Have You Driven an SELinux Lately? - An Update on the SELinux Project - OLS 2008

0 %
100 %
Information about Have You Driven an SELinux Lately? - An Update on the SELinux Project -...
Technology

Published on June 30, 2009

Author: jamesmorris

Source: slideshare.net

Description

"Have You Driven an SELinux Lately? - An Update on the SELinux Project"

This was given at OLS (Ottawa Linux Symposium) in 2008.

The paper from the talk may be found at
http://namei.org/ols-2008-selinux-paper.pdf.

Have You Driven an SELinux Lately? An update on the Security Enhanced Linux Project James Morris Red Hat Asia Pacific Pte Ltd Ottawa Linux Symposium 2008

Project Timeline ● 1980s – 1990s – Academic R&D ● 2000 – 2003 – GPL release, upstream merge ● 2003 – 2005 – Distribution integration ● 2005 – present – Infrastructure and usability improvements

Infrastructure Work ● Loadable Policy Modules ● Reference Policy ● Policy Booleans ● Libraries ● Toolchain

User Experience ● Targeted Policy – Initially confined only critical applications – Now re-merged with hundreds of modules ● Targeted behavior selected via the unconfined module ● Setroubleshoot – Inspired by GNOME bug buddy

setroubleshoot

System Administration ● audit2why ● semanage ● restorecond ● system-config-selinux

system-config-selinux

Policy Development ● Command line tools for quick fixes ● SLIDE ● SEEdit

SLIDE

Core Enhancements ● Performance and scalability improvements ● Integrated with kernel memory protection ● Netfilter-based network controls ● Labeled Networking ● Better MLS

Security Evaluation ● RHEL5 Common Criteria certifications – LSPP, RBACPP, CAPP at EAL4+ – IBM, HP and SGI hardware – Community effort – Led to improved audit and other features ● Other Accreditation – US Coast Guard Intelligence case study

Threat Mitigation “A security framework originally published by the US National Security Agency has begun to rack up an impressive list of protections against security holes.” – LinuxWorld, Feb 2008 ● SELinux has mitigated several serious security threats to everyday users of Fedora & RHEL. ● Tracked @ Tresys Mitigation News

SELinux Adoption ● Widely adopted in Fedora – Smolt statistics show majority have SELinux enabled. ● RHEL adoption by military, govt, finance: – Factor in NYSE/Euronext adoption, handling over $140 Billion/day in trades. ● Embedded / consumer electronics: – Reduce risks and costs of vulnerabilities – Simpler systems can have tighter policy

Kiosk Mode (xguest) ● Anonymous desktop sessions ● Innovative application of several security technologies ● Useful for conferences, training, trade shows, libraries, child-proofing...

Current Work ● Wider distribution support: – Ubuntu, Debian, Gentoo ● Beyond kernel: – Virtualization (XSM) – Desktop (XACE) – Storage (LNFS) – Applications (Database etc.) ● Beyond Linux: – OpenSolaris FMAC

Challenges ● Improved usability, as always! ● Documentation ● Keep community growing

How to Participate ● Install SELinux enabled distribution ● Join mailing lists ● IRC ● Ask questions, report bugs!

by marco_ely @flickr

Add a comment

Related presentations

Presentación que realice en el Evento Nacional de Gobierno Abierto, realizado los ...

In this presentation we will describe our experience developing with a highly dyna...

Presentation to the LITA Forum 7th November 2014 Albuquerque, NM

Un recorrido por los cambios que nos generará el wearabletech en el futuro

Um paralelo entre as novidades & mercado em Wearable Computing e Tecnologias Assis...

Microsoft finally joins the smartwatch and fitness tracker game by introducing the...

Related pages

Have You Driven an SELinux Lately? An Update on the ...

Have You Driven an SELinux Lately? An Update on the Security Enhanced Linux Project ... An Update on the Security Enhanced Linux Project. ... © 2008&dash ...
Read more

Have You Driven an SELinux Lately? - The Linux Kernel Archives

Have You Driven an SELinux Lately? An Update on the Security Enhanced Linux Project James Morris Red Hat Asia Pacific Pte Ltd jmorris@redhat.com
Read more

Have You Driven an SELinux Lately? - James Morris

Have You Driven an SELinux Lately? An update on the Security Enhanced Linux Project James Morris Red Hat Asia Pacific Pte Ltd Ottawa Linux Symposium 2008
Read more

Ols | LinkedIn

... and more. Get the professional knowledge you need on LinkedIn. LinkedIn Home ... (OLs) have been able to live above their means as they do not ...
Read more

Docs/Drafts/SELinux User Guide/SELinux Information Plan ...

... an estimation of the time and resources required to complete the project. Information Plan ... Have You Driven an SELinux Lately ... 2008 to ...
Read more

Adapting 1960s Technology to Meet 21st Century Threats

“Have You Driven an SELinux Lately?” (OLS paper on current state) ... http://www.linuxworld.com/news/2008/022408-selinux.html SMACK http://schaufler-ca ...
Read more

Design and Implementation of the SELinux Policy Management ...

Article: Have You Driven an SELinux Lately? An Update on the Security Enhanced Linux Project
Read more

Sicherheit, Userland | heise open - heise online - IT-News ...

In "Have You Driven an SELinux Lately? – An Update on the ... Die bislang erwähnten OLS ... eine thematisch sortierte Liste aller Vorträge von OLS 2008 ...
Read more