Published on June 30, 2009
Mandatory Access Control Networking Update Netconf 2006 Tokyo James Morris email@example.com
MAC Networking ● Applying Mandatory Access Control (MAC) security to networking: 1) Local communications ● Unix Domain ● Netlink etc. 2) Local labeling of network packets & objects ● Packet filtering 3) Distributed MAC ● Labeled networking
Status – since last year ● SELinux packet filtering controls have been re- implemented with Secmark: – Utilizes IPTables, conntrack etc. – Separates labeling and enforcement – Much more powerful & flexible – Policy is greatly simplified
Status (cont'd) ● Native IPSec/xfrm labeling extended by TCS to provide full support for LSPP (used to be B1) certification. – Implements Multilevel Security (MLS), but is generic.
Status (cont'd) ● Support for legacy MLS networking added by HP (“N etlabel” ): – CIPSO case 0x86: /* Another "Commercial Security" crap. */ + case IPOPT_CIPSO: – RIPSO and others possible ● Provides interoperability with legacy MLS systems such as Trusted Solaris. ● Argus also porting their CIPSO implementation.
Futures ● Consolidation of labeling schemes (TCS has posted patches), so they all work well together. ● Complete LSPP/EAL4+ certification with RHEL5, which will include SELinux and native labeled networking. ● Look for ways to make labeled networking more generally useful (using Type Enforcement) – Example: protected paths between web server and database server processes.
Conclusions ● While immediately most useful to government & military users, the MAC networking frameworks have been implemented generically. ● These features are unprecedented in a general purpose OS. ● Linux now has perhaps the richest network security feature set ever.
Presentación que realice en el Evento Nacional de Gobierno Abierto, realizado los ...
In this presentation we will describe our experience developing with a highly dyna...
Presentation to the LITA Forum 7th November 2014 Albuquerque, NM
Un recorrido por los cambios que nos generará el wearabletech en el futuro
Um paralelo entre as novidades & mercado em Wearable Computing e Tecnologias Assis...
Mandatory Access Control Networking Update Netconf 2006 Tokyo ... Applying Mandatory Access Control (MAC) ... labeled networking.
Access Control Systems Vincent C. Hu ... September 2006 ii. ... mandatory and binding on federal agencies by the Secretary of Commerce under statutory
Mandatory data Mandatory data ... Role-Based Access Control (RBAC) Microsoft Lync Server 2010 ... deploying an Microsoft Lync Server 2010 network, ...
... Protection of Sensitive Agency Information ... dated April 2006, are considered mandatory. ... AC-1 ACCESS CONTROL POLICY AND PROCEDURES
Flexible mandatory access control ... only and do not deal with access rights for updates ... provide security properties for a network, ...
This article describes how to assign a mandatory user profile in Windows XP. ... click Control Panel, ... To assign a mandatory user profile, ...
... that are included in Windows Server 2003 Service Pack 2. ... access control entry is added to child ... saving time 2006 912475 update:
Mandatory Newsletter. Get a weekly dose of MANDATORY by signing up for our newsletter. Partner Offers: Yes, I would like to receive occasional email ...