SE Linux

1
SE Linux

• An Overview
• Rick Anderson
• Pat Demko

2
Origins

• NSA research
• Security enhanced Linux kernel
• Implements Mandatory Access Control policies
• RBAC
• Type Enforcement
• Multi-level security

3
How the Bomb was Dropped
January 2001 the NSA introduces a
Security-Enhanced version of the Linux 2.2
kernal. Open source code was introduced along
with designing documentation!!! THE NSA DOES NOT
DO THIS!!! Its like the Pope inviting everyone
over to his place to watch a soccer game and have
a few beers (Secure Electronics Transactions)
4
What were the goals??

• Not to be focused on just Crypto
• Incorporate Crypto with MAC policies
• Increase policy flexibilities
• Separation of enforcement from policy decisions

• They want a crypto policy that is flexible
• Just like the system security policy is.
• Crypto isnt always required, so lets be
  flexible
• Look at the security context.

5
Architecture Overview

• Not the standard, rather, it is included in the
  standard. (IBM.com)
• The Flask architecture
• Security policy is in a separate component of the
  OS
• Known as the Security Server
• Hybrid of Type Enforcement, RBAC and multilevel
  security (MLS)

6
Flask Architecture
7
Security Server

• Provides a SID only for LEGAL
• User
• Role
• Type
• MLS range
• Legal established by security policy
  configuration

8
Object Managers

• Consult SS to get an access decision
• Based on a pair of labels
• Subject and object labels
• Objects class
• Define a mechanism for assigning labels to their
  objects.
• No policy-specific logic in object managers.

9
SID Updates

• Runtime changes in security policy
• SS updates SID mapping by canceling SIDs that
  are no longer authorized
• Permanent integer SID (PSID) is put with a file
  and mapped to a security label.
• Flask labels and controls file descriptions.

10
Privileges

• When a program is executed, privileges can change
• Permissions could be removed from dangerous
  programs
• Roles, Roles, Roles!!!!

11
The Many faces of SID

• Associated with a file
• Used in creation of a file
• This is different for when file is in use!
• Lets us check the access to a files parent
  directory

• Type/Domain distinction??? NOPE
• A domain is a typebut is associated with a
  process
• So, you can separate permissions for a process

12
Roles

• Defined in the configuration
• Each process has a role associated with it
• System_r role
• User_r role

13
Summary

• Policy configuration goals
• Control raw access to data
• Protect integrity of kernel and software
• Protecting a process from running malicious code
• Confining damages
• Protect Admin role from entry without
  authentication

14
Final Remarks

• What is not expressly permitted is FORBIDDEN!!
• Exactly what we want in a security system- No
  Gray areas

15
Sources

• http//www.nsa.gov/selinux
• http//www-128.ibm.com/developerworks/library/s-se
  linux
• http//www-128.ibm.com/developerworks/library/s-se
  linux2