Openstack security presentation 2013
 
Zonesec_ares
Zonesec_aresZonesec_ares
Zonesec_ares
 
130418 makan pourzandi - esf -- an elastic security framework for cloud inf...
130418 makan pourzandi - esf -- an elastic security framework for cloud inf...130418 makan pourzandi - esf -- an elastic security framework for cloud inf...
130418 makan pourzandi - esf -- an elastic security framework for cloud inf...
 
08-spaf (1).ppt
08-spaf (1).ppt08-spaf (1).ppt
08-spaf (1).ppt
 
SELinux Project Overview - Linux Foundation Japan Symposium 2008
SELinux Project Overview - Linux Foundation Japan Symposium 2008SELinux Project Overview - Linux Foundation Japan Symposium 2008
SELinux Project Overview - Linux Foundation Japan Symposium 2008
 
Slide Deck – Session 6 – FRSecure CISSP Mentor Program 2017
Slide Deck – Session 6 – FRSecure CISSP Mentor Program 2017Slide Deck – Session 6 – FRSecure CISSP Mentor Program 2017
Slide Deck – Session 6 – FRSecure CISSP Mentor Program 2017
 
Applied Security for Containers, OW2con'18, June 7-8, 2018, Paris
Applied Security for Containers, OW2con'18, June 7-8, 2018, ParisApplied Security for Containers, OW2con'18, June 7-8, 2018, Paris
Applied Security for Containers, OW2con'18, June 7-8, 2018, Paris
 
3 Telecom+Network Part1
3 Telecom+Network Part13 Telecom+Network Part1
3 Telecom+Network Part1
 
CLOUD NATIVE SECURITY
CLOUD NATIVE SECURITYCLOUD NATIVE SECURITY
CLOUD NATIVE SECURITY
 
Come gestire l'encryption dei dati con SKLM
Come gestire l'encryption dei dati con SKLMCome gestire l'encryption dei dati con SKLM
Come gestire l'encryption dei dati con SKLM
 
The Future of Embedded and IoT Security: Kaspersky Operating System
The Future of Embedded and IoT Security: Kaspersky Operating SystemThe Future of Embedded and IoT Security: Kaspersky Operating System
The Future of Embedded and IoT Security: Kaspersky Operating System
 
IBM Spectrum Scale Secure- Secure Data in Motion and Rest
IBM Spectrum Scale Secure- Secure Data in Motion and RestIBM Spectrum Scale Secure- Secure Data in Motion and Rest
IBM Spectrum Scale Secure- Secure Data in Motion and Rest
 
Getting Started with Runtime Security on Azure Kubernetes Service (AKS)
Getting Started with Runtime Security on Azure Kubernetes Service (AKS)Getting Started with Runtime Security on Azure Kubernetes Service (AKS)
Getting Started with Runtime Security on Azure Kubernetes Service (AKS)
 
Safe and secure autonomous systems
Safe and secure autonomous systemsSafe and secure autonomous systems
Safe and secure autonomous systems
 

Dernier

Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsNathaniel Shimoni
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embeddingZilliz
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 

Dernier (20)

Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embedding
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 

Flask: Flux Advanced Security Kernel

  • 1. Flask: Flux Advanced Security Kernel  ECE 579S, September, 2010  Worchester Polytechnic Institute  By – Samantha Rassner – Sanjay Kumar – Luis Espinal
  • 2. A Brief History… Early OS and Networking 1946 – ENIAC, the first digital computer 1961, 1963 – CTSS, the first multiple user mainframe and remote login 1964 – Multics, first multithreaded, mutliuser operating system 1965 – ARPANET and the first WAN connection made Rassner, Kumar, Espinal. ECE 579S, 2010 2
  • 3. Unix and the Internet 1972 – Unix is released as a scaled down and portable Multics 1982 – IM PC is available to consumers 1986 – Mach Kernel is proposed to streamline and “secure” client-server architecture 1987, 1988 – T1 backbone begins, the Internet is opened to commercial traffic Rassner, Kumar, Espinal. ECE 579S, 2010 3
  • 4. Security? What Security? 1982 – The fist virus, the Elk Cloner 1988 – Morris Worm, first Internet attack, crashed 6k of 60k computers on ARPANET 1988, 1989 – Tmach and SDOS attempt to implement DoD secure systems 1991 – Linux released as open source, many developers use and improve the Linux kernel Rassner, Kumar, Espinal. ECE 579S, 2010 4
  • 5. And then… 1998 - NSA analyzes mainstream operating systems for security capability 1999 - NSA and U of Utah develop FLASK to address security “missing links” and create a platform for future secure systems 2003 - SELinux implements FLASK and is incorporated into Linux kernel 2.6 Rassner, Kumar, Espinal. ECE 579S, 2010 5
  • 6. Evolution of Secure Distributed OS • In the early days, security was a guard at the door • User identification in place of user authentication • Network closed to the public, only people using machines were the developers • Developers often bypassed permission (logging in as root) to facilitate programming Rassner, Kumar, Espinal. ECE 579S, 2010 6
  • 7. Remember the Secure Design Principles… • Least privilege • Fail-safe defaults • Economy of mechanism • Complete mediation • Open design • Separation of privilege • Least common mechanism • Psychological acceptability Rassner, Kumar, Espinal. ECE 579S, 2010 7
  • 8. Adding Security After the Fact • Bell-LaPadula security models often directly conflicted with operating system practices • Network protocols designed for communication, not security • Systems are as strong as their weakest link – Internet security (circa 1980s) • Scope of threats on a public Internet are very different than in the University and research centers Rassner, Kumar, Espinal. ECE 579S, 2010 8
  • 9. Modern Security Approach • User management – root is for admins only! • Access Control lists • Firewalls, antivirus • IPSec, SSL, TLS • AES, DES, WPA, etc. • Still the same basic kernel… – Needs to be more flexible to support least privilege – Needs Mandatory Access Control in addition to Discretionary Access Control • In 1999 NSA defined next-gen requirements Rassner, Kumar, Espinal. ECE 579S, 2010 9
  • 10. Flask • OS Security Architecture – Flexible security policies • Flux advanced security kernel – Prototyped on fluke OS • Developed at University of Utah in 1999 • Implemented by NSA in Security Enhanced Linux ( SELinux) Rassner, Kumar, Espinal. ECE 579S, 2010 10
  • 11. Security Policy Requirements • Fine grained access rights – Enforcement of policy in system service components • Controlling the propagation of access rights – Consult policy on every access • Revocation of access rights – Prevent access after revocation of policy Rassner, Kumar, Espinal. ECE 579S, 2010 11
  • 12. Flask Architecture • Object Manager – Enforcer of Security Policy • Security Server – Makes Security policy decisions • Access Vector Cache – Speeds up Policy decsions Rassner, Kumar, Espinal. ECE 579S, 2010 12
  • 13. Flask Architecture Rassner, Kumar, Espinal. ECE 579S, 2010 13
  • 14. Object Manager • Retrieve Access Interfaces – Provides APIs to provide access to objects • Labeling Interfaces – Assign Security attributes to Objects • Polyinstantiation Interfaces – Provide member resources support Rassner, Kumar, Espinal. ECE 579S, 2010 14
  • 15. Object Manager - Labels • Labels are security attributes – Also called security context • Security Context – Variable length string – Example: “identity:role:domain” in SELinux • Security Identifier – 32 bit value – Maps to Security Context Rassner, Kumar, Espinal. ECE 579S, 2010 15
  • 16. Object Manager - Labeling Client (SID –C) Creates Client Object Object Manager Security Server Obj SID Obj SID Obj SID/ Context Map SID New SID New SID Policy Logic ( SID,SID,Obj Type) New SID Request Label Rules S Enforcement Policy Rassner, Kumar, Espinal. ECE 579S, 2010 16
  • 17. Polyinstantiation • Resource sharing among clients • Multiple Instantiations of resource (Memebers) • Distinct SIDs for each instantiation • SELinux uses /tmp/resourceid as polyinstantiated resource Rassner, Kumar, Espinal. ECE 579S, 2010 17
  • 18. PolyInstantiation Client (SID –C) Creates Client Object Object Manager Obj SID SID Poly Obj SID Obj SID Security Server Obj SID/ Context Map OBJ OBJ OBJ SID SID SID Mbr SID New SID Enforcement Mbr SID Req Policy Policy Logic ( SID,SID,Obj Type) Label Rules S Rassner, Kumar, Espinal. ECE 579S, 2010 18
  • 19. Security Server • Makes Policy decisions for access • Maps Security Context to SID • Polyinstantiation Support • Support Load/Unload of Policies • Support Policy Revocation Rassner, Kumar, Espinal. ECE 579S, 2010 19
  • 20. Access Vector Cache • Speeds up access to policy decision • Cache of Security policies provided by Security Server • Intercepts policy revocation requests Rassner, Kumar, Espinal. ECE 579S, 2010 20
  • 21. SELinux • An implementation of FLASK – Separates protection (enforcement) from security (policy) • SELinux MLS Policy Implements BLP – Implements a reliable, trusted MAC/MLS • Via trusted channels and type enforcement • Polyinstantiated/multi-level directories – Useful against inference attacks – Example. access to /tmp is polyinstantiated according to domain’s security context from Paul Moore’s “Trusted Computing with SELinux, RedHat 2008 Summit Rassner, Kumar, Espinal. ECE 579S, 2010 21
  • 22. SELinux At A Glance • Integrated in the mainline 2.6 series Linux kernels • Based on LSM Plugin Architecture – LSM, a partial implementation of FLASK • Integrated with existing DAC typical of Unix systems • Backwards Compatible – Applications do not need to be compiled or written specifically for SELinux from Paul Moore’s “Trusted Computing with SELinux, RedHat 2008 Summit Rassner, Kumar, Espinal. ECE 579S, 2010 22
  • 23. SELinux’s FLASK Architecture from Paul Moore’s “Trusted Computing with SELinux, RedHat 2008 Summit Rassner, Kumar, Espinal. ECE 579S, 2010 23
  • 24. LSM Architecture From Wright et al “Linux Security Module Framework”, 2002 Rassner, Kumar, Espinal. ECE 579S, 2010 24
  • 25. SELinux LSM Architecture From Anatomy of Security-Enhanced Linux (SELinux) Architecture and implementation M. Tim Jones, Consultant Engineer, Emulex Corp. 2008 Rassner, Kumar, Espinal. ECE 579S, 2010 25
  • 26. SELinux Kernel Architecture From SELinux by Example, Caplan, MacMillan, Mayer. Prentice Hall, 2007 26 Rassner, Kumar, Espinal. ECE 579S, 2010
  • 27. SELinux Policies • Policy Flexibility Via Extended Attributes – Can be used to implement • Domain types • RBAC • Need-to-know categories – Applicable to • Process • File/Resource • User from Paul Moore’s “Trusted Computing with SELinux, RedHat 2008 Summit Rassner, Kumar, Espinal. ECE 579S, 2010 27
  • 28. SELinux – Trusted MAC/MLS • MLS supported in security contexts – user:role:type:sensitivity[:category,...][- sensitivity[:category,...]] • Trusted Paths – Client-Server Identification at IPC Level (as in FLASK) • Type Enforcement – No access by default, no super user from Paul Moore’s “Trusted Computing with SELinux”, RedHat 2008 Summit Rassner, Kumar, Espinal. ECE 579S, 2010 28
  • 29. SELinux – Type Enforcement • Gives precedence to MAC over DAC – There is no access by default (no super user). • Based on security context labeling • Used for implementing least-privilege – Controls domain transition • explicit who-can-access-what-and-how • Allows variable granularity of policies controlling – Labeled file access – Labeled networking – Labeled printing Rassner, Kumar, Espinal. ECE 579S, 2010 29
  • 30. Type Enforcement Concepts • Rights are based on labels in a security context, not on process (owner/group) id. • A security context contains labels • A label applied to a process is a domain • A label applied to a resource is a type • Optionally, a role is an association of a domain to a type for a given permission. • Labels and roles defined under /etc/selinux/ from SELinux How To http://www.linuxtopia.org/online_books/getting_started_with_SELinux/ Rassner, Kumar, Espinal. ECE 579S, 2010 30
  • 31. Type Enforcement Example • Example: – allow user_t bin_t : file {read execute getattr}; • user_t is a domain,a label applied to unprivileged processes • bin_t is a type, a label for executables under /usr/bin • This rule indicates unprivileged users can exec, read and get attributes from executable files under /usr/bin • Used for implementing least-privilege From SELinux by Example, Caplan, MacMillan, Mayer. Prentice Hall, 2007 Rassner, Kumar, Espinal. ECE 579S, 2010 31
  • 32. Type Enforcement Example (con’t) allow user_t bin_t : file {read execute getattr}; From SELinux by Example, Caplan, MacMillan, Mayer. Prentice Hall, 2007 Rassner, Kumar, Espinal. ECE 579S, 2010 32
  • 33. /etc/passwd – standard Linux From SELinux by Example, Caplan, MacMillan, Mayer. Prentice Hall, 2007 Rassner, Kumar, Espinal. ECE 579S, 2010 33
  • 34. /etc/passwd - SELinux From SELinux by Example, Caplan, MacMillan, Mayer. Prentice Hall, 2007 Rassner, Kumar, Espinal. ECE 579S, 2010 34
  • 35. Notes • LSM is a partial implementation of FLASK – Does not provide for access revocation of executing transactions – Requires support for extended attributes (not present in NFS)_ • Other Implementations (Path-based) – TOMOYO Linux • Linux Kernel mainline version 2.6.30 – SMACK (Simplified Mandatory Access Control Kernel) – AppArmor • Available with Ubuntu by default Rassner, Kumar, Espinal. ECE 579S, 2010 35
  • 36. References • SELinux by Example, Caplan, MacMillan, Mayer. Prentice Hall, 2007 • SELinux How To - http://www.linuxtopia.org/online_books/getting_started_with_SELinux/ • Paul Moore’s “Trusted Computing with SELinux”, RedHat 2008 Summit – http://www.redhat.com/promo/summit/2008/downloads/pdf/Wednesday_245pm_Paul_Moore _Whats_New_Infrastructure.pdf • Anatomy of Security-Enhanced Linux (SELinux) Architecture and implementation, M. Tim Jones, Consultant Engineer, Emulex Corp. 2008 – http://www.ibm.com/developerworks/linux/library/l-selinux/ • The Flask Security Architecture: System Support for Diverse Security Policies. Spencer et al. Usenix 1999. • The Inevitability of Failure: The Flawed Assumption of Security in Modern Computing Environments. Loscocco et al. 1998. • Security is No Secret. Joab Jackson. Government Computer News. 2008. • http://www.multicians.org/ • http://www.computerhistory.org/timeline/ • Issues in secure distributed operating system design., Wong, Raymond M., Digest of Papers - IEEE Computer Society International Conference, Feb 1989. p.338-341 • Red Hat Enterprise Linux 4: Red Hat SELinux Guide, http://www.redhat.com/docs/manuals/enterprise/RHEL-4-Manual/selinux-guide/selg-chapter- 0013.html • A comparison of secure UNIX operating systems, Wong, R.M., Computer Security Applications Conference, 1990., Proceedings of the Sixth Annual (0-8186-2105-2) 1990. p.333-333 Rassner, Kumar, Espinal. ECE 579S, 2010 36