an introduction to mac rbac and lsm

12
Hardening Two June 13, 2016 Francesco Pira (fpira.com) An Introduction to MAC, RBAC and LSM The theory behind hardening tools

Upload: francesco-pira

Post on 15-Jan-2017

163 views

Category:

Software


0 download

TRANSCRIPT

Page 1: An introduction to MAC RBAC and LSM

Hardening Two June 13, 2016 Francesco Pira (fpira.com)

An Introduction to MAC, RBAC and LSMThe theory behind hardening tools

Page 2: An introduction to MAC RBAC and LSM

Hardening Two June 13, 2016 Francesco Pira (fpira.com)

Before we start…

• each system has its own security requirements

• each system has different overriding security requirements

• sometimes you need to combine multiple solutions

• showed approaches are build into the system

Page 3: An introduction to MAC RBAC and LSM

Hardening Two June 13, 2016 Francesco Pira (fpira.com)

Information

Main security requirements

Confidentiality

Availability

Integrity

Page 4: An introduction to MAC RBAC and LSM

Hardening Two June 13, 2016 Francesco Pira (fpira.com)

Keywords

• roles

• subjects

• objects

• policy

• policy defines behaviour of roles / subjects / objects

as higher abstraction of users

as abstraction of executables

as abstraction of system resources

as a set of rules (usually system-wide)

Page 5: An introduction to MAC RBAC and LSM

Hardening Two June 13, 2016 Francesco Pira (fpira.com)

Available options

• DAC, Discretionary Access Control

• MAC, Mandatory Access Control

• RBAC, Role-Based Access Control

* DAC and MAC are mutually exclusive. RBAC can coexist with others.

Page 6: An introduction to MAC RBAC and LSM

Hardening Two June 13, 2016 Francesco Pira (fpira.com)

Discretionary Access Control

• focuses on availability

• user in control

• user can forward privileges

• user can revoke permissions

• can’t be used in hardening tools!

Page 7: An introduction to MAC RBAC and LSM

Hardening Two June 13, 2016 Francesco Pira (fpira.com)

Mandatory Access Control

• focuses on confidentiality

• acts system-wide

• by design: 1 trusted admin, no roles

• controls access to objects

• subjects can’t change the policy

• neither users at lower level can do

Page 8: An introduction to MAC RBAC and LSM

Hardening Two June 13, 2016 Francesco Pira (fpira.com)

Role-Based Access Control

• focuses on integrity

• needs authentication

• each role access only data who is allowed to (default is deny)

• not mandatory by design

• can coexist with MAC if the hierarchy is a tree

• policy tied to roles, roles tied to users

• usually implemented via ACL

Page 9: An introduction to MAC RBAC and LSM

Hardening Two June 13, 2016 Francesco Pira (fpira.com)

Hooking the kernel: LSM

• a framework embedded in the Linux kernel

• designed not to degrade system performance

• hardening tools via modules

• system resources have hooks

• hooks -> pointers to module functions (low-level API, kind of)

• table of (dummy) functions called security_ops

• dummy functions replaced at boot time with (e.g.) SELinux ones

Page 10: An introduction to MAC RBAC and LSM

Hardening Two June 13, 2016 Francesco Pira (fpira.com)

Hooking the kernel: LSM

Resource request

Sys call

DAC check

LSM hook

complete request

LSM module engine SELinux*

kernel space

user space

* as an example

Page 11: An introduction to MAC RBAC and LSM

Hardening Two June 13, 2016 Francesco Pira (fpira.com)

LSM hooks

• hooks are divided into categories

• task hooks

• program loading hooks

• IPC hooks

• filesystem hooks

• network hooks

• and more…

Page 12: An introduction to MAC RBAC and LSM

Hardening Two June 13, 2016 Francesco Pira (fpira.com)

Questions?

Thank you!