Open Source and Commercial Applications in a Java-based SELinux Cross Domain Solution
Boyd Fletcher, Joint Forces Command - Joint Experimentation Directorate
Cross Domain Solutions (CDS) provide the essential boundary between
networks of different security classifications and play a critical role in
national and international security. Traditionally CDS development has been
bottom-up with all efforts being reproduced for each product. This bottom-up
effort requires developers to recreate the applications, filters, and security
architecture for each product. However, bottom-up CDS development has been a
complex, lengthy, and thus expensive endeavor. We recently addressed these
concerns with a development effort which was tasked with the creation of suite of CDS systems.
CDS development efforts have focused on producing a full suite of
filters and applications in addition to developing a security architecture
from the bottom-up. During the development of the Cross Domain Collaborative
Information Environment (CDCIE) we found that by using SELinux to create a
security architecture and through careful combination of commercial applications,
open source applications, and filters developed in Java we have been able to produce a secure CDS without the traditional bottom-up effort. The CDCIE team has also found several distinct advantages to using this technique in addition to the reduction in the complexity and length of development thereby reducing the overall costs.
Developing the CDCIE Suite in a mixed environment was not
without its own set of difficulties. Commercial applications could not be
easily modified to adhere to the security constraints of the system
architecture. Policy had to be developed around the commercial applications;
security architecture should drive application development, not vice-versa.
We will discuss how SELinux can be used to eliminate extraneous access even in
closed source applications. Open source applications had to be modified to
support the protocols and specifications developed. Fortunately they could
also be modified to fix bugs exposed via SELinux. Standard Java IPC mechanisms
did not provide the granular access controls required for the CDS environment.
We have also begun work on the next task by modifying an existing system
library wrapper called JTUX (Java To UniX) so we could further confine
information flow between Java filters with SELinux policy. We will discuss
the success we had in overcoming these difficulties but will also address the
lessons learned during the process and thoughts we have for the future.
Enhancing IBM Websphere with SELinux
Marc Hocking, UK Cabinet Office, e-Government Unit, UK, Karl MacMillan, Tresys Technology, USA, and Doc Shankar, IBM, USA
This case study will present our work on creating a prototype IBM
Websphere solution enhanced with SELinux for use in a UK e-Government pilot
program. We will present the security requirements of the UK Government for
enterprise application servers and the technical details of how the
prototype application meets those needs. Included will be a discussion
of the underlying technology that creates a configurable and deployable
SELinux security enhancement for IBM Websphere and other enterprise
applications. In particular, we will present our novel approach and infrastructure for
customizing policies at deployment time based on application and user
settings. This allows us to enforce fine-grained network access controls
across a distributed enterprise application without forcing the
application server administrators to understand or edit SELinux policy.