| Security-enhanced Linux |
Website Links For Linux |
Information AboutSecurity-enhanced Linux |
| CATEGORIES ABOUT SECURITY-ENHANCED LINUX | |
| operating system security | |
| linux security software | |
| national security agency | |
|
__TOC__ Primarily developed by the US National Security Agency , it was released to the Open Source development community on December 22 , 2000 . Other significant contributors include Network Associates , Secure Computing Corporation , and Tresys . Experimental ports of the FLASK /TE implementation have been made available via the TrustedBSD Project for the FreeBSD and Darwin operating systems. :From NSA Security-enhanced Linux Team : :"NSA Security-enhanced Linux is a set of Patches to the Linux Kernel and some utilities to incorporate a strong, flexible Mandatory Access Control (MAC) architecture into the major subsystems of the kernel. It provides a mechanism to enforce the separation of information based on confidentiality and integrity requirements, which allows threats of tampering and bypassing of application security mechanisms to be addressed and enables the confinement of damage that can be caused by malicious or flawed applications. It includes a set of sample security policy configuration files designed to meet common, general-purpose security goals." Security-enhanced Linux is a FLASK implementation integrated in some versions of the Linux kernel with a number of utilities designed to demonstrate the value of mandatory access controls to the Linux community and how such controls could be added to Linux. Such a kernel contains architectural components prototyped in the Fluke operating system. These provide general support for enforcing many kinds of mandatory access control policies, including those based on the concepts of Type Enforcement , Role-based Access Control , and Multi-level Security . Observers of operating system security research may recall DTOS, a Mach-derived ''Distributed Trusted Operating System'', on which Flask was based, as well as Trusted Mach, a research project from Trusted Information Systems that was influential in the design and implementation of DTOS. Those interested in Type Enforcement may also be interested in Domain and Type Enforcement. A Linux kernel integrating SELinux enforces Mandatory Access Control policies that confine user programs and system servers to the minimum amount of privilege they require to do their jobs. This reduces or eliminates the ability of these programs and daemons to cause harm when compromised (via buffer overflows or misconfigurations, for example). This confinement mechanism operates independently of the traditional Linux access control mechanisms. It has no concept of a "root" super-user, and does not share the well-known shortcomings of the traditional Linux security mechanisms (such as a dependence on setuid/setgid binaries). The security of an unmodified Linux system depends on the correctness of the kernel, all the privileged applications, and each of their configurations. A problem in any one of these areas may allow the compromise of the entire system. In contrast, the security of a modified system based on the security-enhanced Linux kernel depends primarily on the correctness of the kernel and its security policy configuration. While problems with the correctness or configuration of applications may allow the limited compromise of individual user programs and system daemons, they do not pose a threat to the security of other user programs and system daemons or to the security of the system as a whole. SELinux merged with the 2.6 series Linux Kernel. FEATURES
IMPLEMENTATIONS SE Linux is available with commercial support as part of Red Hat Enterprise Linux version 4. The supported policy in RHEL4 is the targeted policy which aims for maximum ease of use and thus isn't as restrictive as it might be. Future versions of RHEL will have more restrictive policies. In community supported Linux distributions it has been available in {Link without Title} , and others. CRITICISM Some administrators, developers, and security experts have criticized SELinux as too complex to set up and administer. Critics say that due to its complexity, even experienced users are likely to configure SELinux in an unsafe manner or disable it altogether, leaving the system vulnerable to attacks. Supporters of SELinux say that it simply reflects, and provides greater control over, the complexity of the underlying operating system. {Link without Title} In particular, SELinux has been criticized as departing from traditional Unix design concepts, because its permissions are based on labels rather than file paths. In February 2006, Novell announced that would be replacing SELinux with AppArmor in its SUSE distribution. Describing SELinux as "difficult to deploy without a significant investment in time, expertise and resources", Novell states that AppArmor is "much easier to use", in part because its permissions are based on file names. {Link without Title} SEE ALSO
QUOTES
EXTERNAL LINKS
|
|
|