You are on page 1of 15

SELinux

such as Linux and BSD. SELinux 2 . based on the principle of least privilege. It is not a Linux distribution. but rather a set of modifications that can be applied to Unixlike operating systems.Wikipedia says: Security-Enhanced Linux (SELinux) is an implementation of mandatory access control using Linux Security Modules (LSM) in the Linux kernel.

   Top Secret is a product of Computer Associates RACF – Resource Access Control Facility RACF is the access control system used by IBM on its mainframe line of computers SELinux 3 .What is SELinux?      A kernel level MAC (Mandatory Access Control) implementation for Linux Originally commissioned and built by/for the NSA A head-ache for the uninitiated Very effective if done right  Not the usual case BTW One of three well known MAC implementations  Trusted Solaris  Mainframe “Top Secret” and RACF.

DAC: Discretionary Access Control  It’s yours. do what you will.Access Control Philosophies    MAC: Mandatory Access Control  Cannot be worked around  I own it. not you. otherwise she can’t. SELinux 4 .  Same example: “Agent” can grant access to whomever she cares.  If “Agent” has the correct Role. RBAC: Role Based Access Control  Depending on what your role is. “Agent” does not have authority to grant access to others. maybe. Only the “Owner” does.  Ex: Directory “Secret” is owned by “Agent”. she can.

Fresh files got no label. No decent interface for managing policies.     SLIDE (new tool) Building policies was a flat file hack style. SELinux 5 .    Auditing and reporting support very limited and poorly integrated in SELinux. You had to comb the system to find and label them manually.SELinux past tense. One big ugly policy. Poor scalability with SMP.

build and package policy modules separately. MultiLevel Security support enhanced and mainstreamed. Atomic labeling of new files. Major improvements in SMP scalability.Recent improvements. and support being mainstreamed into Debian. CDS Framework. Policy management API (libsemanage) Improved support for policy development: Polgen. Audit system enhanced and increasingly integrated. Loadable policy modules. SLIDE. SELinux 6 . File security labels visible for all filesystems exactly as seen by SELinux. LSPP (Labeled Security Protection Profile) . Significant reduction in kernel memory use by policy. SEEdit. and RBAC (Role Based Access Control) with SELinux coverage. updates in Hardened Gentoo. RHEL5 entered into evaluation against CAPP (Controlled Access Protection Profile).            FC4 policy now has over 120 confined domains.

Who Cares? .

flexible mandatory access control architecture based on Type Enforcement. During this transfer. The NSA and SCC then worked with the University of Utah's Flux research group to transfer the architecture to the Fluke research operating system.NSA Website SELinux 8 . the architecture was enhanced to provide better support for dynamic security policies. The NSA and SCC developed two Mach-based prototypes of the architecture: DTMach and DTOS. a mechanism first developed for the LOCK system. . This enhanced architecture was named Flask.National Security Administration Researchers in the Information Assurance Research Group of the National Security Agency (NSA) worked with Secure Computing Corporation (SCC) to develop a strong. The NSA has now integrated the Flask architecture into the Linux operating system to transfer the technology to a larger developer and user community.

Required for/on many government contracts Helps with audits  Though not necessary.What’s the point?  Primarily for Government    Systems containing certain classifications of data are required to run under a MAC solution. a MAC solution can make many of today’s corporate audits MUCH easier. SELinux 9 .

but specific to SELinux.” SELinux 10 .  Object: A resource (file.).  Contexts: Using a type.  Roles: A way to define what “types” a user can use. socket.Terminology:  Subject: A domain or process. role and identity is a “Context.  Types: A security attribute for files and other objects. directory. etc.  Identities: Like a username.

Average Gamer. SysAdmin. etc. etc. Cracker/Malicious Type SELinux 11 .How does this apply to “you”?  Let’s define “you” first:  Hobbiest/Enthusiest   Corporate systems guy   Students. Architect.

or try to hack the boxes that are running it. the only folks directly impacted by SELinux are those who manage the boxes. audit the boxes. it pretty well doesn’t. At this point.Hobbiest/Enthusiest  How it applies    Well. Indirectly: you can sleep better SELinux 12 .

An opportunity for training dollars -.  That whole “minimum privileges” thing can suck when you get into the details. A *REALLY* big help.  Compliance sucks. this stuff is a real trick!” SELinux 13 . Being able to produce the type of reporting available with SELinux is great.Corporate Systems Guy    A *REALLY* big pain. think of it as a chroot jail that you can wrap around most anything.  For systems running multiple clients or other entity types.“Hey boss.

Granted.  A new (well.Cracker/Malicious Type  Today. Very few corporate shops are running it today. just like DAC (Discretionary Access Control) or RBAC. kind of anyway) puzzle to tinker with. and has many similarities to RBAC.  Still just another control model. extremely annoying.  Not really a big deal unless they’re working against government systems. a lot tighter than DAC. SELinux 14 .

org/wiki/SELinux Heh.nsa.org/ SELinux 15 .wikipedia.Reference material:    The NSA Site: http://www.gov/selinux/ The Wikipedia reference: http://en. a “symposium”: http://selinux-symposium.