Mandatory Access Control with SELinux

SECURITY HARDENED

Author(s):

SELinux provides a comprehensive Mandatory Access Control system for Linux, if you are ready for all the details.

SELinux is a security-enhanced adaptation of the Linux kernel developed under the auspices of the US National Security Agency (NSA). According to the NSA, SELinux works by enforcing “access control policies that confine user programs and system servers to the minimum amount of privilege they need to do their job.” The security of an ordinary Linux system is based on a concept known as Discretionary Access Control (DAC). In a DAC system, a user is granted access to a resource (such as a file or directory) based on the user’s credentials, and users have the discretion to modify permissions for any resources they happen to control. This design gives attackers a means for gaining entry to a system. If root launches the Adobe Reader to access a PDF from an untrusted source, an attacker could exploit a vulnerability to start a root shell, even though root shells have nothing to do with what Adobe Reader is supposed to be doing.

Read full article as PDF:

Access_Control_with_SELinux.pdf (299.50 kB)

Related content

comments powered by Disqus

Direct Download

Read full article as PDF:

Access_Control_with_SELinux.pdf (299.50 kB)

News

njobs Europe
What:
Where:
Country:
Njobs Netherlands Njobs Deutschland Njobs United Kingdom Njobs Italia Njobs France Njobs Espana Njobs Poland
Njobs Austria Njobs Denmark Njobs Belgium Njobs Czech Republic Njobs Mexico Njobs India Njobs Colombia