Reference Policy
Chris PeBenito, Tresys, USA
Reference Policy has become the policy used as the basis for several Linux distributions and secure solutions. Several improvements have been made to the policy since the last symposium, including completion of porting the modules from the NSA example policy. This WiP will review the recent improvements to the policy and discuss the plans moving forward with the policy in the next year.
SELinux Upstream Future Directions
Karl MacMillan, Red Hat, USA
The upstream SELinux user tools for development and management continue to more forward. This talk will discuss recent changes and potential future directions including changes to the policy language, user visible changes to the command line utilities, and updates to the core libraries.
SLIDE: The SELinux Policy IDE
Brian Williams, Tresys, USA
SLIDE is an Eclipse-based integrated reference policy development environment. In addition to numerous editing features such as interface name completion, syntax highlighting and support for configuring all of the reference policy build options, SLIDE also now includes a simplified developer's view of policy, an outline of available interfaces and a policy searching engine. Also now available is SLIDE-Remote, which allows the user to push their newly created policy from SLIDE to a test system running the SLIDE Remote daemon which will load the policy, run testing scripts and pass the audit logs back to SLIDE for analysis. In the future we plan to create GUIs for customizing network configuration in SELinux policies as well as expanding the automatic policy generation tools already included and auto-generating interface calls from the audit messages received from SLIDE-Remote.
Extending SELinux Policy Model and Enforcement towards Trusted Computing Paradigms
Xinwen Zhang, Samsung, Japan
Trusted Computing (TC) is becoming pervasive in both PC and mobile platforms. However, how to effectively enforce TC-based security requirements in operating system (OS) and application layers is still an unsolved but very important problem. In this project we leverage SELinux for fine-grained access control by seamlessly integrating our ongoing TC projects on mobile platforms into the SELinux framework. In order to do so, we first augment the identity-role-type policy model of SELinux, which includes general subject and object attributes, by additional and TC-specific policy mechanisms. Thus, access control decisions are not only based upon traditional SELinux policies, but also on other and especially dynamic runtime properties of programs such as integrity values and overall platform configurations. To support the new security model, we enable the Linux Security Module (LSM) to call primitive TC services running on the same platform, such as platform state monitoring, runtime integrity measuring, and attestation services. The project also aims to investigate implementation options with kernel-level and application-level object managers according to various given performance variants. To complement this project from the complexity and usability point of view, we are concurrently also developing a high-level modelling tool for an efficient and precise SELinux policy configuration including the novel TC-policy requirements.
SETools
Chris PeBenito, Tresys, USA
SETools is a suite of policy analysis tools that can be used for a variety of uses such as verifying security goals and debugging. There was a major release this past year that entailed significant changes to the backend that will ease future development of the suite, in addition to making it more useful for using in other projects. This WiP will review the recent improvements to the suite and discuss the plans moving forward in the next year.
Security Enhanced PostgreSQL
KaiGai Kohei, NEC, Japan
Security Enhanced PostgreSQL is an extension of PostgreSQL that applies fine grained mandatory access control to many objects within the database and takes advantage of user authorization integrated within the operating system.
SE-PostgreSQL works as a userspace reference monitor to check any SQL query. Objects such as databases, tables, columns, tuples (rows), stored procedures and binary large objects are labeled with a security policy, either explicitly or via default labeling rules in the policy. When someone tries to access any protected database object without appropriate permissions, SE-PostgreSQL aborts the current transaction or filters the violated tuples.
Those facilities enables to build DBMS into the information flow control scheme. This presentation will give a brief overview of SE-PostgreSQL, and a demonstration of the software.
CDS Framework
Brian Williams, Tresys, USA
The CDS Framework IDE is an Eclipse plugin that provides engineers with the ability to design and implement cross domain solutions on a SELinux system without knowledge of the complex details of the underlying SELinux policies. The CDS Framework provides two main benefits to cross domain solution developers on SELinux systems, a high-level language for specifying architectures focused on the information-flow goals of the particular cross domain solution and an integrated development environment. This graphical IDE allows users to both design and implement their guard's information flow architecture in one step. Over the past year we have implemented a graphical policy editor as well as language enhancements such as conditional policy and abilities.
Implementation of SELinux for Embedded Linux Environments
Hadi Nahari, Montavista, USA
With the ever-increasing presence of Linux implementations in embedded devices (mobile handsets, set-top boxes, headless computing devices, medical equipments, etc.) there is a strong demand for security enhancements and hardening of the operating environment. Currently an estimated 70 percent of new semiconductor devices are Linux enabled; such high growth is accompanied by inevitable security risks, hence the requirement for a MAC (Mandatory Access Control) mechanism for such devices that can provide appropriate level of protection. Due to stringent security requirements for resource-constrained and embedded devices, implementing a MAC infrastructure to balance performance and control is particularly challenging. The proposed Work-in-Progress session presents MontaVista Software Security Team's current efforts in analyzing the feasibility and implementing SELinux for an embedded environment. The focus will be on practical issues surrounding SELinux implementation in a resource-constrained device. The current status of project on issues such as user and kernel space requirements, memory footprint, performance implications, policy management, Filesystem requirements, supported toolchain, and power management objectives will be discussed.
SELinux activities for embedded area, in Japan
KaiGai Kohei, NEC, Japan
Today we have various kinds of embedded systems such as internet
connected cellular phones. The complexity of software in embedded
systems is growing and often causes security issues. This presentation
introduces three SELinux activities for embedded systems in Japan.
The first one is xattr support on jffs2 filesystem.
Jffs2 is a filesystem which works on MTD devices, and is widely used for
diskless products like mobile-phones, handheld computers and so on. It
has already merged into Linux kernel since 2.6.18, and can help apply
secure operating-system on embedded systems.
The second one is sebusybox (SELinux'ed busybox) project.
It provides various SELinux related commands and extensions such as
chcon, runcon and '-Z' option support.
Some of Japan SELinux User Group members are getting involved in this
project.
The last one is SEEdit for embedded. SEEdit is a policy configuration
tool which works with simplified policy, originated by Yuichi Nakamura.
It's being improved for cross environment and reduction of policy size.
Connecting SCADA and corporate IT networks using SELinux
Ryan Bradetich, University of Idaho, USA
Supervisory Control And Data Acquisition (SCADA) networks have traditionally been isolated from corporate Information Technology (IT) networks. Hence, the security of SCADA networks has depended heavily upon limited access points and the use of point-to-point SCADA specific protocols. With the introduction of Ethernet into substations, pressure to reduce expenses, and to provide Internet services to customers, many utilities have been connecting their SCADA networks and corporate IT networks despite the additional security risks. Current security literature for SCADA networks is advocating traditional IT security safeguards such as strong passwords, encrypted communications, and firewalls, but there is no assurance that these mechanisms will provide adequate security to critical real-time control networks.
