JennisShrestha_TermPaper_SE Linux

advertisement
JENNIS SHRESTHA
CSC 345
TERM PAPER
April 24, 2014
SECURITY ENHANCED LINUX
INTRODUCTION
In the world today, technologies are being developed every day. Be it a simple electronic
device or a huge rocket, they are all controlled by a software. Among many operating system
found in market, Linux has been considered as one of the finest, efficient and reliable operating
system. It is based on Unix-like and POSIX-complaint computer operating system. Since, it is a
free and open source software development and distribution, the use of Linux has been rocketing
as it can be made fit into any system with little bit of change in variant depending on the system. As
of June 2013, 95% of the world super computers are operated by Linux. However, the growing use
of Linux on high profile projects such as national securities, banks and hospitals, it has invited
numerous threats such as hacking. To stop the malicious attempts of hacking and to protect the
systems, the United States National Security Agency (NSA) has been continually working to
develop security on the operating systems. The birth of Security Enhanced Linux was possible
after lots of efforts by the NSA's National Information Assurance Research Laboratory.
According to NSA Security Enhanced Team, "NSA Security-enhanced Linux is a set of
patches to the Linux kernel and some utilities to incorporate a strong, flexible mandatory access
control (MAC) architecture into the major subsystems of the kernel. It provides an enhanced
mechanism to enforce the separation of information based on confidentiality and integrity
requirements, which allows threats of tampering and bypassing of application security
mechanisms to be addressed and enables the confinement of damage that can be caused by
malicious or flawed applications. It includes a set of sample security policy configuration files
designed to meet common, general-purpose security goals."
FLASK
Security Enhanced Linux implements Flux Advanced Security Kernel (FLASK). FLASK
is security architecture design for an operating systems that is very flexible, powerful and secure
that provide numerous utilities designs to bring Mandatory Access Control in use in Linux. The
project was first developed for Mach microkernel in collaboration of National Security Agency,
the University of Utah, and the Secure Computing Corporation. It provided a secure platform and
framework for operating system. Since, Linux was getting popular, the project was shifted towards
Linux. Open Solaris FMAC, TrustedBSD, NSA's SE Linux are some examples of FLASK
systems.
Mechanism of FLASK in SE Linux
FLASK architecture provides flexibility and co-ordinate subsystems to work consistently
to enforce and make security decisions, and the components required to complete the task within
each subsystem. The decisions are also monitored on course of time as the decisions may need to
be changed over time. Moreover, it also provides support for application transparency,
defense-in-depth, ease of assurance, and minimal performance impact.
As shown in the figure 1 below, FLASK engages object manager and provides platform to
retrieve access, labeling and polyinstantiation decisions from a security server. Then, the status of
the permission between two entities is specified by the access decision that is typically between
subject and object.
Figure 1: FLASK Architecture
Labeling handles the security attributes to be written to object. Polyinstantiation specify which
member of the polyinstantiated set to be called for particular request. After that, Access Vector
Cache helps object manager to reduce the performance overhead. Lastly, object manger are also
provided permissions to register to get notifications of changes in security policies.
Mandatory Control Access Policies
Many versions of Linux that are integrated with FLASK enforces Mandatory Access Control
(MAC). Systems integrated with Mandatory Access Control provides administrators to control
and define the users' access and usage policies. Once the policies are enforced by the
administrator, a user cannot modify or change the permissions and control structures that have
been implemented. MAC also provide authorities to administrators to limit resources for particular
user. For example, an administrator can set permissions of criteria such as read, write, access into
the file including which users can use it and which users cannot use it. These are not only the
attributes that can be changed to apply securities, there are many more such as; it can be used to
protect network, block users to access anything or even block ports and sockets for security. On
top of these, MAC also provides functions to choose specific configuration settings to increase
performance and reduce the overhead time. The specific configuration settings include selection of
the priority policies and reduction of support for less priority policies.
Why Mandatory Access Control Over Discretionary Access Control in SE Linux?
Figure 2 MAC Vs DAC
We can have a complete idea looking at this figure 2. In Discretionary Access Control, the
security policy enforced by the administrator can be easily override from loop holes. Moreover,
after gaining access to the system, they can change the entire system policies as preference were
given to ownership of the object and subject identity. Many hacking issues were being created as
there was no protection against broken software and malwares could not be blocked due its
ownership right. Whereas in Mandatory Access Control System, different parts of the programs
have different policies which cannot be changed on the breach of other policies. The administrator
have full control over system and security against broken software and malwares are implemented.
Implementation of security policies
Security policies implemented on the system to enforce many kinds of mandatory access
control are as follows:
i.
Type Enforcement
Mandatory Access Control priority is given over Discretionary Access Control. In
type enforcement process, the subject (process) accessing objects (files, records) is given
access clearance first.
ii.
Role Based Access Control
Role based security provides approach to handle companies that have many
employees where the authorized users are restricted to complete system access. This type
of access control can have both MAC and DAC implementations.
iii.
Multilevel Security
Multilevel Security is advanced security system among the two. It provides
different security levels to different users based on their level to access system resource.
For example, a clerk has lower limit of authorization than the manager.
Features
Security Enhanced Linux provides all the features provided by an ordinary Linux.
Moreover, there are many distinct features provided to enhance security that are not provided by
an ordinary Linux. They are:
i.
Enforces clean separation of policy
ii.
Interfaces are well defined
iii.
Every policies are independent of specific policies and policy languages
iv.
Independent of specific security label formats and contents
v.
Kernel objects and services are provided with individual labels and controls
vi.
Increased efficiency because of caching of access decisions
vii.
Support for policy changes
viii.
Initialization, inheritance and program execution can be controlled
ix.
File systems, directories, files, and open file description can be controlled
x.
Sockets, messages and networking interfaces can also be controlled
Conclusion
Security Enhanced Linux is the most required operating system in today's world. Security
and privacy have been real concerns due to increasing digitized materials. It can provide much
needed security to the systems that needs to be confidential. Malicious efforts from hackers would
also be in control with more use of security enhanced linux. Moreover, open source system allows
the system to improve rapidly over short period of time.
References:
Ray Spencer, Stephen Smalley,, Peter Loscocco, Mike Hibler, David Andersen, and , Jay Lepreau.
"The Flask Security Architecture: System Support for Diverse Security Policies." N.p., n.d. Web.
"Frequently Asked Questions." SELinux Frequently Asked Questions (FAQ). N.p., n.d. Web. 23
Apr. 2014. <http://www.nsa.gov/research/selinux/faqs.shtml#I2>.
"Security Enhanced Linux." Security-Enhanced Linux. N.p., n.d. Web. 23 Apr. 2014.
<http://www.nsa.gov/research/selinux/>.
"NB TE." - SELinux Wiki. N.p., n.d. Web. 23 Apr. 2014.
<http://selinuxproject.org/page/NB_TE>.
"16.3. Explanation of MAC." 16.3. Explanation of MAC. N.p., n.d. Web. 23 Apr. 2014.
<http://www5.us.freebsd.org/doc/handbook/mac-initial.html>.
"Mandatory Access Control." What Is ? N.p., n.d. Web. 23 Apr. 2014.
<http://www.webopedia.com/TERM/M/Mandatory_Access_Control.html>
"Security-Enhanced Linux." Wikipedia. Wikimedia Foundation, 23 Apr. 2014. Web. 23 Apr.
2014. <http://en.wikipedia.org/wiki/Security-Enhanced_Linux>.
Download