2006 SELinux Symposium Works in Progress and Birds of a Feather Abstracts

Progress of SELinux Policy Editor

Yuichi Nakamura, The George Washington University, Hitachi Software, Japan

We presented SELinux Policy Editor(http://seedit.sourceforge.net/) in SELinux Symposium 2005. It is a tool composed of GUI and simplified policy. Simplified policy has its own policy description language. The language reduces the number of policy description by hiding type label from users and integrating access vector permissions. The version we presented before worked only in old SELinux. We have updated our tool to work in new distros. The updates will be introduced.

We are also currently reviewing the security design of simplified policy. We are reviewing security impact of integration of access vector permissions in simplified policy and considering reasonable integration to achieve security and usability. The progress and plan of security design will be discussed.

SLIDE: An Integrated Policy Development Environment

James Athey, Tresys Technology, USA

SLIDE is a new eclipse-based integrated policy development environment. It allows the creation of reference policy based policies and policy modules. In addition to numerous editing features, like interface name completion and syntax highlighting, SLIDE includes support for configuring all of the reference policy build options, the creation of policy modules for Fedora Core 5, and will eventually integrate with other policy development, analysis, and debugging tools.

Integrating Multi-Category Security into Fedora

James Morris, Red Hat, USA

Multi-Category Security (MCS) is a user-oriented security mechanism which re-uses much of the underlying MLS technology present in SELinux. In this report, we'll discuss the current status of MCS in the rapidly evolving environment of the Fedora project, and how it helps provide a foundation for utlimately integrating MLS into a mainstream operating sytem. Any feedback on MCS, as a newly evolving technology, will be welcomed.

Protecting the Internet from Zombie Armies with DeSPAC-SE

Eric Freudenthal, University of Texas at El Paso, USA

Many users of self-administered (home and small-office) computers promiscuously download programs despite the inadequate protection provided by virus scanners. These users desire secure systems but also demand the ability to install apparently useful (or entertaining) software from untrustworthy sources. Complete isolation (e.g. jail) renders most software useless and SELinux's emerging model to automate the extension of policy a the time programs are "installed" is incompatible with these users' behavior and demands. To substantially increase protection available to these weakly administered systems, we are extending SE-Linux to by transparently install or select appropriate policy (possibly even validating program configuration) when an unlabeled binary is first exec'd. System "owners" will delegate responsibility for "policy configuration" to on-line publishers of policy and configuration. Thus, programs believed to not be harmful can be automatically provided access only to resources consistent with their normal use, and execution can be blocked (and users alerted) when when a program is either (1) unknown or (2) known to pose a security risk despite policy if used for its normal purpose.

A User-Space Monitor for High-Assurance Workflows

Jacques Thomas, Purdue University, USA

We are working on a framework to support high-assurance workflows. As all publicly traded companies will have to comply with the Sarbanes-Oxley Act, they will have to use high-assurance workflows. Our work (so far confined to modeling) uses Type Enforcement to guarantee important properties of our system: (1) a user can execute a specific task on a specific case only if such an activity would not violate the constraints of the workflow; (2) each activity is recorded and can therefore be audited later on. The constraints that can be expressed and enforced on the workflow include History-based Dynamic Separation of Duty, routing of the case through tasks, and content-based access control. Preliminary results indicate that our framework meets the Clark-Wilson requirements that apply to a framework, including enforcement of the separation of duty constraints and keeping of a tamper-proof audit trail. It also seems that such a framework can be useful in factoring the audit process: once the framework has been successfully audited, the rest of the audit can focus on the policy; not its enforcement.

Playing Well With Others: Implementing CIPSO on Linux

Paul Moore, HP, USA

SELinux provides users with a very fine grained access control mechanism which can regulate access to every object on the local system. However, when it comes to network traffic SELinux provides a much coarser method of access control. Currently SELinux does not offer users the ability to restrict network traffic on a per-packet basis. While work is currently underway to augment the existing Linux IPsec/IKE protocols to allow per-packet access control, there is no generally accepted standard for this work and interoperability with other platforms is uncertain in the near term. The Commercial IP Security Option (CIPSO) has become a de-facto standard for per-packet network labeling and is supported by all of the major trusted operating systems. Unfortunately, earlier attempts at implementing CIPSO on Linux resulted in failure due to complexity and intrusiveness. Late in 2005 I proposed a new approach to implementing CIPSO on Linux to the Red Hat LSPP mailing list. During this WiP I plan on giving a brief overview of the new approach and a progress update.

Policy Development Tools

Karl MacMillan, Tresys Technology, USA

This BoF is a chance to discussion policy development tools including current capabilities, future directions, and possible integration / cooperation. This is open to both authors of policy development tools and interested current/potential users.

Linux Audit System

Steve Grubb, Red Hat, USA

This BoFs will include discussion about the native linux kernel audit system. The discussion will include recent development work and future project direction.