SELinuxWikipedia says:What is SELinux?Access Control PhilosophiesSELinux past tense.Recent improvements.Who Cares?National Security AdministrationWhat’s the point?Terminology:How does this apply to “you”?Hobbiest/EnthusiestCorporate Systems GuyCracker/Malicious TypeReference material:SELinuxSELinux2SELinuxWikipedia says:Wikipedia says:Security-Enhanced Linux (SELinux) is an Security-Enhanced Linux (SELinux) is an implementation of mandatory access implementation of mandatory access control using Linux Security Modules control using Linux Security Modules (LSM) in the Linux kernel, based on the (LSM) in the Linux kernel, based on the principle of least privilege. It is not a principle of least privilege. It is not a Linux distribution, but rather a set of Linux distribution, but rather a set of modifications that can be applied to Unix-modifications that can be applied to Unix-like operating systems, such as Linux and like operating systems, such as Linux and BSD.BSD.3SELinuxWhat is SELinux?What is SELinux?A kernel level MAC (Mandatory Access Control) implementation for LinuxA kernel level MAC (Mandatory Access Control) implementation for LinuxOriginally commissioned and built by/for the NSAOriginally commissioned and built by/for the NSAA head-ache for the uninitiatedA head-ache for the uninitiatedVery effective if done rightVery effective if done rightNot the usual case BTWNot the usual case BTWOne of three well known MAC implementationsOne of three well known MAC implementationsTrusted Solaris Trusted Solaris  Mainframe “Top Secret” and RACF.Mainframe “Top Secret” and RACF.Top Secret is a product of Computer AssociatesTop Secret is a product of Computer AssociatesRACF – Resource Access Control FacilityRACF – Resource Access Control FacilityRACF is the access control system used by IBM on its mainframe line of computers RACF is the access control system used by IBM on its mainframe line of computers4SELinuxAccess Control PhilosophiesAccess Control PhilosophiesMAC: Mandatory Access ControlMAC: Mandatory Access ControlCannot be worked aroundCannot be worked aroundI own it, not you.I own it, not you.Ex: Directory “Secret” is owned by “Agent”. “Agent” does not have Ex: Directory “Secret” is owned by “Agent”. “Agent” does not have authority to grant access to others. Only the “Owner” does.authority to grant access to others. Only the “Owner” does.DAC: Discretionary Access ControlDAC: Discretionary Access ControlIt’s yours, do what you will.It’s yours, do what you will.Same example: “Agent” can grant access to whomever she cares.Same example: “Agent” can grant access to whomever she cares.RBAC: Role Based Access ControlRBAC: Role Based Access ControlDepending on what your role is, maybe.Depending on what your role is, maybe.If “Agent” has the correct Role, she can, otherwise she can’t.If “Agent” has the correct Role, she can, otherwise she can’t.5SELinuxSELinux past tense.SELinux past tense.Auditing and reporting support very limited and poorly Auditing and reporting support very limited and poorly integrated in SELinux. integrated in SELinux. One big ugly policy. One big ugly policy. No decent interface for managing policies. No decent interface for managing policies. SLIDE (new tool)SLIDE (new tool)Building policies was a flat file hack style.Building policies was a flat file hack style.Fresh files got no label. You had to comb the system to find and Fresh files got no label. You had to comb the system to find and label them manually.label them manually.Poor scalability with SMP.Poor scalability with SMP.6SELinuxRecent improvements.Recent improvements.FC4 policy now has over 120 confined domains, updates in Hardened Gentoo, and FC4 policy now has over 120 confined domains, updates in Hardened Gentoo, and support being mainstreamed into Debian. support being mainstreamed into Debian. Multi Level Security support enhanced and mainstreamed. Multi Level Security support enhanced and mainstreamed. Audit system enhanced and increasingly integrated. Audit system enhanced and increasingly integrated. RHEL5 entered into evaluation against CAPP (Controlled Access Protection Profile), RHEL5 entered into evaluation against CAPP (Controlled Access Protection Profile), LSPP (Labeled Security Protection Profile) , and RBAC (Role Based Access Control) LSPP (Labeled Security Protection Profile) , and RBAC (Role Based Access Control) with SELinux coverage.with SELinux coverage.Loadable policy modules, build and package policy modules separately. Loadable policy modules, build and package policy modules separately. Policy management API (libsemanage) Policy management API (libsemanage) Improved support for policy development: Polgen, SEEdit, SLIDE, CDS Framework.Improved support for policy development: Polgen, SEEdit, SLIDE, CDS Framework.Atomic labeling of new files. Atomic labeling of new files. File security labels visible for all filesystems exactly as seen by SELinux. File security labels visible for all filesystems exactly as seen by SELinux. Major improvements in SMP scalability. Major improvements in SMP scalability. Significant reduction in kernel memory use by policy.Significant reduction in kernel memory use by policy.Who Cares?Who Cares?8SELinuxNational Security AdministrationNational Security AdministrationResearchers in the Information Assurance Research Group of the National Security Researchers in the Information Assurance Research Group of the National Security Agency (NSA) worked with Secure Computing Corporation (SCC) to develop a Agency (NSA) worked with Secure Computing Corporation (SCC) to develop a strong, flexible mandatory access control architecture based on Type Enforcement, strong, flexible mandatory access control architecture based on Type Enforcement, a mechanism first developed for the LOCK system. The NSA and SCC developed a mechanism first developed for the LOCK system. The NSA and SCC developed two Mach-based prototypes of the architecture: DTMach and DTOS. The NSA and two Mach-based prototypes of the architecture: DTMach and DTOS. The NSA and SCC then worked with the University of Utah's Flux research group to transfer the SCC then worked with the University of Utah's Flux research group to transfer the architecture to the Fluke research operating system. During