Mandatory Access Control with AppArmor

Mandatory Access Control (MAC) is a policy-based security framework that augments conventional security systems by providing an additional layer of protection. Unlike normal permissions, which revolve around performing functions on a filesystem, MAC deals with applications rather than files and directories. MAC doesn't replace existing permissions but supplements them. Since Linux Kernel 2.6, all the MAC versions are implemented over the Linux Security Module (LSM) framework. This article will focus on AppArmor [1], which has been around since 1998 and has been supported by Canonical since 2009.

One advantage of a policy-based model is that a policy cannot be changed by the user, unlike normal permissions, which can be changed if you have sufficient rights. Another added benefit is that it is applicable to all users, even those with superuser privileges.

AppArmor: A Beginner's Delight

Policy-based systems have a higher learning curve, but even the most basic MAC will bolster the system security. Many policy-based systems are so complex that users don't delve deeply enough to implement them effectively. One benefit of AppArmor is that it is comprehensive, yet simple enough to deploy with minimal investment of time and training.

[...]

Use Express-Checkout link below to read the full article (PDF).

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy Linux Magazine

SINGLE ISSUES
 
SUBSCRIPTIONS
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • AppArmor

    After penetrating a remote system, intruders might think they are home and dry, but AppArmor spoils the fun, locking the miscreants in a virtual cage.

  • AppArmor

    When an attacker succeeds in infecting a victim’s system, the attacker inherits the victim’s privileges. App Armor beats the attack by reducing the potential victim’s privileges to a minimum.

  • AppArmor vs. SELinux

    Security Enhanced Linux or App Armor? Linux Magazine invited two well-known personalities from Red Hat and Novell to debate the merits of their security systems.

  • Novell Dismisses AppArmor Developer

    Two years after acquiring the company that developed AppArmor Novell has dismissed the developer behind the security technology.

  • Container Security

    A recent flurry of activity in the container space raises several interesting questions about security among a number of operational aspects in the enterprise environment.

comments powered by Disqus
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters

Support Our Work

Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.

Learn More

News