SELinux Symposium



Symposium Committees

Previous Meetings
2007 Symposium
2006 Symposium
2005 Symposium
2004 Meeting


Sponsorship opportunities

Contact Us


2007 SELinux Symposium Works in Progress

Reference Policy

Chris PeBenito, Tresys, USA

Reference Policy has become the policy used as the basis for several Linux distributions and secure solutions. Several improvements have been made to the policy since the last symposium, including completion of porting the modules from the NSA example policy. This WiP will review the recent improvements to the policy and discuss the plans moving forward with the policy in the next year.

SELinux Upstream Future Directions

Karl MacMillan, Red Hat, USA

The upstream SELinux user tools for development and management continue to more forward. This talk will discuss recent changes and potential future directions including changes to the policy language, user visible changes to the command line utilities, and updates to the core libraries.

Targeted Policy

Dan Walsh, Red Hat, USA

This talk will cover all major changes in targeted policy that are being worked on currently in Fedora Core and changes planned for the next year.

SLIDE: The SELinux Policy IDE

Brian Williams, Tresys, USA

SLIDE is an Eclipse-based integrated reference policy development environment. In addition to numerous editing features such as interface name completion, syntax highlighting and support for configuring all of the reference policy build options, SLIDE also now includes a simplified developer's view of policy, an outline of available interfaces and a policy searching engine. Also now available is SLIDE-Remote, which allows the user to push their newly created policy from SLIDE to a test system running the SLIDE Remote daemon which will load the policy, run testing scripts and pass the audit logs back to SLIDE for analysis. In the future we plan to create GUIs for customizing network configuration in SELinux policies as well as expanding the automatic policy generation tools already included and auto-generating interface calls from the audit messages received from SLIDE-Remote.

Extending SELinux Policy Model and Enforcement towards Trusted Computing Paradigms

Xinwen Zhang, Samsung, Japan

Trusted Computing (TC) is becoming pervasive in both PC and mobile platforms. However, how to effectively enforce TC-based security requirements in operating system (OS) and application layers is still an unsolved but very important problem. In this project we leverage SELinux for fine-grained access control by seamlessly integrating our ongoing TC projects on mobile platforms into the SELinux framework. In order to do so, we first augment the identity-role-type policy model of SELinux, which includes general subject and object attributes, by additional and TC-specific policy mechanisms. Thus, access control decisions are not only based upon traditional SELinux policies, but also on other and especially dynamic runtime properties of programs such as integrity values and overall platform configurations. To support the new security model, we enable the Linux Security Module (LSM) to call primitive TC services running on the same platform, such as platform state monitoring, runtime integrity measuring, and attestation services. The project also aims to investigate implementation options with kernel-level and application-level object managers according to various given performance variants. To complement this project from the complexity and usability point of view, we are concurrently also developing a high-level modelling tool for an efficient and precise SELinux policy configuration including the novel TC-policy requirements.


Chris PeBenito, Tresys, USA

SETools is a suite of policy analysis tools that can be used for a variety of uses such as verifying security goals and debugging. There was a major release this past year that entailed significant changes to the backend that will ease future development of the suite, in addition to making it more useful for using in other projects. This WiP will review the recent improvements to the suite and discuss the plans moving forward in the next year.

Security Enhanced PostgreSQL

KaiGai Kohei, NEC, Japan

Security Enhanced PostgreSQL is an extension of PostgreSQL that applies fine grained mandatory access control to many objects within the database and takes advantage of user authorization integrated within the operating system.

SE-PostgreSQL works as a userspace reference monitor to check any SQL query. Objects such as databases, tables, columns, tuples (rows), stored procedures and binary large objects are labeled with a security policy, either explicitly or via default labeling rules in the policy. When someone tries to access any protected database object without appropriate permissions, SE-PostgreSQL aborts the current transaction or filters the violated tuples.

Those facilities enables to build DBMS into the information flow control scheme. This presentation will give a brief overview of SE-PostgreSQL, and a demonstration of the software.

CDS Framework

Brian Williams, Tresys, USA

The CDS Framework IDE is an Eclipse plugin that provides engineers with the ability to design and implement cross domain solutions on a SELinux system without knowledge of the complex details of the underlying SELinux policies. The CDS Framework provides two main benefits to cross domain solution developers on SELinux systems, a high-level language for specifying architectures focused on the information-flow goals of the particular cross domain solution and an integrated development environment. This graphical IDE allows users to both design and implement their guard's information flow architecture in one step. Over the past year we have implemented a graphical policy editor as well as language enhancements such as conditional policy and abilities.

A Lot Can Happen in a Year: CIPSO, NetLabel, and Linux

Paul Moore, HP, USA

Last year a proposal to add interoperable labeled networking to Linux using the Commercial IP Security Option (CIPSO) protocol was proposed. A lot has happened since that original presentation, including the acceptance of NetLabel, a working CIPSO implementation, into the 2.6.19 Linux kernel. This "Work in Progress" presentation will give a brief overview of NetLabel in the current Linux kernel as well as a road map of planned improvements.

Trusted Cups

Matt Anderson, HP, USA

The LSPP requirements and how they fit into the CUPS architecture, the changes made to meet the requirements, and what the configuration of CUPS looks like in the evaluated configuration.

The current limitations brought on by needing to meet the evaluation time line. Print to file and per queue banner-less printing are currently not available, but will hopefully be added to the upstreamed version.

Plans and time lines for sending the current distribution specific patch to the upstream maintainers to be included in the upstream tree.

Implementation of SELinux for Embedded Linux Environments

Hadi Nahari, Montavista, USA

With the ever-increasing presence of Linux implementations in embedded devices (mobile handsets, set-top boxes, headless computing devices, medical equipments, etc.) there is a strong demand for security enhancements and hardening of the operating environment. Currently an estimated 70 percent of new semiconductor devices are Linux enabled; such high growth is accompanied by inevitable security risks, hence the requirement for a MAC (Mandatory Access Control) mechanism for such devices that can provide appropriate level of protection. Due to stringent security requirements for resource-constrained and embedded devices, implementing a MAC infrastructure to balance performance and control is particularly challenging. The proposed Work-in-Progress session presents MontaVista Software Security Team's current efforts in analyzing the feasibility and implementing SELinux for an embedded environment. The focus will be on practical issues surrounding SELinux implementation in a resource-constrained device. The current status of project on issues such as user and kernel space requirements, memory footprint, performance implications, policy management, Filesystem requirements, supported toolchain, and power management objectives will be discussed.

SELinux activities for embedded area, in Japan

KaiGai Kohei, NEC, Japan

Today we have various kinds of embedded systems such as internet connected cellular phones. The complexity of software in embedded systems is growing and often causes security issues. This presentation introduces three SELinux activities for embedded systems in Japan.

The first one is xattr support on jffs2 filesystem. Jffs2 is a filesystem which works on MTD devices, and is widely used for diskless products like mobile-phones, handheld computers and so on. It has already merged into Linux kernel since 2.6.18, and can help apply secure operating-system on embedded systems.

The second one is sebusybox (SELinux'ed busybox) project. It provides various SELinux related commands and extensions such as chcon, runcon and '-Z' option support. Some of Japan SELinux User Group members are getting involved in this project.

The last one is SEEdit for embedded. SEEdit is a policy configuration tool which works with simplified policy, originated by Yuichi Nakamura. It's being improved for cross environment and reduction of policy size.

CLIP - a Certifiable Linux Integration Platform

Art Wilson, Tresys, USA

The CLIP is an open source project that provides a Linux installation to support developers in meeting security requirements. The initial requirements target is the Director of Central Intelligence Directive 6/3 "Protecting Sensitive Compartmented Information within Information Systems" (DCID 6/3) Protection Level 4 (PL4). The initial version of the CLIP toolkit augments a standard RHEL 4 installation with a Reference Policy-based SELinux configuration and additional tools to provide the confidentiality, integrity, availability, and accountability needed to support secure application deployment. Developers benefit from having the operating system security relevant configuration provided in a standard package.

Connecting SCADA and corporate IT networks using SELinux

Ryan Bradetich, University of Idaho, USA

Supervisory Control And Data Acquisition (SCADA) networks have traditionally been isolated from corporate Information Technology (IT) networks. Hence, the security of SCADA networks has depended heavily upon limited access points and the use of point-to-point SCADA specific protocols. With the introduction of Ethernet into substations, pressure to reduce expenses, and to provide Internet services to customers, many utilities have been connecting their SCADA networks and corporate IT networks despite the additional security risks. Current security literature for SCADA networks is advocating traditional IT security safeguards such as strong passwords, encrypted communications, and firewalls, but there is no assurance that these mechanisms will provide adequate security to critical real-time control networks.

Enhancing the Security of Enterprise Products with SELinux

Spencer Shimko, Tresys, USA

SELinux has a proven history in government use but can also be used to enhance the security of enterprise level products spread across multiple systems in an n-tiered network architecture. This network-wide SELinux protection has been achieved in a way that is both intuitive to the enterprise product administrator and has no impact on the functionality of the products. In this WiP we discuss the results of enhancing the security of IBM WebSphere and IBM DB2 through the use of SELinux.

©Copyright 2005-2006 SELinux Symposium, LLC
Privacy Statement