security enhanced linux
play

Security Enhanced Linux Thanks to David Quigley History SELinux - PowerPoint PPT Presentation

Aug 30, 2023 •324 likes •764 views

Security Enhanced Linux Thanks to David Quigley History SELinux Timeline 1985: LOCK (early Type Enforcement) 1990: DTMach / DTOS 1995: Utah Fluke / Flask 1999: 2.2 Linux Kernel (patch) 2000: 2001: 2.4 Linux Kernel (patch) 2002: LSM 2003:

  1. Security Enhanced Linux Thanks to David Quigley

  2. History

  3. SELinux Timeline 1985: LOCK (early Type Enforcement) 1990: DTMach / DTOS 1995: Utah Fluke / Flask 1999: 2.2 Linux Kernel (patch) 2000: 2001: 2.4 Linux Kernel (patch) 2002: LSM 2003: 2.6 Linux Kernel (mainline) 2006: Full network labeling Present

  4. Concepts

  5. Type Enforcement  Object(s): items in a system that are acted upon (files, IPC, sockets, etc….)  Subject(s): process that are requesting access to an object  All Objects and Subjects contain a security context  Security Context(s) are composed of four parts  All Security Context components are checked against the policy to see if access is allowed.  Type is the base component while role and user are used to further restrict type enforcement

  6. Security Contexts system_u:object_r:passwd_exec_t:s0:c0.c2-s2:c0.c1 user:role:type:sensitivity[:category,…][ - sensitivity[:category,…]]

  7. TE Access Control allow user_t bin_t : file {read execute write getattr setattr}  Source type(s): The domain type of the process accessing the object  Target type(s): The type of the object being accessed by the process  Object class(es): The class of object to permit access to  Permission(s): The kind of access permitted for the indicated object class

  8. Domain Transitions  Analogous to SetUID programs  Joe running as user_t (untrusted user) needs to change his password. How does Joe change his password?  allow user_t passwd_exec_t : file {getattr execute}  allow passwd_t passwd_exec_t : file entrypoint (A process in one domain transitions to another domain by executing an application that has the entrypoint type for the new domain)  allow user_t passwd_t : process transition  Main idea: restricts trusted domain passwd_t and allows user_t to transition to it.  Implicit domain transitions provided via type_transition.

  9. Domain Transitions (explained) A user wants to change their password. /usr/bin/passwd is labeled with the passwd_exec_t type: ~]$ ls -Z /usr/bin/passwd -rwsr-xr-x root root system_u:object_r:passwd_exec_t:s0 /usr/bin/passwd /usr/bin/passwd accesses /etc/shadow, which is labeled with the shadow_t type: ~]$ ls -Z /etc/shadow -r--------. root root system_u:object_r:shadow_t:s0 /etc/shadow A policy rule states that processes running in the passwd_t domain are allowed to read and write to files labeled with the shadow_t type. The shadow_t type is only applied to files that are required for a password change: /etc/gshadow, /etc/shadow. A policy rule states that the passwd_t domain has entrypoint permission to the passwd_exec_t type. When a user runs the passwd application, the user's shell process transitions to the passwd_t domain. A rule exists that allows (among other things) applications running in the passwd_t domain to access files labeled with the shadow_t type. /usr/bin/passwd is allowed to access /etc/shadow, and update the user's password.

  10. Users & Roles  First and second component of a security context  SELinux usernames and DAC usernames are not synonymous  Semanage is used to maintain mappings of DAC to SELinux usernames.  Roles are collections of types geared towards a purpose  Roles can be used to further restrict actions on the system  SELinux usernames are granted roles in the system

  11. MLS  MLS portion of Security Context is composed of 4 parts  Low/High  Sensitivity/Category  Includes syntax to define dominance of security levels  Subjects with range of levels considered trusted subjects  Implements a variation of Bell-La Padula

  12. Architecture

  13. LSM  Kernel framework for security modules  Provides a set of hooks to implement further security checks  Usually placed after existing DAC checks and before resource access  Implications? SELinux check is not called if the DAC fails  Makes auditing difficult at times.

  14. SELinux LSM Module Policy Management User Space Interface Kernel Space Selinux Filesystem Various Kernel Access Cache Miss Security Server Object Vector (Policy Rules and LSM Yes or No? Managers Cache Access Decision Logic) Hooks SELinux LSM Module Figure taken from SELinux by Example

  15. Userspace Object Managers User-Space Object Manager Allow access? Access Vector Cache Yes or No? libselinux Policy Management User Space Interface Kernel Space Selinux Filesystem Access Security Server Cache Miss Vector (Policy Rules and Yes or No? Cache Access Decision Logic) Figure taken from SELinux by Example

  16. Policy Server Policy User-Space Load Management Object Manager User Policy Interface Policy User-Space Management Cache Miss? Access Security Server Vector Server Yes or No? Cache libselinux Policy Server User Space Kernel Space Selinux Filesystem Access Security Server Cache Miss Vector (Policy Rules and Yes or No? Cache Access Decision Logic) Figure taken from SELinux by Example

  17. Policy Language Policy Source Modules Checkpolicy policy.conf Classes and Permissions Binary Policy File Type Enforcement Make, Scripts, Statements load_policy M4, and so on (Types, TE Rules, Roles, Users) Kernel Space Selinux Filesystem Constraints Access Security Server Resource labeling Cache Miss Vector (Policy Rules and Specifications Yes or No? Cache Access Decision Logic) SELinux LSM Module Figure taken from SELinux by Example

  18. Networking

  19. Network Labeling  Three methods of labeling  netifcon (interface)  nodecon (host)  portcon (port)  Object classes for interfaces, sockets, nodes etc.

  20. Network Labeling: IPSEC/xfrm  Implicit packet labeling via IPSEC/xfrm. NETLINK_XFRM (xfrm = “transform”) provides an interface to manage the  IPsec security association and security policy databases. It is mostly used by Key Manager daemons when they are used in Internet Key Exchange protocol.  Security context stored in xfrm policy rules and states.  Authorize socket's use of policy based on context.  Build SAs with context of policy.  Included in Linux 2.6.16.

  21. Network Control: SECMARK  Motivation: Existing SELinux network controls very limited in expressiveness and coverage.  Solution: Separate labeling from enforcement.  Use iptables to select and label packets.  Use SELinux to enforce policy based on those labels.  SECMARK and CONNSECMARK targets added.  http://james-morris.livejournal.com/11010.html  For 2.6.18.

  22. Network Labeling: MLS enhancements  Granular IPSEC associations  Allow a single xfrm policy rule to cover a MLS range.  Instantiate individual SAs for individual levels within the range.  Flow labeling outside of socket context  Label based on origin when no socket involved (e.g. forward)  Label socket IPSEC policy from socket.  Label TCP child sockets from peer.  In progress, see redhat-lspp and netdev lists.

  23. Network Labeling: NetLabel  Explicit packet labeling via IP option.  Motivation: Compatibility with other trusted OSes.  Also avoids requiring use of iPSEC for labeling.  Also enables packet filtering based on the explicit labels.  Presently limited to CIPSO, MLS labels.  Code and info at http://free.linux.hp.com/~pmoore/projects/linux_cips o/

  24. SELinux Policy Language

  25. Object Classes  Represents resources of a certain kind  Policy must include declarations for all object classes  Classes  File related (blk_file,chr_file,dir,fd …)  Network related (socket, packet_socket, rawip_socket, …)  IPC related (ipc, msg, msgq, sem, shm)  Misc Classes (capability, process, security, system)

  26. Permissions  Specific to a particular Object Class  Includes traditional Linux permissions  Extends existing permissions to be finer grained  Includes SELinux specific permissions for labeling

  27. Type Enforcement  Several major keywords  type  attribute  typeattribute  typealias  allow  dontaudit  auditallow  neverallow  type_transition  type_change

  28. RBAC  Adds 2 components to security context  user  role  Adds 3 policy language keywords  allow (different than AVC allow)  role_transition (similar to type_transition)  dominance

  29. Multilevel Security  Policy Declares Levels and categories  applies constraints on objects and permissions with MLS dominance keywords  ==, !=, eq, dom, domby, incomp  mlsconstrain file {create relabelto } { l2 eq h2 }  mlsvalidatetrans transitions between levels  Still requires a lot of work

  30. Conditional Policies Allows enabling/disabling portions of policy  Booleans define in policy  Logical operations allowed  &&  ||  ^  !  ==  !=  Does not support nested conditionals  Booleans modified through special applications or SELinuxfs 

  31. Reference Policy Maintained by NSA and FC Mailing Lists  Compiles into three versions   Strict, Targeted, MLS Stats   Version .18  Object Classes 55  Common Permissions 3, Permission 205  Types 1589  allow 372755, auditallow 12, dontaudit 238663  type_transition 2657, type_change 68  roles 6, RBAC allow 6, role_transition 97, users 3  bools 70

  32. Userspace

  33. Components  checkpolicy  libselinux  libsemanage  libsepol  policycoreutils

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Advanced Systems Security: Security-Enhanced Linux Trent Jaeger Systems and Internet

Advanced Systems Security: Security-Enhanced Linux Trent Jaeger Systems and Internet

Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security: Security-Enhanced Linux Trent

474 views • 26 slides
M eeting Critical Security Objectives with Security-Enhanced Linux Peter A. Loscocco

M eeting Critical Security Objectives with Security-Enhanced Linux Peter A. Loscocco

M eeting Critical Security Objectives with Security-Enhanced Linux Peter A. Loscocco Information Assurance Research G roup National Security Agency Co-author: Stephen D. Smalley, NAI Labs 1 roup Inform ation A ssurance R esearch G

476 views • 43 slides
Policy Analysis for Security-Enhanced Linux Beata Sarna-Starosta and Scott D. Stoller Computer

Policy Analysis for Security-Enhanced Linux Beata Sarna-Starosta and Scott D. Stoller Computer

Policy Analysis for Security-Enhanced Linux Beata Sarna-Starosta and Scott D. Stoller Computer Science Department State University of New York at Stony Brook http://www.cs.sunysb.edu/stoller/ 1 Security-Enhanced Linux (SELinux) SELinux =

695 views • 21 slides
Secure Enhanced Linux Julian Richen SELinux? Started as a research project from the National

Secure Enhanced Linux Julian Richen SELinux? Started as a research project from the National

Secure Enhanced Linux Julian Richen SELinux? Started as a research project from the National Security Agency (NSA) A set of patches using the Linux Security Modules (LSM) Hardening GNU/Linux systems with extra security policies and

349 views • 15 slides
Linux System Security Tunables Linux System Security Tunables Linux System Security Tunables

Linux System Security Tunables Linux System Security Tunables Linux System Security Tunables

Linux System Security Tunables Linux System Security Tunables Linux System Security Tunables http://outflux.net/slides/2013/drupal/tunables.pdf R0Ng DrupalCon Portland 2013 Kees Cook <keescook@google.com> (pronounced Case) Who is

474 views • 33 slides
Security Enhanced (SE) Android: Bringing Flexible MAC to Android Stephen Smalley and Robert Craig

Security Enhanced (SE) Android: Bringing Flexible MAC to Android Stephen Smalley and Robert Craig

Security Enhanced (SE) Android: Bringing Flexible MAC to Android Stephen Smalley and Robert Craig Trusted Systems Research National Security Agency Motivation Android security relies on Linux DAC. To protect the system from apps. To

480 views • 21 slides
Security- -Enhanced Darwin: Enhanced Darwin: Security Porting SELinux to Mac OS X Porting

Security- -Enhanced Darwin: Enhanced Darwin: Security Porting SELinux to Mac OS X Porting

Security- -Enhanced Darwin: Enhanced Darwin: Security Porting SELinux to Mac OS X Porting SELinux to Mac OS X SELinux Symposium 2007 ELinux Symposium 2007 S Chris Vance Information Systems Security Operation, SPARTA, Inc.

700 views • 26 slides
Tizen, Security and The Internet of Things Casey Schaufler 1 Casey Schaufler Security

Tizen, Security and The Internet of Things Casey Schaufler 1 Casey Schaufler Security

Tizen, Security and The Internet of Things Casey Schaufler 1 Casey Schaufler Security Dinosaur Smack Linux Security Module Manager Tizen and Linux Kernel Security 2 Tizen Linux based operating system Project of the Linux

486 views • 23 slides
TOMOYO Linux A Lightweight and Manageable Security System for PC and Embedded Linux

TOMOYO Linux A Lightweight and Manageable Security System for PC and Embedded Linux

CE Linux Forum Worldwide Embedded Linux Conference 2007 April 17-19, 2007 TOMOYO Linux A Lightweight and Manageable Security System for PC and Embedded Linux http://tomoyo.sourceforge.jp/ Toshiharu Harada Tetsuo Handa NTT DATA

654 views • 47 slides
Network Security Fundamentals Security Training Course Dr. Charles J. Antonelli The University

Network Security Fundamentals Security Training Course Dr. Charles J. Antonelli The University

Network Security Fundamentals Security Training Course Dr. Charles J. Antonelli The University of Michigan 2013 Network Security Fundamentals Module 9 Linux Security & Logging Linux Security Real-World Linux Security RHEL

739 views • 41 slides
Basic Linux Original slides from GTFO Security outline Linux What it is? Commands

Basic Linux Original slides from GTFO Security outline Linux What it is? Commands

Basic Linux Original slides from GTFO Security outline Linux What it is? Commands Filesystem / Shell Package Management Services run on Linux mail dns web central authentication router

1.55k views • 23 slides
TOMOYO Linux News! A Lightweight and Manageable Security System for PC and Embedded Linux

TOMOYO Linux News! A Lightweight and Manageable Security System for PC and Embedded Linux

TOMOYO Linux News! A Lightweight and Manageable Security System for PC and Embedded Linux PDF version of ELC2007 slide is available: CE Linux Forum Wiki TomoyoLinux http://tree.celinuxforum.org/CelfPubWiki/TomoyoLinux (bookmark and

890 views • 48 slides
Linux Kernel Self Protection Project Linux Security Summit, Los Angeles September 14, 2017 Kees

Linux Kernel Self Protection Project Linux Security Summit, Los Angeles September 14, 2017 Kees

Linux Kernel Self Protection Project Linux Security Summit, Los Angeles September 14, 2017 Kees (Case) Cook keescook@chromium.org https://outflux.net/slides/2017/lss/kspp.pdf Agenda Background Security in the context of

652 views • 52 slides
Linux Security State of Linux Security in 2016 Michael Boelen michael.boelen@cisofy.com DBLUG,

Linux Security State of Linux Security in 2016 Michael Boelen michael.boelen@cisofy.com DBLUG,

Linux Security State of Linux Security in 2016 Michael Boelen michael.boelen@cisofy.com DBLUG, 7 December 2016 Michael Boelen Open Source Lynis, Rootkit Hunter Business and Community Founder of CISOfy Board member and

454 views • 18 slides
Linux Overview Amir Hossein Payberah payberah@gmail.com 1 Agenda Linux Overview Linux

Linux Overview Amir Hossein Payberah payberah@gmail.com 1 Agenda Linux Overview Linux

Linux Overview Amir Hossein Payberah payberah@gmail.com 1 Agenda Linux Overview Linux Distributions Linux vs Windows Linux Architecture Linux Security 2 What is Linux? Similar Operating System To Microsoft Windows, Sun

1.11k views • 55 slides
Linux Hardening Locking Down Linux To Increase Security Michael Boelen michael.boelen@cisofy.com

Linux Hardening Locking Down Linux To Increase Security Michael Boelen michael.boelen@cisofy.com

Linux Hardening Locking Down Linux To Increase Security Michael Boelen michael.boelen@cisofy.com s-Hertogenbosch, 1 March 2016 Meetup: Den Bosch Linux User Group Goals 1. Learn what to protect 2. Know some strategies 3. Learn tooling Focus

912 views • 60 slides
www.iapf.ie Def Defaul ult Fund Fund versus versus In Inve vestm stment Choice Choice Jam

www.iapf.ie Def Defaul ult Fund Fund versus versus In Inve vestm stment Choice Choice Jam

www.iapf.ie Def Defaul ult Fund Fund versus versus In Inve vestm stment Choice Choice Jam James Skehan Skehan Head of Head of Pensions, Pensions, New New Ire Irelan and Assurance Assurance Di Director, ctor, Gener General In Inve

831 views • 21 slides
Machine Learning - MT 2017 2. Mathematical Basics Christoph Haase University of Oxford October

Machine Learning - MT 2017 2. Mathematical Basics Christoph Haase University of Oxford October

Machine Learning - MT 2017 2. Mathematical Basics Christoph Haase University of Oxford October 11, 2017 About this lecture No Machine Learning without rigorous mathematics This should be the most boring lecture Serves as reference

868 views • 42 slides
Sparse and TV Kaczmarz solvers and the linearized Bregman method Dirk Lorenz, Frank Schpfer,

Sparse and TV Kaczmarz solvers and the linearized Bregman method Dirk Lorenz, Frank Schpfer,

Sparse and TV Kaczmarz solvers and the linearized Bregman method Dirk Lorenz, Frank Schpfer, Stephan Wenger, Marcus Magnor, March, 2014 Sparse Tomo Days, DTU Motivation Split feasibility problems Sparse Kaczmarz and TV-Kaczmarz Application

1.04k views • 67 slides
Portable, Scalable, per-Core P t bl S l bl C Power Estimation Sally A. McKee Chalmers

Portable, Scalable, per-Core P t bl S l bl C Power Estimation Sally A. McKee Chalmers

Portable, Scalable, per-Core P t bl S l bl C Power Estimation Sally A. McKee Chalmers University of Technology Chalmers University of Technology Why Care about Power? Packaging/cooling Operating costs Performance

665 views • 33 slides
Ethereum Transactions and Smart Contracts Prof. Tom Austin San Jos State University

Ethereum Transactions and Smart Contracts Prof. Tom Austin San Jos State University

Cryptocurrencies & Security on the Blockchain Ethereum Transactions and Smart Contracts Prof. Tom Austin San Jos State University Transactions Transactions Signed messages triggered by EOA Atomic If they fail, they roll back

536 views • 22 slides
INFO SESSION OCTOBER 2019 And now... TRIVIA! Where is this located? What country is this

INFO SESSION OCTOBER 2019 And now... TRIVIA! Where is this located? What country is this

Accepted Students INFO SESSION OCTOBER 2019 And now... TRIVIA! Where is this located? What country is this food from? Where is this located? What body of water is this? What country does this flag belong to? STARBURST GAME Orange:

641 views • 38 slides
CORRECTNESS CRITERIA FOR CONCURRENCY & PARALLELISM 2 6/16/2010

CORRECTNESS CRITERIA FOR CONCURRENCY & PARALLELISM 2 6/16/2010

1 6/16/2010 Correctness Criteria for Parallelism & Concurrency CORRECTNESS CRITERIA FOR CONCURRENCY & PARALLELISM 2 6/16/2010 Correctness Criteria for

956 views • 49 slides
By Jason Hahnstadt Offense is all about a5ack, assault,

By Jason Hahnstadt Offense is all about a5ack, assault,

By Jason Hahnstadt Offense is all about a5ack, assault, and surprise - striking the first blow. Offense must have the ability to force the

1.07k views • 53 slides

More recommend