Hardening Two June 13, 2016 Francesco Pira (fpira.com)

An Introduction to MAC, RBAC and LSMThe theory behind hardening tools

Hardening Two June 13, 2016 Francesco Pira (fpira.com)

Before we start…

• each system has its own security requirements

• each system has different overriding security requirements

• sometimes you need to combine multiple solutions

• showed approaches are build into the system

Hardening Two June 13, 2016 Francesco Pira (fpira.com)

Information

Main security requirements

Confidentiality

Availability

Integrity

Hardening Two June 13, 2016 Francesco Pira (fpira.com)

Keywords

• roles

• subjects

• objects

• policy

• policy defines behaviour of roles / subjects / objects

as higher abstraction of users

as abstraction of executables

as abstraction of system resources

as a set of rules (usually system-wide)

Hardening Two June 13, 2016 Francesco Pira (fpira.com)

Available options

• DAC, Discretionary Access Control

• MAC, Mandatory Access Control

• RBAC, Role-Based Access Control

* DAC and MAC are mutually exclusive. RBAC can coexist with others.

Hardening Two June 13, 2016 Francesco Pira (fpira.com)

Discretionary Access Control

• focuses on availability

• user in control

• user can forward privileges

• user can revoke permissions

• can’t be used in hardening tools!

Hardening Two June 13, 2016 Francesco Pira (fpira.com)

Mandatory Access Control

• focuses on confidentiality

• acts system-wide

• by design: 1 trusted admin, no roles

• controls access to objects

• subjects can’t change the policy

• neither users at lower level can do

Hardening Two June 13, 2016 Francesco Pira (fpira.com)

Role-Based Access Control

• focuses on integrity

• needs authentication

• each role access only data who is allowed to (default is deny)

• not mandatory by design

• can coexist with MAC if the hierarchy is a tree

• policy tied to roles, roles tied to users

• usually implemented via ACL

Hardening Two June 13, 2016 Francesco Pira (fpira.com)

Hooking the kernel: LSM

• a framework embedded in the Linux kernel

• designed not to degrade system performance

• hardening tools via modules

• system resources have hooks

• hooks -> pointers to module functions (low-level API, kind of)

• table of (dummy) functions called security_ops

• dummy functions replaced at boot time with (e.g.) SELinux ones

Hardening Two June 13, 2016 Francesco Pira (fpira.com)

Hooking the kernel: LSM

Resource request

Sys call

DAC check

LSM hook

complete request

LSM module engine SELinux*

kernel space

user space

* as an example

Hardening Two June 13, 2016 Francesco Pira (fpira.com)

LSM hooks

• hooks are divided into categories

• task hooks

• program loading hooks

• IPC hooks

• filesystem hooks

• network hooks

• and more…

Hardening Two June 13, 2016 Francesco Pira (fpira.com)

Questions?

Thank you!