2006 SELinux Symposium Tutorials

SELinux Policy Writing

Instructor: Chad Sellers and Joshua Brindle, Tresys Technology

Tutorial Description: Introduction to writing SELinux policies.

Pre-requisites: Familiarity with Linux systems and administration.

Audience: Developers, security administrators, and system administrators.

This tutorial, which is a condensed, one day version of the popular three day Tresys Technology policy development and analysis primer course (http://www.tresys.com/selinux), will introduce the student to all of the major concepts in SELinux needed to write and understand policies. The tutorial will cover the core concepts in SELinux and Type Enforcement and the techniques for creating a new policy.

This is a hands-on tutorial.

At the end of the tutorial, the student will have a solid technical foundation for creating SELinux policies.

Max Attendees: 32

Introduction to SELinux

Instructors: Chris Ashworth and Karl MacMillan, Tresys Technology

Tutorial Description: Introduction to SELinux.

Pre-requisites: Familiar with Linux systems.

Audience: Security administrators, system administrators, and other IT professionals interested in SELinux.

This tutorial covers the basic SELinux concepts and how they can be applied to solve common security challenges and build secure systems. This tutorial is designed for those that have no SELinux knowledge and would like to understand the basic concepts and for those that are considering SELinux deployments and would like to understand where SELinux is best applied.

At the end of the tutorial, the student will have an understanding of SELinux and how it can be applied.

Max Attendees: 60

Building Cross-Domain and Perimeter Defense Solutions

Instructors: Karl MacMillan, Tresys Technology, Nick Selimis, Windermere Group

Tutorial Description: An in-depth look at advanced techniques used to create secure cross-domain and perimeter defense solutions with SELinux.

Pre-requisites: The "Introduction to SELinux Policy Development" tutorial (or equivalent knowledge and experience).

Audience: Developers, security administrators, and advanced system administrators.

Cross-domain and perimeter defense solutions (e.g., firewalls, email proxies, guards, etc.), by their very nature, require strong security that is hard to achieve with traditional security mechanisms. These solutions require comprehensive control over networking and the flow of information within the system in addition to standard least-privilege and system hardening techniques. SELinux provides an excellent foundation for these types of devices by providing the policy features needed for strong domain separation, kernel enforced information flow policies, and comprehensive least-privilege.

This tutorial covers the basic concepts that make SELinux an excellent choice for cross-domain solutions and network boundary devices, advanced policy development techniques for meeting these unique security requirements, information on how SELinux can meet or exceed common security standards for these devices, and insights into how applications can be architected to best utilize the policy features. This tutorial is based on the in-depth experience of the presenters in creating these types of solutions.

At the end of the tutorial the student will have a solid understanding of how SELinux can meet the security requirements of cross-domain solutions and network boundary devices.

Max Attendees: 60

Reference Policy

Instructors: Chris PeBenito, Spencer Shimko, Tresys Technology

Tutorial Description: Introduction to the reference policy.

Pre-requisites: The "SELinux Policy Development" tutorial (or equivalent knowledge and experience).

Audience: Policy Developers, security administrators, and advanced system administrators.

The reference policy (http://serefpolicy.sourceforge.net/) is a complete, new policy that serves as an easier to use and maintain replacement for the current strict and targeted policies. It will be the default policy in Fedora Core 5. The reference policy includes many new concepts and techniques to help make policies easier to understand and development. Additionally, it seamlessly supports loadable policy modules and the strict, targeted, MLS, and MCS policy configurations from a single source.

This tutorial introduces the reference policy, its concepts, and how to configure it and add new policy modules.

This is a hands-on tutorial.

At the end of the tutorial, the student will have a solid understanding of how to use the reference policy.

Max Attendees: 32

Managing Red Hat Enterprise Linux 4

Instructor: Dan Walsh, Red Hat

Tutorial Description: This tutorial is a hands-on, practical introduction to managing SELinux in Red Hat Enterprise Linux 4.

Prerequisites: Knowledge of Red Hat Enterprise Linux system administration and security. Basic SELinux knowledge is helpful but not required.

Audience: System administrators and security professionals

Topics will include:

• Introduction to the targeted policy
• Modified commands and SELinux utilities
• Understanding SELinux log messages
• Customizing the policy with booleans
• Managing file labeling
• Backup and disc management with SELinux
• Future changes in Fedora Core 5 and Red Hat Enterprise Linux 5