![]() The security administrator can pick and choose which modules to use. RSBAC is a kernel patch and set of administration tools that adds a number of security modules to the kernel. This feature of SELinux is still considered experimental it will be some time before it is in widespread use. For example, if data classified as “secret” is mixed with data that is classifed as “top secret,” the resulting data needs to classified as top secret. MLS allows for classified information to be shared at different security clearance levels - a requirement for government systems that contain classified data. A user could be assigned the role of Mail Administrator, for instance, and then be able to manage all aspects of the mail server without needing root access to the system. With RBAC the security administrator can grant users some of the power of the root account without granting them total control over the system. RBAC allows users to be assigned a set of roles that allow or restrict actions. TE allows for fine-grained permissions to be set on files and processes. ![]() The security administrator then defines policies that indicate what access is allowed between pairs of types. With TE, every object on the system is assigned a type. SELinux implements MAC through the use of Type Enforcement (TE), Role Based Access Controls (RBAC), and Multi-Level Security (MLS). It has since been ported to a module that hooks into the Linux Security Module framework and is now included in 2.6 kernels. SELinux was originally a kernel patch developed by the NSA to add MAC to the Linux kernel. ![]() Now let’s take a brief look at some of the projects that add MAC to Linux. By one day gaining Orange Book B1-level certification, Linux can be more widely used in government. These criteria are laid out in the DOD publication “Trusted Computer System Evaluation Criteria,” otherwise known as the Orange Book (due to the color of its cover). With MAC, file and process protection is independent of owners.Īll of the above are requirements to meet the Department of Defense criteria for “trusted” operating systems. Once these policies are in place, users cannot override them, even if they have root privileges. Security policies can be set by the system owner and implemented by a system or security administrator. MAC makes the enforcement of security policies mandatory instead of discretionary, as you might imagine from the name Mandatory Access Control. If the root account, or a process that runs with its privileges, is compromised, an attacker can take control of the system and its data.Ī more secure approach would limit or even eliminate the need for a root account, and shift the power from the user accounts to the owner of the system. This super-user has the power to control all files and processes. However, the biggest concern with the Linux model is the danger presented by the root account. The owner of the system does not have total control over the system the users do. In this model, users control the data at their discretion. If a user owns a file, he is allowed to set the read, write, and execute permissions for that file. The security model used by most mainstream operating systems is based on Discretionary Access Control (DAC), which enforces security by ownership. All of these projects are open-source and licensed under the GPL. The Rule Set Based Access Control (RSBAC) project, the Linux Intrusion Detection System (LIDS), and grsecurity are other popular projects with the same goal. The most well-known of these projects is Security Enhanced Linux (SELinux), which was developed by the U.S. Fortunately, there are a few projects aiming to solve this problem by providing a more robust security model for Linux by adding Mandatory Access Control (MAC) to the kernel. Some in the security industry say that Linux is inherently insecure, that the way Linux enforces security decsions is fundamentally flawed, and the only way to change this is to redesign the kernel.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |