Abstract image of a woman sitting on books and studying on a laptop

Directions in SELinux Networking

J
James Morris

The document discusses directions for improving SELinux networking capabilities. It outlines ideas such as using Netfilter/iptables for IP packet controls instead of the current implementation, leveraging IPsec to label security associations rather than individual packets, extending SELinux policy to the distributed environment, and developing mechanisms for distributing and synchronizing policy across security realms. Long term trends toward high assurance distributed computing are also noted.

TechnologyNews & Politics
1 of 15
Downloaded 23 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
Directions in SELinux Networking Linux Kernel Networking Summit Montréal, Canada July 2005 James Morris <jmorris@redhat.com>
SELinux ● SELinux provides fine­grained, flexible MAC. ● Subjects and objects are labeled with security  contexts, policy determines interactions. ● Type Enforcement (TE) model provides an  expressive abstraction of security classes and  their interactions.
Current Status ● SELinux provides broad coverage across the  kernel (140 hooks). ● All socketcalls are mediated, provides high level  control over local networking. ● Protocol specific controls for Netlink, Unix, some  IP (name_bind, name_connect, rudimentary  packet filter).
Networking Directions ● Performance of IP network controls needs to be  improved. ● Hit by per­packet lookups for security context of  port and IP addresses. ● IBM did some work on an RCU cache, needs  further investigation. ● May be replacing IP packet hooks anyway.
Netfilter/iptables ● Possibly replace existing IP packet controls with  Netfilter/iptables integration (selipt). ● More flexible & expressive, makes use of  conntrack, matches, targets etc. ● Need receiving socket: current code uses  ipt_owner patch. ● Better to use socket hook work from Patrick  McHardy.
Distributed MAC ● MAC is currently limited to the local machine. ● Historically used with Multi­Level Security  (MLS). ● Typically, each packet is labeled via IP options  (CIPSO, FIPS­188). ● Selopt implemented, dropped for upstream  merge.
Leveraging IPsec ● Trent Jaeger's implicit labeling work (IBM). ● Label SAs instead of packets. ● Draws on previous Flask work. ● Not MLS or even SELinux specific. ● Utilizes IPsec services: confidentiality;  authentication; negotiation; automation.
Leveraging IPsec II ● Hooks into xfrm subsystem. ● IPsec policies are labeled: only authorized  policies may be used, controlled via SELinux. ● SA labels must match (existing SA or triggered  negotiation with IKE). ● Matching packets considered labeled. ● Policy for unlabeled packets (e.g. ISAKMP).
Leveraging IPsec III ● Useful for MLS networking, suitable for LSPP  (B1) and beyond. ● Not compatible with IP options schemes. ● More generally useful for extending SELinux  across the network. ● Control communication between processes on  different systems.
Networked Filesystems ● NSA developed support for NFSv3. ● Future is NFSv4 with named attributes. ● SMB desired by some parties. ● Cluster Filesystems (some OCFS2 work).
Remote Attestation ● Use of TPM and associated hardware to  cryptographically verify system from boot. ● IBM Integrity Measurement Architecture (IMA). ● Requires protocol which queries TPM with  nonce; TPM signs measurement list and nonce. ● SELinux policy could be used to require that the  remote system is attested before some other  communication.
Cryptographic Policy ● SELinux policy could be extended to express  more general cryptographic policy. ● e.g. foo_t file must be stored with X encryption,  and only transmitted by local admin_t to remote  admin_t on trusted hosts with Y encryption and Z  authentication on the wire. ● May also require use of specific crypto device or  software.
Distributed Policy ● Mechanism for distributing and synchronizing  policy within a security realm may be useful  when using distributed MAC.
Longer Term ● General trend toward increasingly high assurance  distributed computing. ● Inter­realm communication.  Establishing trust  between different “domains of interpretation” is  very difficult. ● SE aware firewalling, complicated by Ipsec.
Resources ● SELinux Enhanced IPTables http://people.redhat.com/jmorris/selinux/selipt/ ● “Architecture of SELinux Network Access Controls” http://www.selinux­symposium.org/2005/presentations/session2/2­2­morris.pdf ● “Leveraging IPSec for network access control for SELinux” http://www.selinux­symposium.org/2005/presentations/session2/2­3­jaeger.pdf ● Full IBM research report on the above (and more generalized). Not yet published ● Ajaya Chitturi's Flask Thesis http://www.cs.utah.edu/flux/papers/ajay­thesis­abs.html

More Related Content

PDF
How Many Linux Security Layers Are Enough?
Michael Boelen
 
PDF
Have You Driven an SELinux Lately? - An Update on the SELinux Project - OLS ...
James Morris
 
PDF
Adding Extended Attribute Support to NFS
James Morris
 
PDF
Linux Kernel Security Overview - KCA 2009
James Morris
 
PDF
Linux Kernel Security: Adapting 1960s Technology to Meet 21st Century Threats
James Morris
 
PDF
Secure and Simple Sandboxing in SELinux
James Morris
 
PDF
Kernel Recipes 2013 - Linux Security Modules: different formal concepts
Anne Nicolas
 
PDF
Mandatory Access Control Networking Update - Netonf 2006 Tokyo
James Morris
 
How Many Linux Security Layers Are Enough?
Michael Boelen
 
Have You Driven an SELinux Lately? - An Update on the SELinux Project - OLS ...
James Morris
 
Adding Extended Attribute Support to NFS
James Morris
 
Linux Kernel Security Overview - KCA 2009
James Morris
 
Linux Kernel Security: Adapting 1960s Technology to Meet 21st Century Threats
James Morris
 
Secure and Simple Sandboxing in SELinux
James Morris
 
Kernel Recipes 2013 - Linux Security Modules: different formal concepts
Anne Nicolas
 
Mandatory Access Control Networking Update - Netonf 2006 Tokyo
James Morris
 

What's hot (20)

PPTX
Linux Security Overview
Kernel TLV
 
PPT
Threats, Vulnerabilities & Security measures in Linux
Amitesh Bharti
 
PDF
2009-08-11 IBM Teach the Teachers (IBM T3), Linux Security Overview
Shawn Wells
 
PPT
Linux Security
nayakslideshare
 
PPT
Security and Linux Security
Rizky Ariestiyansyah
 
PPTX
Linux security
trilokchandra prakash
 
PPT
Basic Linux Security
pankaj009
 
PPT
Linux Operating System Vulnerabilities
Information Technology
 
PDF
Security of Linux containers in the cloud
Dobrica Pavlinušić
 
PDF
XPDS16: XSM-Flask, current limitations and Ongoing work. - Anshul Makkar, Ct...
The Linux Foundation
 
PPTX
File System Implementation & Linux Security
Geo Marian
 
PDF
Futex Scaling for Multi-core Systems
Davidlohr Bueso
 
ODP
Introduction To Linux Security
Michael Boman
 
ODP
Security, Hack1ng and Hardening on Linux - an Overview
Kaiwan Billimoria
 
ODP
Linux Network Security
Amr Ali
 
PDF
SELinux basics
Lubomir Rintel
 
PDF
Linux Security, from Concept to Tooling
Michael Boelen
 
PPT
Introduction To SELinux
Rene Cunningham
 
PPT
Unix Security
replay21
 
ODP
SELinux Basic Usage
Dmytro Minochkin
 
Linux Security Overview
Kernel TLV
 
Threats, Vulnerabilities & Security measures in Linux
Amitesh Bharti
 
2009-08-11 IBM Teach the Teachers (IBM T3), Linux Security Overview
Shawn Wells
 
Linux Security
nayakslideshare
 
Security and Linux Security
Rizky Ariestiyansyah
 
Linux security
trilokchandra prakash
 
Basic Linux Security
pankaj009
 
Linux Operating System Vulnerabilities
Information Technology
 
Security of Linux containers in the cloud
Dobrica Pavlinušić
 
XPDS16: XSM-Flask, current limitations and Ongoing work. - Anshul Makkar, Ct...
The Linux Foundation
 
File System Implementation & Linux Security
Geo Marian
 
Futex Scaling for Multi-core Systems
Davidlohr Bueso
 
Introduction To Linux Security
Michael Boman
 
Security, Hack1ng and Hardening on Linux - an Overview
Kaiwan Billimoria
 
Linux Network Security
Amr Ali
 
SELinux basics
Lubomir Rintel
 
Linux Security, from Concept to Tooling
Michael Boelen
 
Introduction To SELinux
Rene Cunningham
 
Unix Security
replay21
 
SELinux Basic Usage
Dmytro Minochkin
 
Ad

Similar to Directions in SELinux Networking (20)

PDF
The State of Security Enhanced Linux - FOSS.IN/2007
James Morris
 
PDF
2008-03-06 Harris Corp Security Seminar
Shawn Wells
 
PDF
Overview of NSA Security Enhanced Linux - FOSS.IN/2005
James Morris
 
PDF
SELinux Project Overview - Linux Foundation Japan Symposium 2008
James Morris
 
PDF
Se linux course1
OWASP (Open Web Application Security Project)
 
PDF
2008-09-09 IBM Interaction Conference, Red Hat Update for System z
Shawn Wells
 
PPT
Operating System Fingerprinting Prevention
dcalhoun1984
 
PDF
SELinux Johannesburg Linux User Group (JoziJUg)
Jumping Bean
 
PDF
Remote security with Red Hat Enterprise Linux
Giuseppe Paterno'
 
PDF
Flask: Flux Advanced Security Kernel
Luis Espinal
 
PDF
Infrastructure Security
UTD Computer Security Group
 
PDF
2008-01-22 Red Hat (Security) Roadmap Presentation
Shawn Wells
 
PPTX
Linux 开源操作系统发展新趋势
Anthony Wong
 
PDF
Your First Guide to "secure Linux"
Toshiharu Harada, Ph.D
 
PPT
Chapter 11
cclay3
 
PDF
DOST: Ceph in a security critical OpenStack cloud
Danny Al-Gaaf
 
PPT
Firewall
ਇਹ ਵੀ ਕੋਈ ਕੰਮ ਕਰਨ ਦੀ ਉਮਰ ਆ ਕਾਕਾ ਤਾ ਅਜੇ ਪੜਦਾ ਆ
 
PDF
unit 2 confinement techniques.pdf
RohitGautam261127
 
PDF
SELinux Kernel Internals and Architecture - FOSS.IN/2005
James Morris
 
PDF
Dssh @ Confidence, Prague 2010
Juraj Bednar
 
The State of Security Enhanced Linux - FOSS.IN/2007
James Morris
 
2008-03-06 Harris Corp Security Seminar
Shawn Wells
 
Overview of NSA Security Enhanced Linux - FOSS.IN/2005
James Morris
 
SELinux Project Overview - Linux Foundation Japan Symposium 2008
James Morris
 
Se linux course1
OWASP (Open Web Application Security Project)
 
2008-09-09 IBM Interaction Conference, Red Hat Update for System z
Shawn Wells
 
Operating System Fingerprinting Prevention
dcalhoun1984
 
SELinux Johannesburg Linux User Group (JoziJUg)
Jumping Bean
 
Remote security with Red Hat Enterprise Linux
Giuseppe Paterno'
 
Flask: Flux Advanced Security Kernel
Luis Espinal
 
Infrastructure Security
UTD Computer Security Group
 
2008-01-22 Red Hat (Security) Roadmap Presentation
Shawn Wells
 
Linux 开源操作系统发展新趋势
Anthony Wong
 
Your First Guide to "secure Linux"
Toshiharu Harada, Ph.D
 
Chapter 11
cclay3
 
DOST: Ceph in a security critical OpenStack cloud
Danny Al-Gaaf
 
Firewall
ਇਹ ਵੀ ਕੋਈ ਕੰਮ ਕਰਨ ਦੀ ਉਮਰ ਆ ਕਾਕਾ ਤਾ ਅਜੇ ਪੜਦਾ ਆ
 
unit 2 confinement techniques.pdf
RohitGautam261127
 
SELinux Kernel Internals and Architecture - FOSS.IN/2005
James Morris
 
Dssh @ Confidence, Prague 2010
Juraj Bednar
 
Ad

More from James Morris (7)

PDF
sVirt: Hardening Linux Virtualization with Mandatory Access Control
James Morris
 
PDF
OLPC Networking Overview
James Morris
 
PDF
Cryptographic Hardware Support for the Linux Kernel - Netconf 2004
James Morris
 
PDF
Kernel Security for 2.8 - Kernel Summit 2004
James Morris
 
PDF
Better IPSec Security Association Resolution - Netconf 2006 Tokyo
James Morris
 
PDF
How and Why You Should Become a Kernel Hacker - FOSS.IN/2007
James Morris
 
PDF
Anatomy of Fedora Kiosk Mode (FOSS.MY/2008)
James Morris
 
sVirt: Hardening Linux Virtualization with Mandatory Access Control
James Morris
 
OLPC Networking Overview
James Morris
 
Cryptographic Hardware Support for the Linux Kernel - Netconf 2004
James Morris
 
Kernel Security for 2.8 - Kernel Summit 2004
James Morris
 
Better IPSec Security Association Resolution - Netconf 2006 Tokyo
James Morris
 
How and Why You Should Become a Kernel Hacker - FOSS.IN/2007
James Morris
 
Anatomy of Fedora Kiosk Mode (FOSS.MY/2008)
James Morris
 

Recently uploaded (20)

PPTX
Chapter 5: Probability Theory and Statistics
RandyFin
 
PPT
Geologic Time for studying geology for geologist
ssuser738f5a
 
PPTX
MicrosoftCybserSecurityReferenceArchitecture-April-2025.pptx
SilvioHayashi
 
PPTX
Web Crawler for Trend Tracking Gen Z Insights.pptx
Actowiz Solustions
 
PPTX
Benefits of Physical activity for teenagers.pptx
Nokwanda Thabethe
 
PDF
ENT215_Completing-a-large-scale-migration-and-modernization-with-AWS.pdf
ssuser28425f
 
PDF
Unlock new opportunities with location data.pdf
Precisely
 
PDF
NewMind AI Weekly Chronicles – August ’25 Week III
NewMind AI
 
PDF
Taming the Chaos: How to Turn Unstructured Data into Decisions
Safe Software
 
PDF
Five Habits of High-Impact Board Members
OnBoard
 
PDF
Enhancing emotion recognition model for a student engagement use case through...
IAESIJAI
 
PPT
What is a Computer? Input Devices /output devices
GulJan8
 
PPTX
Modernising the Digital Integration Hub
Daniel Toomey
 
PDF
Zenith AI: Advanced Artificial Intelligence
Biz Preneurs
 
PPTX
O2C Customer Invoices to Receipt V15A.pptx
ssuserbfa915
 
PDF
How ambidextrous entrepreneurial leaders react to the artificial intelligence...
IAESIJAI
 
PDF
Video forgery: An extensive analysis of inter-and intra-frame manipulation al...
IAESIJAI
 
PDF
Developing a website for English-speaking practice to English as a foreign la...
IAESIJAI
 
PDF
Getting Started with Data Integration: FME Form 101
Safe Software
 
PDF
Microsoft Solutions Partner Drive Digital Transformation with D365.pdf
Microsoft Dynamics
 
Chapter 5: Probability Theory and Statistics
RandyFin
 
Geologic Time for studying geology for geologist
ssuser738f5a
 
MicrosoftCybserSecurityReferenceArchitecture-April-2025.pptx
SilvioHayashi
 
Web Crawler for Trend Tracking Gen Z Insights.pptx
Actowiz Solustions
 
Benefits of Physical activity for teenagers.pptx
Nokwanda Thabethe
 
ENT215_Completing-a-large-scale-migration-and-modernization-with-AWS.pdf
ssuser28425f
 
Unlock new opportunities with location data.pdf
Precisely
 
NewMind AI Weekly Chronicles – August ’25 Week III
NewMind AI
 
Taming the Chaos: How to Turn Unstructured Data into Decisions
Safe Software
 
Five Habits of High-Impact Board Members
OnBoard
 
Enhancing emotion recognition model for a student engagement use case through...
IAESIJAI
 
What is a Computer? Input Devices /output devices
GulJan8
 
Modernising the Digital Integration Hub
Daniel Toomey
 
Zenith AI: Advanced Artificial Intelligence
Biz Preneurs
 
O2C Customer Invoices to Receipt V15A.pptx
ssuserbfa915
 
How ambidextrous entrepreneurial leaders react to the artificial intelligence...
IAESIJAI
 
Video forgery: An extensive analysis of inter-and intra-frame manipulation al...
IAESIJAI
 
Developing a website for English-speaking practice to English as a foreign la...
IAESIJAI
 
Getting Started with Data Integration: FME Form 101
Safe Software
 
Microsoft Solutions Partner Drive Digital Transformation with D365.pdf
Microsoft Dynamics
 

Directions in SELinux Networking

  • 1. Directions in SELinux Networking Linux Kernel Networking Summit Montréal, Canada July 2005 James Morris <jmorris@redhat.com>
  • 2. SELinux ● SELinux provides fine­grained, flexible MAC. ● Subjects and objects are labeled with security  contexts, policy determines interactions. ● Type Enforcement (TE) model provides an  expressive abstraction of security classes and  their interactions.
  • 3. Current Status ● SELinux provides broad coverage across the  kernel (140 hooks). ● All socketcalls are mediated, provides high level  control over local networking. ● Protocol specific controls for Netlink, Unix, some  IP (name_bind, name_connect, rudimentary  packet filter).
  • 4. Networking Directions ● Performance of IP network controls needs to be  improved. ● Hit by per­packet lookups for security context of  port and IP addresses. ● IBM did some work on an RCU cache, needs  further investigation. ● May be replacing IP packet hooks anyway.
  • 5. Netfilter/iptables ● Possibly replace existing IP packet controls with  Netfilter/iptables integration (selipt). ● More flexible & expressive, makes use of  conntrack, matches, targets etc. ● Need receiving socket: current code uses  ipt_owner patch. ● Better to use socket hook work from Patrick  McHardy.
  • 6. Distributed MAC ● MAC is currently limited to the local machine. ● Historically used with Multi­Level Security  (MLS). ● Typically, each packet is labeled via IP options  (CIPSO, FIPS­188). ● Selopt implemented, dropped for upstream  merge.
  • 7. Leveraging IPsec ● Trent Jaeger's implicit labeling work (IBM). ● Label SAs instead of packets. ● Draws on previous Flask work. ● Not MLS or even SELinux specific. ● Utilizes IPsec services: confidentiality;  authentication; negotiation; automation.
  • 8. Leveraging IPsec II ● Hooks into xfrm subsystem. ● IPsec policies are labeled: only authorized  policies may be used, controlled via SELinux. ● SA labels must match (existing SA or triggered  negotiation with IKE). ● Matching packets considered labeled. ● Policy for unlabeled packets (e.g. ISAKMP).
  • 9. Leveraging IPsec III ● Useful for MLS networking, suitable for LSPP  (B1) and beyond. ● Not compatible with IP options schemes. ● More generally useful for extending SELinux  across the network. ● Control communication between processes on  different systems.
  • 10. Networked Filesystems ● NSA developed support for NFSv3. ● Future is NFSv4 with named attributes. ● SMB desired by some parties. ● Cluster Filesystems (some OCFS2 work).
  • 11. Remote Attestation ● Use of TPM and associated hardware to  cryptographically verify system from boot. ● IBM Integrity Measurement Architecture (IMA). ● Requires protocol which queries TPM with  nonce; TPM signs measurement list and nonce. ● SELinux policy could be used to require that the  remote system is attested before some other  communication.
  • 12. Cryptographic Policy ● SELinux policy could be extended to express  more general cryptographic policy. ● e.g. foo_t file must be stored with X encryption,  and only transmitted by local admin_t to remote  admin_t on trusted hosts with Y encryption and Z  authentication on the wire. ● May also require use of specific crypto device or  software.
  • 13. Distributed Policy ● Mechanism for distributing and synchronizing  policy within a security realm may be useful  when using distributed MAC.
  • 14. Longer Term ● General trend toward increasingly high assurance  distributed computing. ● Inter­realm communication.  Establishing trust  between different “domains of interpretation” is  very difficult. ● SE aware firewalling, complicated by Ipsec.
  • 15. Resources ● SELinux Enhanced IPTables http://people.redhat.com/jmorris/selinux/selipt/ ● “Architecture of SELinux Network Access Controls” http://www.selinux­symposium.org/2005/presentations/session2/2­2­morris.pdf ● “Leveraging IPSec for network access control for SELinux” http://www.selinux­symposium.org/2005/presentations/session2/2­3­jaeger.pdf ● Full IBM research report on the above (and more generalized). Not yet published ● Ajaya Chitturi's Flask Thesis http://www.cs.utah.edu/flux/papers/ajay­thesis­abs.html