selinux protected paths revisited
play

SELinux Protected Paths Revisited Trent Jaeger Department of - PowerPoint PPT Presentation

Feb 24, 2024 •376 likes •629 views

SELinux Protected Paths Revisited Trent Jaeger Department of Computer Science and Engineering Pennsylvania State University March 1, 2006 Department of Computer Science & Engineering 1 Talk Topics Mechanism for MAC enforcement between

  1. SELinux Protected Paths Revisited Trent Jaeger Department of Computer Science and Engineering Pennsylvania State University March 1, 2006 Department of Computer Science & Engineering 1

  2. Talk Topics  Mechanism for MAC enforcement between 2 machines  Labeled IPsec  Protected Paths  Are we ready?  Distributed System MAC  What else do we need?  Claims  Distributed enforcement: distributed, shared monitor  Trust in that enforcement: trust representation  Simplicity and scalability: can virtual machines help? Department of Computer Science & Engineering 2

  3. Mandatory Access Control Appl Appl Appl SELinux MAC Linux Kernel Policy Module Department of Computer Science & Engineering 3

  4. Mandatory Access Control Appl Appl Appl SELinux MAC X File Policy Module Linux Kernel Department of Computer Science & Engineering 4

  5. Network MAC System System X Appl Appl Appl Appl Appl Appl Linux Kernel SELinux MAC Linux Kernel SELinux MAC Module Policy Module Policy Department of Computer Science & Engineering 5

  6. Client-Server MAC Server Client Worker Appl Appl Appl Appl Appl Server Linux Kernel SELinux MAC Linux Kernel SELinux MAC Module Policy Module Policy Department of Computer Science & Engineering 6

  7. Location-independent MAC Base System Remote System Appl Appl New Appl Appl Master Create Linux Kernel SELinux MAC Linux Kernel SELinux MAC Module Policy Module Policy Department of Computer Science & Engineering 7

  8. Labeled IPsec Leverage IPsec Advantages  Secure communication  Easy to integrate to kernel MAC  Add MAC Labeling to IPsec  Control application access to IPsec “channels”  Can only send/receive with MAC permission  Results  Application to application control is possible  BLP controls between applications on different machines  Applications can use labeling information   Label child processes Part of Linux 2.6.16-rc* kernel  Will be in 2.6.16 kernel  Department of Computer Science & Engineering 8

  9. Client-Server Usage System System Worker Appl Appl Appl Appl Appl Appl Access Access OS Kernel MAC OS Kernel MAC Control Control Policy Policy Module Module (1) Black must be able to access green policy (among others) (2) Black can extract label of SA for socket (3) Prototyped using getsockopt(…, SO_PEERSEC) Department of Computer Science & Engineering 9

  10. Get Peer Label  TCP  Is a socket connected? (TCP_ESTABLISHED)  getsockopt(.. SO_PEERSEC ..)  dst_entry cache of socket (labeled SA)  UDP  Connectionless  Set IP_PASSSEC socket option  recvmsg now returns context as well  For UNIX stream, dgram (soon) and INET stream, dgram  Work by Catherine Zhang at IBM Research Department of Computer Science & Engineering 10

  11. Use Labels in Client Control  Network Services  vsftpd, xinetd  Get label using TCP method  Configuration  Get xinetd to use labels based on configuration  Storage Security  Proxy-based  Server proxy limits access based on client label  Server is trusted  Client proxy connects based on client label  Client proxy processes need not be trusted Department of Computer Science & Engineering 11

  12. Distributed MAC Goal  Protected Paths  From “Inevitability of Failure”  Direct, Authenticated Communication  Integrity-preserved from input to output  Get peer’s label reliably  Comparable to  Authenticated IPC  UNIX domain sockets  Where are we relative to achieving protected paths for real?  Are protected paths enough? Department of Computer Science & Engineering 12

  13. Protected Paths Operating Systems Operating Systems Window Manager Window Manager Application Application Xserver Xserver Network Department of Computer Science & Engineering 13

  14. Protected Paths Operating Systems Operating Systems Window Manager Window Manager Application Application Xserver Xserver Network MAC Label Department of Computer Science & Engineering 14

  15. Protected Paths Operating Systems Operating Systems Window Manager Window Manager Application Application Xserver Xserver Network Attest MAC Label User Department of Computer Science & Engineering 15

  16. Protected Path Challenges  User-to-Application  Xserver Control  Window Manager Control  Application-to-OS  Labeled IPsec  Application Control Using Label  OS-to-OS  Reference Monitoring  MAC Policy, Labeling  Remote Attestation, Building Trust from Secure Hardware Department of Computer Science & Engineering 16

  17. Existing Solutions  Distributed Policy Management  E.g., Tivoli Access Manager, Microsoft Windows Domains  Virtual Machine Systems  NetTop  Terra  Logic of Authentication  Taos and Secure Boot  Trust Management Systems  E.g., PolicyMaker, KeyNote, etc.  Trust Negotiation Department of Computer Science & Engineering 17

  18. Secure Coalition System  Recent IBM Technical Report -- RC23865  Work with J. McCune at CMU; S. Berger, R. Caceres, R. Sailer at IBM Research Department of Computer Science & Engineering 18

  19. Distributed, Shared Monitor  Distributed, Shared Reference Monitor  TPM attestation of each physical machine’s reference monitor  Common enforcement properties: monitoring, MAC policy Department of Computer Science & Engineering 19

  20. Virtual Machines  Advantages  Coarser-grained protections  Coarser-grained policy  Simpler reference monitor  VM per application (simplify policy within VM)  Challenges  Dynamic policy (Yin and Wang, USENIX 2005)  Doesn’t fix user-to-user (Nitpicker’s, ACSAC 2005)  Translate into client-specific rights (finer-grained)  Scalable construction, maintenance of trust Department of Computer Science & Engineering 20

  21. Building Trust  Build Trust in Other System’s Reference Monitoring  And MAC Policy  And Labeling of Subjects and Objects  Why is this necessary?  Internet-scale  Register TPM and physical protection, but a different admin  Administration errors  Misconfiguration of a machine  Malice  Compromised platform  Build trust from secure hardware up Department of Computer Science & Engineering 21

  22. Internet-Scale Distributed Systems  Simple Langauge of Trust  Limited by Reference Monitoring Properties  Monotonic Reasoning  Multiple Layers of Reasoning  Machine  Virtual Machine  Coalition  Building Systems to Test Soundness/Completeness  Web Hosting  Internet Suspend/Resume  Distributed Computations -- Student Testing Department of Computer Science & Engineering 22

  23. Summary  Aim: Network MAC to Distributed System MAC  Have IPsec MAC controls  What is an appropriate goal for distributed system MAC  Protected Paths plus Remote Attestation plus Virtual Machines?  Distributed, Shared Reference Monitor  Several Challenges Remain  Trust across systems  Compatibility (policy, labeling) across systems  Service awareness  Building all the way to the user Department of Computer Science & Engineering 23

  24. Questions?  Contact  Trent Jaeger, tjaeger@cse.psu.edu  Penn State SIIS Lab, siis.cse.psu.edu  www.cse.psu.edu/~tjaeger  DSRM prototype report  IBM Tech Report  RC23865 -- With McCune, Berger, Caceres, Sailer  Linux kernel  www.kernel.org  SELinux  www.nsa.gov/selinux Department of Computer Science & Engineering 24

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

What is SELinux trying to tell me? The 4 key causes of SELinux errors. SELinux Problem

What is SELinux trying to tell me? The 4 key causes of SELinux errors. SELinux Problem

What is SELinux trying to tell me? The 4 key causes of SELinux errors. SELinux Problem Solutions 1.SELinux == Labeling 2.SELinux Needs to Know 3.SELinux Policy/Apps can have bugs. 4.You could be COMPROMISED!!!! SELinux == Labeling Every

611 views • 11 slides
Hands-on SELinux: A Practical Introduction Security Training Course Dr. Charles J. Antonelli

Hands-on SELinux: A Practical Introduction Security Training Course Dr. Charles J. Antonelli

Hands-on SELinux: A Practical Introduction Security Training Course Dr. Charles J. Antonelli The University of Michigan 2012 Roadmap Day 1: Why SELinux? Overview of SELinux Using SELinux SELinux Permissive Domains Day

1.71k views • 60 slides
Hands-on SELinux: A Practical Introduction Security Training Course Dr. Charles J. Antonelli

Hands-on SELinux: A Practical Introduction Security Training Course Dr. Charles J. Antonelli

Hands-on SELinux: A Practical Introduction Security Training Course Dr. Charles J. Antonelli The University of Michigan 2013 Roadmap Day 1: Why SELinux? Overview of SELinux Using SELinux SELinux Permissive Domains Day

693 views • 45 slides
SELinux Policy Within Package Managers Why policy is special 1 SELinux? Policy? What?

SELinux Policy Within Package Managers Why policy is special 1 SELinux? Policy? What?

SELinux Policy Within Package Managers Why policy is special 1 SELinux? Policy? What? SELinux is a MAC system for Linux Enabled by default on Fedora, RHEL Available on Ubuntu, Gentoo, Debian, etc Policies are available for

579 views • 16 slides
Dynamics Reading Group Optimal paths: Revisited Paul Ritchie Supervisor: Jan Sieber 19th

Dynamics Reading Group Optimal paths: Revisited Paul Ritchie Supervisor: Jan Sieber 19th

Dynamics Reading Group Optimal paths: Revisited Paul Ritchie Supervisor: Jan Sieber 19th November 2015 Paul Ritchie , Supervisor: Jan Sieber Optimal paths: Revisited 19th November 2015 Overview Stochastic differential equation: x = f (

345 views • 16 slides
Fully dynamic all-pairs shortest paths with worst-case update-time revisited Ittai Abraham 1 Shiri

Fully dynamic all-pairs shortest paths with worst-case update-time revisited Ittai Abraham 1 Shiri

Fully dynamic all-pairs shortest paths with worst-case update-time revisited Ittai Abraham 1 Shiri Chechik 2 Sebastian Krinninger 3 1 Hebrew University of Jerusalem 2 Tel-Aviv University 3 Max Planck Institute for Informatics Saarland Informatics

918 views • 65 slides
An Introduction to SELinux Presentation Toshaan Bharvani - VanTosh bvba < toshaan@vantosh.com

An Introduction to SELinux Presentation Toshaan Bharvani - VanTosh bvba < toshaan@vantosh.com

An Introduction to SELinux Toshaan Bharvani - VanTosh bvba Introduction How to use it SELinux states Managing SELinux FroSCon 2012 Policies 25 August 2012 The End An Introduction to SELinux Presentation Toshaan Bharvani - VanTosh

466 views • 29 slides
"Interesting" Paths = Shortest Paths? "Interesting" Paths Shortest Paths!

"Interesting" Paths = Shortest Paths? "Interesting" Paths Shortest Paths!

WiSP : Weighted Shortest Paths for RDF graphs Gonzalo Tartari, Aidan Hogan DCC, Universidad de Chile "Interesting" Paths = Shortest Paths? "Interesting" Paths Shortest Paths! (Many of the) Existing Approaches Enumerate

783 views • 52 slides
SENG: An Enhanced Policy SENG: An Enhanced Policy Language for SELinux Language for SELinux

SENG: An Enhanced Policy SENG: An Enhanced Policy Language for SELinux Language for SELinux

SENG: An Enhanced Policy SENG: An Enhanced Policy Language for SELinux Language for SELinux Paul Kuliniewicz <kuliniew@purdue.edu> CERIAS, Purdue University Overview Overview What's wrong with macros? Can we do better?

947 views • 60 slides
Security- -Enhanced Darwin: Enhanced Darwin: Security Porting SELinux to Mac OS X Porting

Security- -Enhanced Darwin: Enhanced Darwin: Security Porting SELinux to Mac OS X Porting

Security- -Enhanced Darwin: Enhanced Darwin: Security Porting SELinux to Mac OS X Porting SELinux to Mac OS X SELinux Symposium 2007 ELinux Symposium 2007 S Chris Vance Information Systems Security Operation, SPARTA, Inc.

700 views • 26 slides
Plan Discrete paths as Heyting algebras Discrete paths as categories Discrete paths as quantales

Plan Discrete paths as Heyting algebras Discrete paths as categories Discrete paths as quantales

Discrete paths as Heyting algebras Discrete paths as categories Discrete paths as quantales Counting idempotents Conclusions Algebra and logic of discrete paths 1 Luigi Santocanale LIS (team LIRICA), Aix-Marseille Universit e, France S

1.31k views • 108 slides
State of SELinux Paul Moore September 2017 Kernel Changes Obligatory Container Slide

State of SELinux Paul Moore September 2017 Kernel Changes Obligatory Container Slide

State of SELinux Paul Moore September 2017 Kernel Changes Obligatory Container Slide Individual file labeling for cgroup, cgroup2, and tracefs Allows for labels unique to each container, enabling SELinux enforced separation for these

482 views • 16 slides
Current Flight Paths Current Flight Paths Current approach and departure paths are all over

Current Flight Paths Current Flight Paths Current approach and departure paths are all over

Current Flight Paths Current Flight Paths Current approach and departure paths are all over water and avoid noise sensitive areas Flight paths are typically based on guidance from ground based navigational aids which result in linear

455 views • 13 slides
SELinux Example: I may chmod o+a the file containing 506 grades, which violates

SELinux Example: I may chmod o+a the file containing 506 grades, which violates

12/6/12 MAC vs. DAC By default, Unix/Linux provides Discretionary Access Control The user (subject) has discretion to set security policies (or not) SELinux Example: I may chmod o+a the file containing 506 grades,

412 views • 5 slides
SElinux filesystem filesystem labeling labeling SElinux and type enforcement and type

SElinux filesystem filesystem labeling labeling SElinux and type enforcement and type

SElinux filesystem filesystem labeling labeling SElinux and type enforcement and type enforcement November 13, 2020 Administrative Administrative submittal instructions submittal instructions answer the lab assignments

356 views • 24 slides
General Introduction to Protected Areas and IUCNs Role in Protected Areas Sub-Regional

General Introduction to Protected Areas and IUCNs Role in Protected Areas Sub-Regional

General Introduction to Protected Areas and IUCNs Role in Protected Areas Sub-Regional Workshop for West Asia and North Africa on Capacity Building for the Implementation of the CBD Programme of Work on Protected Areas Dubai, 16-20 April 2012

692 views • 31 slides
Leurr.com com: : Leurr. a worldwide distributed platform a worldwide distributed platform

Leurr.com com: : Leurr. a worldwide distributed platform a worldwide distributed platform

Leurr.com com: : Leurr. a worldwide distributed platform a worldwide distributed platform to study Internet threats to study Internet threats Deployed and and Managed Managed by by Deployed The Eurecom Eurecom Institute Institute

607 views • 31 slides
KDE@School (using FreeNX) aKademy 2007 3 rd of July Mario Fux The Overview The Demo The Me

KDE@School (using FreeNX) aKademy 2007 3 rd of July Mario Fux The Overview The Demo The Me

KDE@School (using FreeNX) aKademy 2007 3 rd of July Mario Fux The Overview The Demo The Me The School The Problem The Proposal The Present The Future The Evaluation The Statistics The End KDE@School -

652 views • 18 slides
TCP spoofing Alice trusts Bob (e.g., logins on Alice are allowed with no password if TCP

TCP spoofing Alice trusts Bob (e.g., logins on Alice are allowed with no password if TCP

TCP spoofing Alice trusts Bob (e.g., logins on Alice are allowed with no password if TCP connection comes from host Bob) Mallory wants to impersonate Bob when opening a TCP/IP: TCP TCP connection to Alice Steps M kills B (e.g.,

349 views • 3 slides
Introduction Bugs CL1 23: Definition Examples Getting it right and Algorithms

Introduction Bugs CL1 23: Definition Examples Getting it right and Algorithms

Introduction Bugs CL1 23: Definition Examples Getting it right and Algorithms getting it wrnog Foundation of computer programs All applications are programs Monday 13/11/2006 Software design Minimising the

419 views • 5 slides
Lecture 18 Java Graphics and GUIs Zach Tatlock / Spring 2018 The plan Today: introduction to

Lecture 18 Java Graphics and GUIs Zach Tatlock / Spring 2018 The plan Today: introduction to

CSE 331 Software Design and Implementation Lecture 18 Java Graphics and GUIs Zach Tatlock / Spring 2018 The plan Today: introduction to Java graphics and Swing/AWT libraries Then: event-driven programming and user interaction None of this is

310 views • 30 slides
19 Final thoughts CS 2043: Unix Tools and Scripting, Spring 2019 [1] Matthew Milano March 8,

19 Final thoughts CS 2043: Unix Tools and Scripting, Spring 2019 [1] Matthew Milano March 8,

19 Final thoughts CS 2043: Unix Tools and Scripting, Spring 2019 [1] Matthew Milano March 8, 2019 Cornell University 1 Table of Contents 1. Back to desktop environments 2. Linux everywhere 3. Linux everywhere 2 Back to desktop

190 views • 16 slides
The Window Manager Construction Toolkit KWin goes Scripting Martin Gr alin

The Window Manager Construction Toolkit KWin goes Scripting Martin Gr alin

The Window Manager Construction Toolkit KWin goes Scripting Martin Gr alin mgraesslin@kde.org Akademy 2012 01.07.2012 Agenda 1 History of KWin Scripting 2 Scriptable Types of KWin 3 Influence on Codebase 4 Example of 3rd Party Usage 5

603 views • 49 slides
Vim on Your Own System OS X Included; open a terminal and enter vim Linux Included or in package

Vim on Your Own System OS X Included; open a terminal and enter vim Linux Included or in package

Session 4: tmux P . S. Langeslag 8 November 2018 Vim on Your Own System OS X Included; open a terminal and enter vim Linux Included or in package repositories; install the gvim package for full clipboard functionality Windows Download fsom

805 views • 32 slides

More recommend