SELinux

Wikipedia says:
Security-Enhanced Linux (SELinux) is an
implementation of mandatory access
control using Linux Security Modules
(LSM) in the Linux kernel, based on the
principle of least privilege. It is not a
Linux distribution, but rather a set of
modifications that can be applied to Unixlike operating systems, such as Linux and
BSD.

SELinux

What is SELinux?

A kernel level MAC (Mandatory Access Control) implementation for Linux

Originally commissioned and built by/for the NSA
A head-ache for the uninitiated
Very effective if done right
Not the usual case BTW
One of three well known MAC implementations
Trusted Solaris
Mainframe Top Secret and RACF.

Top Secret is a product of Computer Associates

RACF Resource Access Control Facility

RACF is the access control system used by IBM on its mainframe line of computers

SELinux

Access Control Philosophies

MAC: Mandatory Access Control

Cannot be worked around
I own it, not you.
Ex: Directory Secret is owned by Agent. Agent does not have
authority to grant access to others. Only the Owner does.
DAC: Discretionary Access Control
Its yours, do what you will.
Same example: Agent can grant access to whomever she cares.
RBAC: Role Based Access Control
Depending on what your role is, maybe.
If Agent has the correct Role, she can, otherwise she cant.

SELinux

SELinux past tense.

Auditing and reporting support very limited and poorly

integrated in SELinux.
One big ugly policy.
No decent interface for managing policies.

SLIDE (new tool)

Building policies was a flat file hack style.

Fresh files got no label. You had to comb the system to find and
label them manually.
Poor scalability with SMP.

SELinux

Recent improvements.

FC4 policy now has over 120 confined domains, updates in Hardened Gentoo, and
support being mainstreamed into Debian.
MultiLevel Security support enhanced and mainstreamed.
Audit system enhanced and increasingly integrated.
RHEL5 entered into evaluation against CAPP (Controlled Access Protection Profile),
LSPP (Labeled Security Protection Profile) , and RBAC (Role Based Access Control)
with SELinux coverage.
Loadable policy modules, build and package policy modules separately.
Policy management API (libsemanage)
Improved support for policy development: Polgen, SEEdit, SLIDE, CDS Framework.
Atomic labeling of new files.
File security labels visible for all filesystems exactly as seen by SELinux.
Major improvements in SMP scalability.
Significant reduction in kernel memory use by policy.

SELinux

Who Cares?

National Security Administration

Researchers in the Information Assurance Research Group of the National Security
Agency (NSA) worked with Secure Computing Corporation (SCC) to develop a
strong, flexible mandatory access control architecture based on Type Enforcement,
a mechanism first developed for the LOCK system. The NSA and SCC developed
two Mach-based prototypes of the architecture: DTMach and DTOS. The NSA and
SCC then worked with the University of Utah's Flux research group to transfer the
architecture to the Fluke research operating system. During this transfer, the
architecture was enhanced to provide better support for dynamic security policies.
This enhanced architecture was named Flask. The NSA has now integrated the
Flask architecture into the Linux operating system to transfer the technology to a
larger developer and user community.
- NSA Website

SELinux

Whats the point?

Primarily for Government

Systems containing certain classifications of data are

required to run under a MAC solution.
Required for/on many government contracts

Helps with audits

Though not necessary, a MAC solution can make many of

todays corporate audits MUCH easier.

SELinux

Terminology:

Subject: A domain or process.

Object: A resource (file, directory, socket, etc.).

Types: A security attribute for files and other objects.

Roles: A way to define what types a user can use.

Identities: Like a username, but specific to SELinux.

Contexts: Using a type, role and identity is a Context.

SELinux

10

How does this apply to you?

Lets define you first:

Hobbiest/Enthusiest

Corporate systems guy

Students, Average Gamer, etc.

SysAdmin, Architect, etc.

Cracker/Malicious Type

SELinux

11

Hobbiest/Enthusiest

How it applies

Well, it pretty well doesnt.

At this point, the only folks directly impacted by SELinux
are those who manage the boxes, audit the boxes, or try to
hack the boxes that are running it.

Indirectly: you can sleep better

SELinux

12

Corporate Systems Guy

A *REALLY* big pain.

That whole minimum privileges thing can suck when you
get into the details.
A *REALLY* big help.
Compliance sucks. Being able to produce the type of
reporting available with SELinux is great.
For systems running multiple clients or other entity types,
think of it as a chroot jail that you can wrap around most
anything.
An opportunity for training dollars -- Hey boss, this stuff is a
real trick!
SELinux

13

Cracker/Malicious Type

Today, extremely annoying.

A new (well, kind of anyway) puzzle to tinker with.

Not really a big deal unless theyre working against government systems.
Very few corporate shops are running it today.

Still just another control model, just like DAC (Discretionary Access
Control) or RBAC. Granted, a lot tighter than DAC, and has many
similarities to RBAC.

SELinux

14

Reference material:

The NSA Site:

http://www.nsa.gov/selinux/
The Wikipedia reference:
http://en.wikipedia.org/wiki/SELinux
Heh, a symposium:
http://selinux-symposium.org/

SELinux

15