mandatory access control for carrier grade linux clusters
play

Mandatory Access Control for Carrier-Grade Linux Clusters (as part - PowerPoint PPT Presentation

Sep 08, 2023 •413 likes •841 views

Mandatory Access Control for Carrier-Grade Linux Clusters (as part of the DSI project) Miroslaw.Zakrzewski@Ericsson.ca Ericsson Research Canada Open System Lab Montral Canada http://www.risq.ericsson.ca Rev PA1 2002-05-22 1 Ericsson

  1. Mandatory Access Control for Carrier-Grade Linux Clusters (as part of the DSI project) Miroslaw.Zakrzewski@Ericsson.ca Ericsson Research Canada Open System Lab Montréal – Canada http://www.risq.ericsson.ca Rev PA1 2002-05-22 1 Ericsson Canada

  2. The purpose of the presentation is to explain about ongoing implementation of a Distributed Security Module that provides Mandatory Access Control within a Linux Cluster. Rev PA1 2002-05-22 2 Ericsson Canada

  3. Outline • Introduction • DSI Characteristics • Access Control - General Architecture • Distributed Security Module • Security Distribution in DSM • Demo Architecture (Local and Remote Access) • Challenges Rev PA1 2002-05-22 3 Ericsson Canada

  4. Introduction (1/5) Subject Access Request Access Control Decision = function(Subject,Resource) Resource Rev PA1 2002-05-22 4 Ericsson Canada

  5. Introduction (2/5) • Discretionary Access Control – Ordinary users involved in the security policy definition – Access decisions based on user identity and ownership – Two category of users : – completely trusted administrators (root) – Completely untrusted ordinary user Rev PA1 2002-05-22 5 Ericsson Canada

  6. Introduction (3/5) • Mandatory Access Control – policy definition and assignment of security attributes is controlled by a system security administrator – access decisions are based on labels that contain a variety of security-relevant information (every subject and object in the system is labelled) Rev PA1 2002-05-22 6 Ericsson Canada

  7. Introduction (4/5) • Cluster: A collection of interconnected stand-alone computers working together to solve a problem as a single computing entity Rev PA1 2002-05-22 7 Ericsson Canada

  8. Introduction (5/5) • Access Control and Clusters S CLUSTER Node S R R R Rev PA1 2002-05-22 8 Ericsson Canada

  9. Cluster Access Types • Cluster Local Access – subject and resource on the same node inside the cluster • Cluster Remote Access – subject and resource on different nodes inside the cluster • Cluster Outside Access – subject inside cluster, resource outside cluster – subject outside cluster, resource inside cluster • No Cluster Access – both subject and resource outside cluster Rev PA1 2002-05-22 9 Ericsson Canada

  10. DSI Characteristics (please see paper on DSI) • Process Level Approach – Controlling Single Process • Pre-emptive Security – Run-time changes of security attributes – Security can be modified without stopping the system • Minimal Impact – Performance – Transparency • Distributed – Clusters Rev PA1 2002-05-22 10 Ericsson Canada

  11. Access Control – General Architecture (1/2) SnIDx Security Server SnID1 SnID2 Subject 2 Subject 1 (Process) (Process) SID SID SnID, SID Resource Resource (Comm.) (Comm.) Resource SID (File) SID SID Rev PA1 2002-05-22 11 Ericsson Canada

  12. Access Control – General Architecture (2/2) User Mode SM Access Process DSP Legend: Security Policy Control SM Security Manager DSP Distributed Security Policy LSM Linux Security Module DIR DSP Internal Representation Kernel Mode System Calls Interface DSIlsmACS.o DIR (LSM) Rev PA1 2002-05-22 12 Ericsson Canada

  13. Distributed Security Module • DSM is implemented in Kernel Space. – Performance – Transparency • DSM uses LSM Framework. (please see paper on LSM) – Pre-emptive security – Process Level Approach • DSM uses IP Options. – Distribution Rev PA1 2002-05-22 13 Ericsson Canada

  14. Linux Security Module Framework (LSM) (Used by Distributed Security Module) • Patch to Linux Kernel by WireX (based on NSA prototype) • Security Hooks - points the kernel to allow the control of nearly every system operation – 140 hooks – 29 classes • Flexible: – Easy to add user defined security implementations • Function pointers in terms of programming Rev PA1 2002-05-22 14 Ericsson Canada

  15. LSM Installation for Kernel 2.4.17 http://lsm.immunix.org get lsm-full-2002_01_15 patch for kernel 2.4.17 gunzip lsm-full-2002_01_15-2.4.17.patch.gz cd /usr/src/linux patch –p1 < /home/lmcmzak/lsm-full-2002_01_15-2.4.17.patch rebuild the kernel Rev PA1 2002-05-22 15 Ericsson Canada

  16. LSM Framework • New Code <linux/security> <include/linux/security.h> • New Global struct security_operations *security_ops; /* pointer to all security operation in the kernel */ struct security_operations dummy_security_ops; /* set of dummy functions */ Rev PA1 2002-05-22 16 Ericsson Canada

  17. LSM Framework • Function to Register and UnRegister Security Operation to the Kernel int register_security (struct security_operations *ops); int unregister_security (struct security_operations *ops); Rev PA1 2002-05-22 17 Ericsson Canada

  18. Linux Access Control User Mode Subject (Process) System Call Kernel Mode System Calls Interface Object (File) Rev PA1 2002-05-22 18 Ericsson Canada

  19. Linux Access Control and LSM Framework User Mode Subject (Process) System Call Kernel Mode System Calls Interface Function Call Object Dummy Module (File) Rev PA1 2002-05-22 19 Ericsson Canada

  20. Linux Access Control and DSM User Mode Subject (Process) SSec System Call Kernel Mode System Calls Interface Function Call Distributed Security Module Object (File) A = f(SSec,TSec,Class) TSec Rev PA1 2002-05-22 20 Ericsson Canada

  21. Labels in DSM – Objects attached to Linux structures – Example : task label (object attached to task structure struct task_struct <linux/sched.h>) struct task_struct { . void *security; . } Rev PA1 2002-05-22 21 Ericsson Canada

  22. Task Security Label Format in DSM typedef struct { int sid; ... ... void *task; } task_security_t; Rev PA1 2002-05-22 22 Ericsson Canada

  23. Task Label in relation to task structure in DSM Kernel Stack 8 Kb block task_security_t task Struct Task_Struct security Rev PA1 2002-05-22 23 Ericsson Canada

  24. Task Label Attachment in DSM • All running tasks are labelled when the security module is loaded ( sid is set to default value ) • After the security module is loaded the tasks are labelled using security hooks (two step process) : – Fork : sid of parent – Exec : sid can be modified based on the sid stored in the image (SID is embedded in the ELF format) Rev PA1 2002-05-22 24 Ericsson Canada

  25. Security System Calls in DSM • Set Node ID • Change Task SID • Set Policy • Check Alarms Rev PA1 2002-05-22 25 Ericsson Canada

  26. Security Distribution • Security Information transfer – IP level (first) – IP header modification – Kernel hooks for IP traffic handling – Security information (SID, SnID) transfer as an option in IP header – Implementation based on Selopt implementation for SELinux by James Morris • IP Options – Commercial Internet Protocol Security Option (CIPSO) – Federal Information Processing Standard (FIPS) - 188 Rev PA1 2002-05-22 26 Ericsson Canada

  27. Security Distribution • Network Labels – Labels used when performing remote access (subject and resource on different nodes) – Security Node ID (SnID) and Security ID (SID) of the subject are added to the IP message – On the receiving side these two information are extracted and used to build the network security ID (NSID) NSID = Function ( SnID, SID) – NSID is used as a local label for access control decisions Rev PA1 2002-05-22 27 Ericsson Canada

  28. Security Distribution • Network Buffer Label – Socket Buffer (<linux/skbuff.h>) – object to contain network packets in kernel struct sk_buff { . void *lsm_security; . } Rev PA1 2002-05-22 28 Ericsson Canada

  29. Network Labels • sk_buff Security Label Format typedef struct { int sid; . . . struct sk_buff *sk_buff; } sk_buff_security_t; Rev PA1 2002-05-22 29 Ericsson Canada

  30. Network Labels • sk_buff Security Label Attachment (sending side) – Security ID of sk_buff is taken from Security ID of the sending socket – Security Node ID is set up by the security server and is global in LSM module Rev PA1 2002-05-22 30 Ericsson Canada

  31. Network Labels • Security Information in Network Message – Message is modified on IP layer (adding options) – Security Node ID is taken from LSM module and attached to the message – Security ID is taken from sk_buff Security Label and attached to the message Rev PA1 2002-05-22 31 Ericsson Canada

  32. Network Labels • sk_buff Security Label Attachment (receiving side) – Extracting Security Node Id (SnID) and Security ID (SID) from the incoming message – Converting SnID and SID pair to Network Security ID (NID) based on the conversion table : NID = Fun(SnID,SID) – NID will be treated as a local label (local access control) Rev PA1 2002-05-22 32 Ericsson Canada

  33. Demo Architecture SnID2 SnID1 Shell Shell Server Client (HTTP Server) (HTTP Client) Resource Resource (Socket) (Socket) Resource Resource (Device) (Device) Hardware Hardware Rev PA1 2002-05-22 33 Ericsson Canada

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Outline Unix-style access control, contd CSci 5271 Multilevel and mandatory access control

Outline Unix-style access control, contd CSci 5271 Multilevel and mandatory access control

Outline Unix-style access control, contd CSci 5271 Multilevel and mandatory access control Introduction to Computer Security Access control, contd Announcements intermission Stephen McCamant Capability-based access control University

380 views • 7 slides
Access Control and Protection Overview Access control: What and Why Abstract Models of

Access Control and Protection Overview Access control: What and Why Abstract Models of

Access Control and Protection Overview Access control: What and Why Abstract Models of Access Control Discretionary acces control Mandatory access control Real systems: Unix Access Control Model Access control Access

817 views • 47 slides
Outline Multilevel and mandatory access control CSci 5271 Capability-based access control

Outline Multilevel and mandatory access control CSci 5271 Capability-based access control

Outline Multilevel and mandatory access control CSci 5271 Capability-based access control Introduction to Computer Security Announcements intermission Day 11: OS security: higher assurance Stephen McCamant OS trust and assurance University

303 views • 9 slides
Outline Multilevel and mandatory access control CSci 5271 Introduction to Computer Security

Outline Multilevel and mandatory access control CSci 5271 Introduction to Computer Security

Outline Multilevel and mandatory access control CSci 5271 Introduction to Computer Security Announcements intermission Day 10: OS security: access control Stephen McCamant Capability-based access control University of Minnesota, Computer

245 views • 5 slides
Outline Multilevel and mandatory access control CSci 5271 Introduction to Computer Security

Outline Multilevel and mandatory access control CSci 5271 Introduction to Computer Security

Outline Multilevel and mandatory access control CSci 5271 Introduction to Computer Security Announcements intermission Day 10: OS security: access control Stephen McCamant Capability-based access control University of Minnesota, Computer

486 views • 7 slides
Mandatory Access Control in Linux CMPSC 443 - Spring 2012 Introduction Computer and Network

Mandatory Access Control in Linux CMPSC 443 - Spring 2012 Introduction Computer and Network

Mandatory Access Control in Linux CMPSC 443 - Spring 2012 Introduction Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse443-s12/ CSE443 Introduction to Computer and Network Security - Spring 2012 - Professor Jaeger

231 views • 20 slides
Mandatory Access Control Mandatory Access Control 1 DAC DAC and Trojan Horse d T j H Brown:

Mandatory Access Control Mandatory Access Control 1 DAC DAC and Trojan Horse d T j H Brown:

Mandatory Access Control Mandatory Access Control 1 DAC DAC and Trojan Horse d T j H Brown: read, write Employee Brown Read Employee Black Brown: read write Black, Brown: read, write REJECTED! Blacks Employee Black is not allowed

565 views • 38 slides
D e f i n i t i o n o f S E L i n u x 80:20:DE:AD:BE:EF 80:20:DE:AD:BE:EF

D e f i n i t i o n o f S E L i n u x 80:20:DE:AD:BE:EF 80:20:DE:AD:BE:EF

D e f i n i t i o n o f S E L i n u x 80:20:DE:AD:BE:EF 80:20:DE:AD:BE:EF Mandatory Access Control ... refers to a type of access control by which the operating system constrains the ability of a subject or initiator to

599 views • 47 slides
Outline Basics of access control Unix-style access control CSci 5271 Introduction to Computer

Outline Basics of access control Unix-style access control CSci 5271 Introduction to Computer

Outline Basics of access control Unix-style access control CSci 5271 Introduction to Computer Security Announcements intermission Day 10: OS security: access control Multilevel and mandatory access control Stephen McCamant University of

324 views • 10 slides
Building a Remote Control Robot with Automotive Grade Linux Leon Anavi Konsulko Group

Building a Remote Control Robot with Automotive Grade Linux Leon Anavi Konsulko Group

Building a Remote Control Robot with Automotive Grade Linux Leon Anavi Konsulko Group leon.anavi@konsulko.com Embedded Linux Conference Europe 2017 23-25 October, Prague, Czech Republic Agenda Overview of AGL Selecting hardware

622 views • 30 slides
Access Control Access Control 1 Access Control Access control : ensures that all direct

Access Control Access Control 1 Access Control Access control : ensures that all direct

Access Control Access Control 1 Access Control Access control : ensures that all direct accesses to object are authorized a scheme for mapping users to allowed actions Protection objects : system resources for which protection is

576 views • 21 slides
Power Your Car with Automo0ve Grade Linux Automo&amp;ve Linux

Power Your Car with Automo0ve Grade Linux Automo&amp;ve Linux

Power Your Car with Automo0ve Grade Linux Automo&amp;ve Linux Summit 2017 Walt Miner ( @VStarWalt ) Community Manager, AGL , The Linux

594 views • 37 slides
Role-Based Access Control Corban Rivera CS 6204, Spring 2005 1 Trusted Computer System

Role-Based Access Control Corban Rivera CS 6204, Spring 2005 1 Trusted Computer System

Role-Based Access Control Corban Rivera CS 6204, Spring 2005 1 Trusted Computer System Evaluation Criteria (TCSEC) Background MAC Mandatory Access Control Firm security levels DAC Discretionary Access Control Access

240 views • 6 slides
Access Control Lists in Linux &amp; Windows Vasudevan Nagendra &amp; Yaohui Chen Fall 2014:: CSE

Access Control Lists in Linux &amp; Windows Vasudevan Nagendra &amp; Yaohui Chen Fall 2014:: CSE

Fall 2014:: CSE 506:: Section 2 (PhD) Access Control Lists in Linux &amp; Windows Vasudevan Nagendra &amp; Yaohui Chen Fall 2014:: CSE 506:: Section 2 (PhD) Categorization: Access Control Mechanisms Discretionary Access Control (DAC): Owner

1k views • 33 slides
Outline OS security: authentication, contd Basics of access control CSci 5271 Introduction

Outline OS security: authentication, contd Basics of access control CSci 5271 Introduction

Outline OS security: authentication, contd Basics of access control CSci 5271 Introduction to Computer Security Announcements intermission OS security: access control Unix-style access control Stephen McCamant Multilevel and mandatory

656 views • 9 slides
DAC and Trojan Horse Brown: read, write Employee Mandatory Access Control Brown B Read

DAC and Trojan Horse Brown: read, write Employee Mandatory Access Control Brown B Read

DAC and Trojan Horse Brown: read, write Employee Mandatory Access Control Brown B Read Employee R d E l Black, Brown: read, write REJECTED! Blacks Employee Black is not allowed To access Employee Black 1 2 Mandatory Access

433 views • 6 slides
Security and Authorization Ramakrishnan &amp; Gehrke, Chapter 21 320302 Databases &amp; Web

Security and Authorization Ramakrishnan &amp; Gehrke, Chapter 21 320302 Databases &amp; Web

Security and Authorization Ramakrishnan &amp; Gehrke, Chapter 21 320302 Databases &amp; Web Services (P. Baumann) 1 Overview Introduction Internet security Database access control How to hack a database 320302 Databases &amp;

659 views • 41 slides
Security model for embedded systems using Smack * Simple but secure * S implified M andatory A

Security model for embedded systems using Smack * Simple but secure * S implified M andatory A

Security model for embedded systems using Smack * Simple but secure * S implified M andatory A ccess C ontrol K ernel - Jos Bollo - - Jos Bollo - Con Contex text Jos Bollo Intel Eurogiciel Tizen Smack Linux 2

372 views • 20 slides
Outline Database Security: Research Motivation and Practice Access Control Multilevel

Outline Database Security: Research Motivation and Practice Access Control Multilevel

Outline Database Security: Research Motivation and Practice Access Control Multilevel Relational Data Model Concurrency and Object Oriented Elisa Bertino, Sushil Jajodia and issues Pierangela Samarati Conclusions Presented

492 views • 5 slides
CS 423 Operating System Design: MP4 Walkthrough Mohammad Noureddine Spring 2018 CS 423:

CS 423 Operating System Design: MP4 Walkthrough Mohammad Noureddine Spring 2018 CS 423:

CS 423 Operating System Design: MP4 Walkthrough Mohammad Noureddine Spring 2018 CS 423: Operating Systems Design Goals for Today Learning Objective: Understand Linux Security Modules Go through implementation details of MP4

702 views • 33 slides
Rewrite-Based Access Control Policies in Distributed Environments Maribel Fern andez Kings

Rewrite-Based Access Control Policies in Distributed Environments Maribel Fern andez Kings

Rewrite-Based Access Control Policies in Distributed Environments Maribel Fern andez Kings College London Joint work with Clara Bertolissi (LIF, Univ. Marseilles) 12th CREST Open Workshop - Security and Code April 2011 M. Fern andez

1.04k views • 30 slides
1 Multilevel Security Different security levels for resources Important systems A

1 Multilevel Security Different security levels for resources Important systems A

Last time Threats Introduction Threat analysis Policy Introduction to access Specification control matrix Design Implementation Operation and Maintenance 7/10 - 05 Distributed systems - Jonny Pettersson, UmU 1 Security in the

444 views • 13 slides
Man-in-the-Middle attacks revisited Hugo Jonker, Rolando Trujillo, Sjouke Mauw Man-in-the-middle

Man-in-the-Middle attacks revisited Hugo Jonker, Rolando Trujillo, Sjouke Mauw Man-in-the-middle

Man-in-the-Middle attacks revisited Hugo Jonker, Rolando Trujillo, Sjouke Mauw Man-in-the-middle attack Diffie-Hellman Alice Bob new na new nb g na g nb K = (g nb ) na K = (g na ) nb Man-in-the-middle attack Diffie-Hellman Alice Bob Alice

401 views • 25 slides
Breaking and Fixing Public-Key Kerberos Iliano Cervesato - Tulane University (Joint work with

Breaking and Fixing Public-Key Kerberos Iliano Cervesato - Tulane University (Joint work with

Breaking and Fixing Public-Key Kerberos Iliano Cervesato - Tulane University (Joint work with A. D. Jaggard, A. Scedrov, J.-K. Tsay, and C. Walstad) Partially supported by ONR and NSF Information and Software Engineering Department 30

278 views • 26 slides

More recommend