![]() SELinux implements MAC through the use of Type Enforcement (TE), Role Based Access Controls (RBAC), and Multi-Level Security (MLS). It has since been ported to a module that hooks into the Linux Security Module framework and is now included in 2.6 kernels. SELinux was originally a kernel patch developed by the NSA to add MAC to the Linux kernel. Now let’s take a brief look at some of the projects that add MAC to Linux. By one day gaining Orange Book B1-level certification, Linux can be more widely used in government. These criteria are laid out in the DOD publication “Trusted Computer System Evaluation Criteria,” otherwise known as the Orange Book (due to the color of its cover). With MAC, file and process protection is independent of owners.Īll of the above are requirements to meet the Department of Defense criteria for “trusted” operating systems. Once these policies are in place, users cannot override them, even if they have root privileges. Security policies can be set by the system owner and implemented by a system or security administrator. MAC makes the enforcement of security policies mandatory instead of discretionary, as you might imagine from the name Mandatory Access Control. If the root account, or a process that runs with its privileges, is compromised, an attacker can take control of the system and its data.Ī more secure approach would limit or even eliminate the need for a root account, and shift the power from the user accounts to the owner of the system. ![]() This super-user has the power to control all files and processes. However, the biggest concern with the Linux model is the danger presented by the root account. The owner of the system does not have total control over the system the users do. In this model, users control the data at their discretion. If a user owns a file, he is allowed to set the read, write, and execute permissions for that file. The security model used by most mainstream operating systems is based on Discretionary Access Control (DAC), which enforces security by ownership. All of these projects are open-source and licensed under the GPL. ![]() The Rule Set Based Access Control (RSBAC) project, the Linux Intrusion Detection System (LIDS), and grsecurity are other popular projects with the same goal. The most well-known of these projects is Security Enhanced Linux (SELinux), which was developed by the U.S. Fortunately, there are a few projects aiming to solve this problem by providing a more robust security model for Linux by adding Mandatory Access Control (MAC) to the kernel. Partition users into classes based on position, clearance, etc.Some in the security industry say that Linux is inherently insecure, that the way Linux enforces security decsions is fundamentally flawed, and the only way to change this is to redesign the kernel.Authorization limits for legitimate users.Encryption, sanitization, virus scanning.Split processing into small, minimally trusted stages.Ensure that data is processed as required.Limit each program to only what is required for its purpose.Prevent exploit of flaw in program from escalating privilege.Safely run code of uncertain trustworthiness.Protect against unauthorized modifications.System, application, and data integrity.Separate data based on confidentiality/integrity/purpose.This limits the ability of the system to offer protection based on the function and trustworthiness of the code, to correctly manage permissions required for execution, and to minimize the likelihood of malicious code execution. It fails to tightly control the relationship between a subject and the code it executes. MLS provides poor support for data and application integrity, separation of duty, and least privilege requirements. ![]() This traditional approach is too limiting to address many security requirements in a modern computing world. Security levels on subjects are called clearances.Security levels on objects are called classifications.Traditional MAC mechanisms have been designed to mainly prevent information leaks, and confined to a multi-level security (MLS) policy which bases its decisions on the classification of objects and the clearances of subjects.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |