Thông tin tài liệu
SELinux
SELinux
2SELinux
Wikipedia says:
Wikipedia says:
Security-Enhanced Linux (SELinux) is an implementation
Security-Enhanced Linux (SELinux) is an implementation
of mandatory access control using Linux Security
of mandatory access control using Linux Security
Modules (LSM) in the Linux kernel, based on the
Modules (LSM) in the Linux kernel, based on the
principle of least privilege. It is not a Linux distribution,
principle of least privilege. It is not a Linux distribution,
but rather a set of modifications that can be applied to
but rather a set of modifications that can be applied to
Unix-like operating systems, such as Linux and BSD.
Unix-like operating systems, such as Linux and BSD.
3SELinux
What is SELinux?
What is SELinux?
A kernel level MAC (Mandatory Access Control) implementation for Linux
A kernel level MAC (Mandatory Access Control) implementation for Linux
Originally commissioned and built by/for the NSA
Originally commissioned and built by/for the NSA
A head-ache for the uninitiated
A head-ache for the uninitiated
Very effective if done right
Very effective if done right
Not the usual case BTW
Not the usual case BTW
One of three well known MAC implementations
One of three well known MAC implementations
Trusted Solaris
Trusted Solaris
Mainframe “Top Secret” and RACF.
Mainframe “Top Secret” and RACF.
Top Secret is a product of Computer Associates
Top Secret is a product of Computer Associates
RACF – Resource Access Control Facility
RACF – Resource Access Control Facility
RACF is the access control system used by IBM on its mainframe line of computers
RACF is the access control system used by IBM on its mainframe line of computers
4SELinux
Access Control Philosophies
Access Control Philosophies
MAC: Mandatory Access Control
MAC: Mandatory Access Control
Cannot be worked around
Cannot be worked around
I own it, not you.
I own it, not you.
Ex: Directory “Secret” is owned by “Agent”. “Agent” does not have
Ex: Directory “Secret” is owned by “Agent”. “Agent” does not have
authority to grant access to others. Only the “Owner” does.
authority to grant access to others. Only the “Owner” does.
DAC: Discretionary Access Control
DAC: Discretionary Access Control
It’s yours, do what you will.
It’s yours, do what you will.
Same example: “Agent” can grant access to whomever she cares.
Same example: “Agent” can grant access to whomever she cares.
RBAC: Role Based Access Control
RBAC: Role Based Access Control
Depending on what your role is, maybe.
Depending on what your role is, maybe.
If “Agent” has the correct Role, she can, otherwise she can’t.
If “Agent” has the correct Role, she can, otherwise she can’t.
5SELinux
SELinux past tense.
SELinux past tense.
Auditing and reporting support very limited and poorly
Auditing and reporting support very limited and poorly
integrated in SELinux.
integrated in SELinux.
One big ugly policy.
One big ugly policy.
No decent interface for managing policies.
No decent interface for managing policies.
SLIDE (new tool)
SLIDE (new tool)
Building policies was a flat file hack style.
Building policies was a flat file hack style.
Fresh files got no label. You had to comb the system to find and
Fresh files got no label. You had to comb the system to find and
label them manually.
label them manually.
Poor scalability with SMP.
Poor scalability with SMP.
6SELinux
Recent improvements.
Recent improvements.
FC4 policy now has over 120 confined domains, updates in Hardened Gentoo, and
FC4 policy now has over 120 confined domains, updates in Hardened Gentoo, and
support being mainstreamed into Debian.
support being mainstreamed into Debian.
Multi-Level Security support enhanced and mainstreamed.
Multi-Level Security support enhanced and mainstreamed.
Audit system enhanced and increasingly integrated.
Audit system enhanced and increasingly integrated.
RHEL5 entered into evaluation against CAPP (Controlled Access Protection
RHEL5 entered into evaluation against CAPP (Controlled Access Protection
Profile), LSPP (Labeled Security Protection Profile) , and RBAC (Role Based
Profile), LSPP (Labeled Security Protection Profile) , and RBAC (Role Based
Access Control) with SELinux coverage.
Access Control) with SELinux coverage.
Loadable policy modules, build and package policy modules separately.
Loadable policy modules, build and package policy modules separately.
Policy management API (libsemanage)
Policy management API (libsemanage)
Improved support for policy development: Polgen, SEEdit, SLIDE, CDS
Improved support for policy development: Polgen, SEEdit, SLIDE, CDS
Framework.
Framework.
Atomic labeling of new files.
Atomic labeling of new files.
File security labels visible for all filesystems exactly as seen by SELinux.
File security labels visible for all filesystems exactly as seen by SELinux.
Major improvements in SMP scalability.
Major improvements in SMP scalability.
Significant reduction in kernel memory use by policy.
Significant reduction in kernel memory use by policy.
Who Cares?
Who Cares?
8SELinux
National Security Administration
National Security Administration
Researchers in the Information Assurance Research Group of the National Security
Researchers in the Information Assurance Research Group of the National Security
Agency (NSA) worked with Secure Computing Corporation (SCC) to develop a
Agency (NSA) worked with Secure Computing Corporation (SCC) to develop a
strong, flexible mandatory access control architecture based on Type Enforcement,
strong, flexible mandatory access control architecture based on Type Enforcement,
a mechanism first developed for the LOCK system. The NSA and SCC developed
a mechanism first developed for the LOCK system. The NSA and SCC developed
two Mach-based prototypes of the architecture: DTMach and DTOS. The NSA and
two Mach-based prototypes of the architecture: DTMach and DTOS. The NSA and
SCC then worked with the University of Utah's Flux research group to transfer the
SCC then worked with the University of Utah's Flux research group to transfer the
architecture to the Fluke research operating system. During this transfer, the
architecture to the Fluke research operating system. During this transfer, the
architecture was enhanced to provide better support for dynamic security policies.
architecture was enhanced to provide better support for dynamic security policies.
This enhanced architecture was named Flask. The NSA has now integrated the
This enhanced architecture was named Flask. The NSA has now integrated the
Flask architecture into the Linux operating system to transfer the technology to a
Flask architecture into the Linux operating system to transfer the technology to a
larger developer and user community.
larger developer and user community.
- NSA Website
- NSA Website
9SELinux
What’s the point?
What’s the point?
Primarily for Government
Primarily for Government
Systems containing certain classifications of data are
Systems containing certain classifications of data are
required to run under a MAC solution.
required to run under a MAC solution.
Required for/on many government contracts
Required for/on many government contracts
Helps with audits
Helps with audits
Though not necessary, a MAC solution can make many of
Though not necessary, a MAC solution can make many of
today’s corporate audits MUCH easier.
today’s corporate audits MUCH easier.
10SELinux
Terminology:
Terminology:
Subject:
Subject:
A domain or process.
A domain or process.
Object:
Object:
A resource (file, directory, socket, etc.).
A resource (file, directory, socket, etc.).
Types:
Types:
A security attribute for files and other objects.
A security attribute for files and other objects.
Roles:
Roles:
A way to define what “types” a user can use.
A way to define what “types” a user can use.
Identities:
Identities:
Like a username, but specific to SELinux.
Like a username, but specific to SELinux.
Contexts:
Contexts:
Using a type, role and identity is a “Context.”
Using a type, role and identity is a “Context.”
[...]... (Discretionary Access Control) or RBAC Granted, a lot tighter than DAC, and has many similarities to RBAC SELinux 14 Reference material: The NSA Site: http://www.nsa.gov /selinux/ The Wikipedia reference: http://en.wikipedia.org/wiki /SELinux Heh, a “symposium”: http:/ /selinux- symposium.org/ SELinux 15 ... Average Gamer, etc SysAdmin, Architect, etc Cracker/Malicious Type SELinux 11 Hobbiest/Enthusiest How it applies Well, it pretty well doesn’t At this point, the only folks directly impacted by SELinux are those who manage the boxes, audit the boxes, or try to hack the boxes that are running it Indirectly: you can sleep better SELinux 12 Corporate Systems Guy A *REALLY* big pain That... *REALLY* big help Compliance sucks Being able to produce the type of reporting available with SELinux is great For systems running multiple clients or other entity types, think of it as a chroot jail that you can wrap around most anything An opportunity for training dollars “Hey boss, this stuff is a real trick!” SELinux 13 Cracker/Malicious Type Today, extremely annoying A new (well, kind of anyway) . SELinux SELinux 2SELinux Wikipedia says: Wikipedia says: Security-Enhanced Linux (SELinux) is an implementation Security-Enhanced Linux (SELinux) is an implementation. can’t. 5SELinux SELinux past tense. SELinux past tense. Auditing and reporting support very limited and poorly Auditing and reporting support very limited and poorly integrated in SELinux. . reference: http://en.wikipedia.org/wiki /SELinux http://en.wikipedia.org/wiki /SELinux Heh, a “symposium”: Heh, a “symposium”: http:/ /selinux- symposium.org/ http:/ /selinux- symposium.org/
Ngày đăng: 29/03/2014, 15:20
Xem thêm: SELinux pptx