UP | HOME
2017-08-15 TOP | Slides

SELinux (Security Enhanced Linux) LSM Module

Table of Contents

  1. Background: LKM, and LSM; DAC and MAC
  2. SELinux is an implementation of MAC as an LSM for Linux
  3. AVC == Access Vector Cache of SELinux

0.1 SEL

  1. Disables root user priviledges
  2. Several administrative roles with limited extra privileges
  3. Example: Changing passwords does not require root access to setting up firewalls
  1. Multi-level security: Declassified, Secret, Top-Secret, etc.
    1. In MLS, only a trusted declassifier can lower the secrecy of a file
    2. Users with appropriate privilege can read classified files, but cannot output their contents to lower secrecy levels

1 SELinux Simplied View

  1. Recall MAC: Subjects (active entities, e.g., processes), verbs (e.g., read), objects (passive entities, e.g., files)

se-linux-simple-view.png

1.1 SELinux Example #1

  1. process #31337 wishes to read-open /etc/passwd: simplified view

dac-mac-flow1.png

1.2 SELinux Example #2 More Details of #1

  1. process #31337 wishes to read-open /etc/passwd: more details

dac-mac-flow2.png

1.3 SELinux Architecture

  1. SELinux has hooks located at strategic points within the kernel code

1-core.png

Figure 4: SELinux Architecture

2 SELinux on Ubuntu

  1. SELinux is default on RedHat. Ubuntu distribution uses AppArmor instead; but, you can apt-get install selinux
  2. Config files on Ubuntu:
    1. /etc/selinux/*, 60+ files
    2. /etc/selinux.d/ubuntu/* 50+ files

2.1 SELinux Modes

  1. In /etc/selinux/config file, SELINUX=enforcing or disabled, permissive
  2. Enforcing: policy is loaded. Your machine is actively protected.
  3. Permissive: policy file is loaded, but SELinux is not enforcing it. Accesses will be logged but not prevented. This mode is intended for testing and debugging.
  4. Disabled: SELinux infrastructure is not enabled. No policy file loaded. Log files are not generated.

2.2 Context Labels

  1. A label is a string of four values: user-identity, role, type, sensitivity (the last can be missing) [separated by colons]
    1. Ex: /etc/shadow: system_u:object_r:shadow_t
    2. Ex: process: root:staff_r:staff_t
    3. 100+ types, such as device-type, process-type, file-system-type, network type, IPC type, …
  2. Labels encapsulate all security attributes of an object. Labels are interpreted by the SELinux Security Server in the kernel and by libselinux in user space.
  3. The rest of the kernel code and user space view labels as opaque data.
  4. New security attributes can be added to labels without having to recompile applications or redesign core SELinux code.

2.3 SELinux Architecture Diagrams

selinux architecture.png

Figure 5: SELinux Architecture Diagram

selinux-init.jpg

Figure 6: selinux-init

  1. selinux_init files

selinux-init-hooks.jpg

2.4 SELinux Policies

  1. Written in a SELinux-specific language.
  2. SELinux Policy IDE is an integrated development environment for SELinux developed by http://oss.tresys.com/

3 SELinux Critique

  1. Writing SELinux config files is complicated.
  2. Smack LSM was designed in response to the complexity of SELinux. Smack is now part of Tizen, a mobile OS. Not well-respected. See HackerNews.
  3. Is SELinux crap? http://forums.fedoraforum.org/showthread.php?t=288584 Comments by a frustated Linux user.

4 References

  1. http://source.android.com/devices/tech/security/se-linux.html Validating Security-Enhanced Linux in Android. Required Reading.
  2. Richard Haines, The_SELinux_Notebook-4th_Edition.pdf, 400pp; Legit download? search the web for links; Pretty good.
  3. Stephen Smaley, "Security Enhanced (SE) Android: Bringing Flexible MAC to Android." ./SEAndroid-NDSS2013-pm-tab.pdf NDSS 2013 paper, with a few of my annotations. Slides: ./seandroid-Presentation02_4.pdf
  4. Red Hat, ./state-of-selinux-moore-2015.pdf Aug 2015 Short presentation. Recommended Reading.

4.1 References #2

  1. Bill McCarty, SELinux NSA's Open Source Security Enhanced Linux, O'Reilly Media, Formats: Print Safari Books Online, October 2004 Pages: 258 Print ISBN:978-0-596-00716-4 | ISBN 10:0-596-00716-7
  2. http://www.linux.com/learn/docs/727873-overview-of-linux-kernel-security-features/ 2013 Good overview. Highly recommended reading.
  3. https://www.youtube.com/watch?v=KoK42DsKEtc Defcon 21 - Defeating SEAndroid
  4. http://www.electronicsweekly.com/eyes-on-android/what-is/what-is-security-enhanced-se-android-2013-03/ 2013 Overview. Light reading. Recommended.
  5. Stephen Smaley, http://kernsec.org/files/lss2015/lss2014_androidtcb_smalley.pdf Recommended Reading.
  6. http://www.linuxnix.com/2012/09/basics-of-selinux-in-linux.html 2012

5 End

Copyright © 2017 pmateti@wright.eduwww.wright.edu/~pmateti 2017-08-15