1 / 16

SECURITY ENHANCED LINUX

SECURITY ENHANCED LINUX. JENNIS SHRESTHA CSC 345 April 22, 2014. Contents. Introduction History Flux Advanced Security Kernel Mandatory Access Control Policies MAC Vs DAC Features Distribution Conclusion. Introduction.

lynda
Télécharger la présentation

SECURITY ENHANCED LINUX

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. SECURITY ENHANCED LINUX JENNIS SHRESTHA CSC 345 April 22, 2014

  2. Contents • Introduction • History • Flux Advanced Security Kernel • Mandatory Access Control Policies • MAC Vs DAC • Features • Distribution • Conclusion

  3. Introduction • Security-Enhanced Linux(SELinux) is a Linux kernel security module that provides the mechanism for supporting access control security policies including United States Department of Defense style mandatory access controls (MAC). • Implements Flux Advanced Security Kernel to bring MAC into use in Linux.

  4. History • Original primary Developer – The United States National Security Agency • First version released on Dec 22, 2000 • Significant Contributors – Network Associates, Red Hat, Secure Computing Corporation, Tresys Technology and Trusted Computer Solutions

  5. Flux Advanced Security Kernel • Developed for Mach microkernel by NSA, the University of Utah and Secure Computing Corporation. • Operating system security architecture that provides flexible support for security policies. • Open Solaris FMAC, TrustedBSD, NSA's SE Linux.

  6. FLASK Mechanism • Provides flexibility and co-ordinate subsystems • Makes security decisions • Evaluates requirements to take decisions • Monitors decisions over time

  7. FLASK Mechanism • Architecture provides interface for retrieving access, labeling and polyinstantiation. • Access Vector Cache module allows object manger to cache access decisions to minimize overhead time. • Architecture provides object manager to register changes security policies.

  8. Mandatory Access Control Policies • Administrator can control and define users’ access to resources. • Users cannot modify or change the permissions and access rights. • Can be used to protect network, block ports and sockets.

  9. MAC Mehanism

  10. MAC Vs DAC

  11. MAC Vs DAC • In DAC, security policies enforced can be easily overridden • Depends on ownership of the object and subject identity. • Many hacking issues.

  12. Features • Enforces clean separation of policy • Independent of specific security label formats and contents • Increased efficiency because of caching of access decisions • Initialization, inheritance and program execution can be controlled • File systems, directories, files, and open file description can be controlled

  13. Distribution • Fedora Core 2 • Debi an • Gentoo • SuSe • SE-BSD • SE-MACH

  14. Conclusion • More secure operating system • Helps administrator to control over resource access • Open source allows system to improve rapidly. • Digitized materials are in safe hands.

  15. References • Ray Spencer, Stephen Smalley,, Peter Loscocco, Mike Hibler, David Andersen, and , Jay Lepreau. "The Flask Security Architecture: System Support for Diverse Security Policies." N.p., n.d. Web. • "Frequently Asked Questions." SELinux Frequently Asked Questions (FAQ). N.p., n.d. Web. 23 Apr. 2014. <http://www.nsa.gov/research/selinux/faqs.shtml#I2>. • "Security Enhanced Linux." Security-Enhanced Linux. N.p., n.d. Web. 23 Apr. 2014. <http://www.nsa.gov/research/selinux/>. • "NB TE." - SELinux Wiki. N.p., n.d. Web. 23 Apr. 2014. <http://selinuxproject.org/page/NB_TE>. • "16.3. Explanation of MAC." 16.3. Explanation of MAC. N.p., n.d. Web. 23 Apr. 2014. <http://www5.us.freebsd.org/doc/handbook/mac-initial.html>. • "Mandatory Access Control." What Is ? N.p., n.d. Web. 23 Apr. 2014. <http://www.webopedia.com/TERM/M/Mandatory_Access_Control.html> • "Security-Enhanced Linux." Wikipedia. Wikimedia Foundation, 23 Apr. 2014. Web. 23 Apr. 2014. <http://en.wikipedia.org/wiki/Security-Enhanced_Linux>.

More Related