18-01-2013, 03:49 PM
SELinux Security Enhanced Linux
SELinux.ppt (Size: 853 KB / Downloads: 313)
A Brief History
Originally started by the Information Assurance Research Group of the NSA, working with Secure Computing Corporation.
Based on a strong, flexible mandatory access control architecture based on Type Enforcement, a mechanism first developed for the LOCK system
Originally started as two prototypes: DTMach and DTOS which were eventually transferred over to the Fluke research operating system
Eventually the architecture was enhanced and renamed Flask. The NSA has now integrated the Flask architecture with Linux (SELinux)
What is the Idea behind SELinux?
An example of how mandatory access controls can be added into Linux (Confining the actions of a process, including a superuser process)
The security mechanisms implemented in the system provide flexible support for a wide range of security policies.
Make it possible to configure the system to meet a wide range of security requirements.
Documentation and source code is provided.
How do I get SELinux?
It comes as an installation option when you install a number of Linux distributions.
The latest release is also available from the NSA website http://www.nsa.gov/selinux/code/download-stable.cfm for download, along with documentation, all of the different libraries and the policy compiler.
The release includes a general-purpose security policy configuration designed to meet a number of security objectives, this can be used as an example to go off of.
Due to the flexibility of the system, the security policy can be modified and extended to customize for any given installation.
Mandatory Access Control (MAC)
A means of restricting access to objects based on the sensitivity of the information contained in the objects and whether they are authorized to access information of such sensitivity
Authorization is based on prerequisites being met, resulting in an individual gaining access
Enables the ability to deny users full control over the access to resources that they create
access control is based on the compatibility of the security properties of the data and the clearance properties of the individual
Type Enforcement
In order to grant access to something, an allow rule must be created, such as:
allow user_t bin_t : file {read execute getattr};
This means a process with a domain type of user_t can read, execute, or get attributes for a file object with a type of bin_t, there is no significance in the “_t” portion.
This rule might be in a policy to allow users to execute shell programs such as the bash shell (/bin/bash).
Another Option:
In addition to Type Enforcement, SELinux also provides a form of role-based access control (RBAC).
Roles build on type enforcement to limit the types to which a process may transition based on the role identifier in the process' security context.
Using roles is just a way to be even more specific about what access rights are given.
Conclusion
When used properly, SELinux can make a system much more secure
A user is confined to being able to do only what has been defined in the SELinux policy.
There are a few different routes that can be used to achieve the level of desired security using SELinux.