Abstract:The SELinux mandatory access control (MAC) policy has recently added a multilevel security (MLS) model which is able to express a fine granularity of control over a subject's access rights. The problem is that the richness of the SELinux MLS model makes it impractical to manually evaluate that a given policy meets certain specific properties. To address this issue, we have modeled the SELinux MLS model, using a logical specification and implemented that specification in the Prolog language. Furthermore, we hav… Show more
“…• SE Linux has had MLS support since version 2.6.12 [12], [14] and has an active effort to achieve EAL 4+ certification 4 . However, unlike the three commercial products above, SE Linux does not employ a MILSbased (described below) approach to providing MLS capabilities.…”
Section: B Host (Computation) Platform Concernsmentioning
As newer software engineering technologies, such as Service-Oriented Architecture (SOA), become the basis for mission-critical systems, they must include security as a foundational capability. This paper highlights security concepts relevant to using SOA as a foundation for a Common Operating Environment (COE), i.e., a set of infrastructure and common services for developing and executing applications across multiple platforms. We present and motivate security needs, tradeoffs, and solutions in the various layers of a SOA-based COE, including 1) the network, 2) computational platforms, and 3) the common software infrastructure consisting of a SOA stack, common services, and applications. We also discuss cross cutting aspects of security such as survivability, transparency, flexibility, specificity, reuse, and assurance. We then explore security standards and requirements for missioncritical systems developed on top of a SOA-based COE and security technologies that are candidates for satisfying the requirements. The paper closes with a set of recommendations and steps forward for both research into and implementation of security in a SOA-based COE.
“…• SE Linux has had MLS support since version 2.6.12 [12], [14] and has an active effort to achieve EAL 4+ certification 4 . However, unlike the three commercial products above, SE Linux does not employ a MILSbased (described below) approach to providing MLS capabilities.…”
Section: B Host (Computation) Platform Concernsmentioning
As newer software engineering technologies, such as Service-Oriented Architecture (SOA), become the basis for mission-critical systems, they must include security as a foundational capability. This paper highlights security concepts relevant to using SOA as a foundation for a Common Operating Environment (COE), i.e., a set of infrastructure and common services for developing and executing applications across multiple platforms. We present and motivate security needs, tradeoffs, and solutions in the various layers of a SOA-based COE, including 1) the network, 2) computational platforms, and 3) the common software infrastructure consisting of a SOA stack, common services, and applications. We also discuss cross cutting aspects of security such as survivability, transparency, flexibility, specificity, reuse, and assurance. We then explore security standards and requirements for missioncritical systems developed on top of a SOA-based COE and security technologies that are candidates for satisfying the requirements. The paper closes with a set of recommendations and steps forward for both research into and implementation of security in a SOA-based COE.
“…is not the unique motivation for the support of MLS in SELinux [1]. Indeed, from a mixed military and industrial point of view, using a classical and well known SELinux system natively supporting MLS should be very valuable if applications could be used 'as it' instead of porting applications coming from 'legacy' EAL evaluated MLS systems [4] [6].…”
Multi-Level Security (MLS) has been widely used in orderto implement confidentiality policies inside organizations, especially into military ones. More recently, some works have been done about the use of MLS inside Security Enhanced Linux (SELinux) operating systems. The main motivation is to have MLS open source system without rewriting applications to work under such OS. Although the MLS mechanisms have been implemented at the operating system level, that doesn't imply that the system is usable, from an end-user point-of-view. In this paper, we survey the state of the art and technology about the support of MLS under SELinux operating systems. Keeping in mind the main objectives of MLS (i.e., preventing information flows between users), we will deeply experiment OS level mechanisms for MLS control and applications compatibility with such controls. We will discuss remaining issues and future directions to explore.
“…Unfortunately, few researchers are interested in simplifying policy descriptions for the secure OS, while a lot of work has been proposed to help analyze policy configuration [3,7,12,13,18,23,25].…”
Secure operating systems (secure OSes) are widely used to limit the damage caused by unauthorized access to Internet servers. However, writing a security policy based on the principle of least privilege for a secure OS is a challenge for an administrator. Considering that remote attackers can never attack a server before they establish connections to it, we propose a novel scheme that exploits phases to simplify security policy descriptions for Internet servers. In our scheme, the entire system has two execution phases: an initialization phase and a protocol processing phase. The initialization phase is defined as the phase before the server establishes connections to its clients, and the protocol processing phase is defined as the phase after it establishes connections. The key observation is that access control should be enforced by the secure OS only in the protocol processing phase to defend against remote attacks. Thus, we can omit the access-control policy in the initialization phase, which effectively reduces the number of policy rules. Our experimental results demonstrate that our scheme effectively reduces the number of descriptions; it eliminates 47.2%, 27.5%, and 24.0% of policy rules for HTTP, SMTP, and POP servers respectively, compared with an existing SELinux policy that includes the initialization of the server.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.