Back to Contents

SELinux



Context

  • Cyber Security is all about managing risk

  • Five principles of Security:

    1. Know Your System
    2. Principle of least Privilage -- dont give more privilage than required --> SELinux
    3. Defence in Depth -- built multiple defences
    4. Protection is key but detection is must
    5. Know your enemy -- cover all cases
  • Most OS use what is called Discretionary Access Control (DAC) to control how process interact with files and the wat processes interact with each other

  • On OS using DAC, users control the permissions of the files they own

  • The kernel enforces access control decisions based on these security properties

  • Ordinary security policy is too simplistic and there is no way to enforce least privilage

  • SELinux adds Mandatory Access Control (MAC) to the Linux Kernel

  • A general purpose MAC architecture needs the ability to enforce an administratively-set security policy over all process and files in the system, basing decisions on labels containing a variety of security-relevent information


MAC vs DAC

  • In a DAC model, file and resources decisions are base solely on user identity and ownership of the objects

  • Each user and program run by that user has complete discretion over the user's objects

  • Malicious, flawed, or misconfiguration software can do anything with the files and resources it controls through th euser that started the process.

  • If the iser is super user or the application is setgid or setuid to root, process can have root level control over the entire file system.

  • A MAC system does not suffer rom these problems. The Security Manager can admisitratively define a security policy over all processes and objects.

  • Interactions among processes, objects and other processes is controlled through the kernel security module

  • Decisions by the kernel security module are based on all the security relevent information available from the policy, and not just authenticated user identity.

  • MAC allows you to provide granular permissions for all users, programs , processes files, directories, devices, socket, ports, fifo, etc.


SELinux

  • All processes and files are labelled with a type. A type defines a domain for processes, and a label for files.

  • Running in their own domanis sperates processes from each other, and SELinux policy rules define how processes interact with files, as well as how processes interact with each other.

  • Access is only allow if a SELinux policy rule exists that specifically allows it.

  • SELinux implements fine-grained access control

  • SELinux policy is not set at user descreation but rather is administratively-fixed and enforced system-wide.

  • SELinux as four forms of access control:

    1. Targetted Enforcement (TE)
    2. Strict
    3. Role-Based Access Control (RBAC)
    4. Multi-Level Security (MLS)
  • SELinux is not:

    • A replacemnet for passwords, firewalls, or other security systems
    • Antivirus softwrae
    • An al-in-one security solution
  • SELinus is all about Labeling.

  • Everything in SELinux revolves around the security Context.

  • In SELinux parlance, processes are called subjects, and files, directories, sockets, FIFO, etc. are called objects.

  • Every subject (process) and object (file on the computer) has a security context associated with it.

  • This context has different names depending on what it is attached to. Its called a file context if it is attached to a file; if it is attached to a process, it is called a domain.

Security Context
  • 3 or 4 components seperated by ":"

  • Most discussions of security context start at the left and work towards right.

  • The fields in the security context are:

    • user:role:type:level
  • e.g. system_u:object_r:net_conf_t:s0

    • Levels -> s0 - s15 or c0 to c1023. This feature is only used if sandbox is used.
    • Type -> label
    • Role -> Object
    • user -> System User
  • -Z

    • -Z option with linux command to look at process security context
    • ls -Z
    • ps -efZ
    • id -Z
  • One of the powerful feature of SELinus ia that applictions do not need to be aware of SELinux




Back to Contents