资源描述
Click to edit the title text format,Click to edit the outline text format,Second Outline Level,Third Outline Level,Fourth Outline Level,Fifth Outline Level,Sixth Outline Level,Seventh Outline Level,Eighth Outline Level,Ninth Outline Level,Security-Enhanced Linux,Eric Harney,CPSC 481,What is SELinux?,Developed by NSA,Released in 2000,Adds additional security capabilities to Linux,Maintains compatibility with existing software,“Designed to enforce separation of information based on confidentiality and integrity requirements.,Open source,GPL,Mandatory Access Control,Exists on top of traditional Unix DAC,Administrator defines a policy,Kernel enforces this policy,Doesnt trust the application,Doesnt trust the user,Role-Based Access Control,Users are assigned to one or more roles,Roles indicate which type domains a user may access,Similar to traditional Unix uid,Used to separate privileges,Each daemon may have its own role,Example roles include system_r,sysadm_r,user_r,Role transitions must be defined,Type Enforcement,Types are assigned to files,Designate categories of files,Web server,Database server,Mail server,Regular users,Stored in the file system,Types are assigned to processes as domains,Domains are closely related to types,Principle of Least Privilege,Reduces the power of the root account,Process running as root is still restricted,Services cannot access each others data,Compromising one service only allows access or damage to its own data,Policies,A policy is a set of rules which specifies allowable behavior,Strict versus targeted,Enumerating good versus bad behavior,No“default permit,Defines,Types for file objects,Domains for processes,Roles,User identities,Highly configurable with booleans,Example Policy Statements,Type enforcement,allow sshd_t sshd_exec_t:file read execute entrypoint;,allow sshd_t sshd_tmp_t:file create read write getattr setattr link unlink rename;,allow sshd_t user_t:process transition;,Role definitions,role system_r types kernel_t initrc_t getty_t klogd_t;,role user_r types user_t user_netscape_t;,role sysadm_r types sysadm_t run_init_t;,Benefits of SELinux,Helps prevent damage from unknown or unpatched exploits,Provides fine-grained access control to all parts of system,Allows a customized level of security,Example Attack,Apache web server running as root with d_t,Malicious user causes a buffer overflow in Apache and executes arbitrary code,User directs Apache to fetch/etc/shadow and serve it to the web client,File read passes DAC,but/etc/shadow is assigned type shadow_t,Apaches d_t role has no access to shadow_t domain access denied,Possible Attacks,Kernel protection is not substantially increased,A buffer overflow in kernel space could still be disastrous,An attacker compromising your login credentials still means game over,SELinux policies are complex-an incorrectly written policy also means game over,Availability,Included in standard mainline Linux kernel,Only well supported by some distributions,Red Hat Enterprise Linux,Fedora,Gentoo(Hardened Gentoo),Will be evaluated for Common Criteria compliance in the future,
展开阅读全文