JM
Uploaded byJames Morris
PDF, PPTX459 views

Have You Driven an SELinux Lately? - An Update on the SELinux Project - OLS 2008

The document provides an overview of the SELinux project's history, from its academic origins in the 1980s to its recent developments in usability and infrastructure enhancements. It details features like loadable policy modules and tools for system administration, while highlighting SELinux's adoption in various sectors, including government and finance. The current focus includes expanding support across different distributions and improving documentation and community involvement.

Embed presentation

Download as PDF, PPTX
Have You Driven an SELinux Lately? An update on the Security Enhanced Linux Project James Morris Red Hat Asia Pacific Pte Ltd Ottawa Linux Symposium 2008
Project Timeline ● 1980s – 1990s – Academic R&D ● 2000 – 2003 – GPL release, upstream merge ● 2003 – 2005 – Distribution integration ● 2005 – present – Infrastructure and usability improvements
Infrastructure Work ● Loadable Policy Modules ● Reference Policy ● Policy Booleans ● Libraries ● Toolchain
User Experience ● Targeted Policy – Initially confined only critical applications – Now re-merged with hundreds of modules ● Targeted behavior selected via the unconfined module ● Setroubleshoot – Inspired by GNOME bug buddy
setroubleshoot
System Administration ● audit2why ● semanage ● restorecond ● system-config-selinux
system-config-selinux
Policy Development ● Command line tools for quick fixes ● SLIDE ● SEEdit
SLIDE
Core Enhancements ● Performance and scalability improvements ● Integrated with kernel memory protection ● Netfilter-based network controls ● Labeled Networking ● Better MLS
Security Evaluation ● RHEL5 Common Criteria certifications – LSPP, RBACPP, CAPP at EAL4+ – IBM, HP and SGI hardware – Community effort – Led to improved audit and other features ● Other Accreditation – US Coast Guard Intelligence case study
Threat Mitigation “A security framework originally published by the US National Security Agency has begun to rack up an impressive list of protections against security holes.” – LinuxWorld, Feb 2008 ● SELinux has mitigated several serious security threats to everyday users of Fedora & RHEL. ● Tracked @ Tresys Mitigation News
SELinux Adoption ● Widely adopted in Fedora – Smolt statistics show majority have SELinux enabled. ● RHEL adoption by military, govt, finance: – Factor in NYSE/Euronext adoption, handling over $140 Billion/day in trades. ● Embedded / consumer electronics: – Reduce risks and costs of vulnerabilities – Simpler systems can have tighter policy
Kiosk Mode (xguest) ● Anonymous desktop sessions ● Innovative application of several security technologies ● Useful for conferences, training, trade shows, libraries, child-proofing...
Current Work ● Wider distribution support: – Ubuntu, Debian, Gentoo ● Beyond kernel: – Virtualization (XSM) – Desktop (XACE) – Storage (LNFS) – Applications (Database etc.) ● Beyond Linux: – OpenSolaris FMAC
Challenges ● Improved usability, as always! ● Documentation ● Keep community growing
How to Participate ● Install SELinux enabled distribution ● Join mailing lists ● IRC ● Ask questions, report bugs!
by marco_ely @flickr

More Related Content

PDF
Linux Kernel Security Overview - KCA 2009
byJames Morris
 
PDF
How Many Linux Security Layers Are Enough?
byMichael Boelen
 
PDF
Directions in SELinux Networking
byJames Morris
 
PDF
Linux Kernel Security: Adapting 1960s Technology to Meet 21st Century Threats
byJames Morris
 
PDF
Adding Extended Attribute Support to NFS
byJames Morris
 
PDF
Kernel Recipes 2013 - Linux Security Modules: different formal concepts
byAnne Nicolas
 
PDF
Mandatory Access Control Networking Update - Netonf 2006 Tokyo
byJames Morris
 
PDF
Secure and Simple Sandboxing in SELinux
byJames Morris
 
Linux Kernel Security Overview - KCA 2009
byJames Morris
 
How Many Linux Security Layers Are Enough?
byMichael Boelen
 
Directions in SELinux Networking
byJames Morris
 
Linux Kernel Security: Adapting 1960s Technology to Meet 21st Century Threats
byJames Morris
 
Adding Extended Attribute Support to NFS
byJames Morris
 
Kernel Recipes 2013 - Linux Security Modules: different formal concepts
byAnne Nicolas
 
Mandatory Access Control Networking Update - Netonf 2006 Tokyo
byJames Morris
 
Secure and Simple Sandboxing in SELinux
byJames Morris
 

What's hot

PDF
2009-08-11 IBM Teach the Teachers (IBM T3), Linux Security Overview
byShawn Wells
 
ODP
SELinux Basic Usage
byDmytro Minochkin
 
PDF
Linux Security Scanning with Lynis
byMichael Boelen
 
PPT
Threats, Vulnerabilities & Security measures in Linux
byAmitesh Bharti
 
PPT
Linux Operating System Vulnerabilities
byInformation Technology
 
ODP
Linux Network Security
byAmr Ali
 
PPT
Introduction To SELinux
byRene Cunningham
 
ODP
Introduction To Linux Security
byMichael Boman
 
PPTX
Linux Security Overview
byKernel TLV
 
PPTX
Linux security
bytrilokchandra prakash
 
PPT
Security and Linux Security
byRizky Ariestiyansyah
 
PPT
Unix Security
byreplay21
 
PDF
SELinux basics
byLubomir Rintel
 
PPTX
File System Implementation & Linux Security
byGeo Marian
 
PDF
Futex Scaling for Multi-core Systems
byDavidlohr Bueso
 
PPT
Basic Linux Security
bypankaj009
 
PPT
Linux Security
bynayakslideshare
 
PDF
Linux Security, from Concept to Tooling
byMichael Boelen
 
ODP
Security, Hack1ng and Hardening on Linux - an Overview
byKaiwan Billimoria
 
PDF
XPDS16: XSM-Flask, current limitations and Ongoing work. - Anshul Makkar, Ct...
byThe Linux Foundation
 
2009-08-11 IBM Teach the Teachers (IBM T3), Linux Security Overview
byShawn Wells
 
SELinux Basic Usage
byDmytro Minochkin
 
Linux Security Scanning with Lynis
byMichael Boelen
 
Threats, Vulnerabilities & Security measures in Linux
byAmitesh Bharti
 
Linux Operating System Vulnerabilities
byInformation Technology
 
Linux Network Security
byAmr Ali
 
Introduction To SELinux
byRene Cunningham
 
Introduction To Linux Security
byMichael Boman
 
Linux Security Overview
byKernel TLV
 
Linux security
bytrilokchandra prakash
 
Security and Linux Security
byRizky Ariestiyansyah
 
Unix Security
byreplay21
 
SELinux basics
byLubomir Rintel
 
File System Implementation & Linux Security
byGeo Marian
 
Futex Scaling for Multi-core Systems
byDavidlohr Bueso
 
Basic Linux Security
bypankaj009
 
Linux Security
bynayakslideshare
 
Linux Security, from Concept to Tooling
byMichael Boelen
 
Security, Hack1ng and Hardening on Linux - an Overview
byKaiwan Billimoria
 
XPDS16: XSM-Flask, current limitations and Ongoing work. - Anshul Makkar, Ct...
byThe Linux Foundation
 

Similar to Have You Driven an SELinux Lately? - An Update on the SELinux Project - OLS 2008

PDF
SELinux Project Overview - Linux Foundation Japan Symposium 2008
byJames Morris
 
PDF
2008-10-15 Red Hat Deep Dive Sessions: SELinux
byShawn Wells
 
ODP
SELinux for Everyday Users
byPaulWay
 
PDF
2008-01-22 Red Hat (Security) Roadmap Presentation
byShawn Wells
 
PDF
2008 08-12 SELinux: A Key Component in Secure Infrastructures
byShawn Wells
 
PPTX
SELinux_@gnu_group_meetup
byJayant Chutke
 
PPTX
selinuxbasicusage.pptx
byPandiya Rajan
 
PPTX
Selinux
byMohitgupta8560
 
PDF
Selinux
byAnkit Raj
 
PDF
Linux Server Security and Hardering
byvidalinux
 
PPTX
Security Enhanced Linux Overview
byEmre Can Kucukoglu
 
PDF
The SElinux Notebook :the foundations - Vol 1
byEliel Prado
 
PDF
SELinux workshop
byjohseg
 
PPTX
SE Linux
byprimeteacher32
 
PDF
The State of Security Enhanced Linux - FOSS.IN/2007
byJames Morris
 
PDF
2011 NASA Open Source Summit - Brian Stevens
byNASA Open Government Initiative
 
PDF
Overview of NSA Security Enhanced Linux - FOSS.IN/2005
byJames Morris
 
PDF
2008-09-09 IBM Interaction Conference, Red Hat Update for System z
byShawn Wells
 
PDF
SELinux Johannesburg Linux User Group (JoziJUg)
byJumping Bean
 
PDF
Se linux course1
byOWASP (Open Web Application Security Project)
 
SELinux Project Overview - Linux Foundation Japan Symposium 2008
byJames Morris
 
2008-10-15 Red Hat Deep Dive Sessions: SELinux
byShawn Wells
 
SELinux for Everyday Users
byPaulWay
 
2008-01-22 Red Hat (Security) Roadmap Presentation
byShawn Wells
 
2008 08-12 SELinux: A Key Component in Secure Infrastructures
byShawn Wells
 
SELinux_@gnu_group_meetup
byJayant Chutke
 
selinuxbasicusage.pptx
byPandiya Rajan
 
Selinux
byMohitgupta8560
 
Selinux
byAnkit Raj
 
Linux Server Security and Hardering
byvidalinux
 
Security Enhanced Linux Overview
byEmre Can Kucukoglu
 
The SElinux Notebook :the foundations - Vol 1
byEliel Prado
 
SELinux workshop
byjohseg
 
SE Linux
byprimeteacher32
 
The State of Security Enhanced Linux - FOSS.IN/2007
byJames Morris
 
2011 NASA Open Source Summit - Brian Stevens
byNASA Open Government Initiative
 
Overview of NSA Security Enhanced Linux - FOSS.IN/2005
byJames Morris
 
2008-09-09 IBM Interaction Conference, Red Hat Update for System z
byShawn Wells
 
SELinux Johannesburg Linux User Group (JoziJUg)
byJumping Bean
 
Se linux course1
byOWASP (Open Web Application Security Project)
 

More from James Morris

PDF
SELinux Kernel Internals and Architecture - FOSS.IN/2005
byJames Morris
 
PDF
Kernel Security for 2.8 - Kernel Summit 2004
byJames Morris
 
PDF
Anatomy of Fedora Kiosk Mode (FOSS.MY/2008)
byJames Morris
 
PDF
Cryptographic Hardware Support for the Linux Kernel - Netconf 2004
byJames Morris
 
PDF
How and Why You Should Become a Kernel Hacker - FOSS.IN/2007
byJames Morris
 
PDF
sVirt: Hardening Linux Virtualization with Mandatory Access Control
byJames Morris
 
PDF
OLPC Networking Overview
byJames Morris
 
PDF
Better IPSec Security Association Resolution - Netconf 2006 Tokyo
byJames Morris
 
SELinux Kernel Internals and Architecture - FOSS.IN/2005
byJames Morris
 
Kernel Security for 2.8 - Kernel Summit 2004
byJames Morris
 
Anatomy of Fedora Kiosk Mode (FOSS.MY/2008)
byJames Morris
 
Cryptographic Hardware Support for the Linux Kernel - Netconf 2004
byJames Morris
 
How and Why You Should Become a Kernel Hacker - FOSS.IN/2007
byJames Morris
 
sVirt: Hardening Linux Virtualization with Mandatory Access Control
byJames Morris
 
OLPC Networking Overview
byJames Morris
 
Better IPSec Security Association Resolution - Netconf 2006 Tokyo
byJames Morris
 

Recently uploaded

PPTX
Enhancing Web Security: Key Concepts & Strategies.pptx
byParham Abolghasemi
 
PPSX
AppSec Role Based Training OWASP Global AppSec USA 2025-11-06
byRobert Grupe, CSSLP CISSP PE PMP
 
PPTX
Expanding Your Toolbox: Beginners Guide to Controlling Kubernetes Logs
byEric D. Schabell
 
PPTX
Governance, Deployment & Methodologies for Agentic Automation [2/3]
bysuhanisingh58689
 
PDF
Database Performance at Scale: The TL;DR
byScyllaDB
 
PPTX
Odoo_by_Infinys_All_in_One_Business_Solution_for_Small_Companies.pptx
byAgusto Sipahutar
 
PDF
From Pixels to Insights: Getting Started with Imagery in FME
bySafe Software
 
PDF
MathML Core in WebKit
byIgalia
 
PDF
Open Source SecurityCon 2025 in Atlanta - Transparency Exchange API: Where To...
byPavel Shukhman
 
PDF
Analyze and Store Logs - RHCSA (RH124).pdf
byLinuxCert Guru
 
PDF
Manage Files Using CLI - RHCSA (RH124).pdf
byLinuxCert Guru
 
PDF
#MakeAIMatter for HR Professionals | AI Transformation Workshop by Tekdi Tech...
byParth Lawate
 
PDF
Inclusive India_Samir_Dash_10 NOV_FINAL 2025.pdf
bySamir Dash
 
PDF
Getting started with Agent Framework.pdf
byNilesh Gule
 
PDF
Configure and Secure SSH - RHCSA (RH124).pdf
byLinuxCert Guru
 
PDF
Wrapping up unowned UTF8 C strings: CStringView
byIgalia
 
PDF
Career Blueprint: Mentor Tracks & Career Clinic - Part 2
byDianaGray10
 
PDF
Create, View and Edit Text Files - RHCSA (RH124).pdf
byLinuxCert Guru
 
PDF
Private Governance: How Decentralized Mechanisms Can Regulate the Crypto Economy
byFederico Ast
 
PPTX
Bulwark Pokemon League Top 8 graphic archive
byGc Howard
 
Enhancing Web Security: Key Concepts & Strategies.pptx
byParham Abolghasemi
 
AppSec Role Based Training OWASP Global AppSec USA 2025-11-06
byRobert Grupe, CSSLP CISSP PE PMP
 
Expanding Your Toolbox: Beginners Guide to Controlling Kubernetes Logs
byEric D. Schabell
 
Governance, Deployment & Methodologies for Agentic Automation [2/3]
bysuhanisingh58689
 
Database Performance at Scale: The TL;DR
byScyllaDB
 
Odoo_by_Infinys_All_in_One_Business_Solution_for_Small_Companies.pptx
byAgusto Sipahutar
 
From Pixels to Insights: Getting Started with Imagery in FME
bySafe Software
 
MathML Core in WebKit
byIgalia
 
Open Source SecurityCon 2025 in Atlanta - Transparency Exchange API: Where To...
byPavel Shukhman
 
Analyze and Store Logs - RHCSA (RH124).pdf
byLinuxCert Guru
 
Manage Files Using CLI - RHCSA (RH124).pdf
byLinuxCert Guru
 
#MakeAIMatter for HR Professionals | AI Transformation Workshop by Tekdi Tech...
byParth Lawate
 
Inclusive India_Samir_Dash_10 NOV_FINAL 2025.pdf
bySamir Dash
 
Getting started with Agent Framework.pdf
byNilesh Gule
 
Configure and Secure SSH - RHCSA (RH124).pdf
byLinuxCert Guru
 
Wrapping up unowned UTF8 C strings: CStringView
byIgalia
 
Career Blueprint: Mentor Tracks & Career Clinic - Part 2
byDianaGray10
 
Create, View and Edit Text Files - RHCSA (RH124).pdf
byLinuxCert Guru
 
Private Governance: How Decentralized Mechanisms Can Regulate the Crypto Economy
byFederico Ast
 
Bulwark Pokemon League Top 8 graphic archive
byGc Howard
 

Have You Driven an SELinux Lately? - An Update on the SELinux Project - OLS 2008

  • 1.
    Have You Drivenan SELinux Lately? An update on the Security Enhanced Linux Project James Morris Red Hat Asia Pacific Pte Ltd Ottawa Linux Symposium 2008
  • 2.
    Project Timeline ● 1980s – 1990s – Academic R&D ● 2000 – 2003 – GPL release, upstream merge ● 2003 – 2005 – Distribution integration ● 2005 – present – Infrastructure and usability improvements
  • 3.
    Infrastructure Work ● Loadable Policy Modules ● Reference Policy ● Policy Booleans ● Libraries ● Toolchain
  • 4.
    User Experience ● Targeted Policy – Initially confined only critical applications – Now re-merged with hundreds of modules ● Targeted behavior selected via the unconfined module ● Setroubleshoot – Inspired by GNOME bug buddy
  • 5.
  • 6.
    System Administration ● audit2why ● semanage ● restorecond ● system-config-selinux
  • 7.
  • 8.
    Policy Development ● Command line tools for quick fixes ● SLIDE ● SEEdit
  • 9.
  • 10.
    Core Enhancements ● Performance and scalability improvements ● Integrated with kernel memory protection ● Netfilter-based network controls ● Labeled Networking ● Better MLS
  • 11.
    Security Evaluation ● RHEL5 Common Criteria certifications – LSPP, RBACPP, CAPP at EAL4+ – IBM, HP and SGI hardware – Community effort – Led to improved audit and other features ● Other Accreditation – US Coast Guard Intelligence case study
  • 12.
    Threat Mitigation “A securityframework originally published by the US National Security Agency has begun to rack up an impressive list of protections against security holes.” – LinuxWorld, Feb 2008 ● SELinux has mitigated several serious security threats to everyday users of Fedora & RHEL. ● Tracked @ Tresys Mitigation News
  • 13.
    SELinux Adoption ● Widely adopted in Fedora – Smolt statistics show majority have SELinux enabled. ● RHEL adoption by military, govt, finance: – Factor in NYSE/Euronext adoption, handling over $140 Billion/day in trades. ● Embedded / consumer electronics: – Reduce risks and costs of vulnerabilities – Simpler systems can have tighter policy
  • 14.
    Kiosk Mode (xguest) ● Anonymous desktop sessions ● Innovative application of several security technologies ● Useful for conferences, training, trade shows, libraries, child-proofing...
  • 15.
    Current Work ● Wider distribution support: – Ubuntu, Debian, Gentoo ● Beyond kernel: – Virtualization (XSM) – Desktop (XACE) – Storage (LNFS) – Applications (Database etc.) ● Beyond Linux: – OpenSolaris FMAC
  • 16.
    Challenges ● Improved usability, as always! ● Documentation ● Keep community growing
  • 17.
    How to Participate ● Install SELinux enabled distribution ● Join mailing lists ● IRC ● Ask questions, report bugs!
  • 18.