Security enhanced linux

Published:

This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.

Abstract

Security Enhanced Linux or SELinux which is a part of the NSA open source Security Enhanced Linux project. This project deals with setting up of SELinux policies and protecting the system with policies for software creating their domain and securing the system against any fault in the software/0 Day Vulnerability or any attack against the system/Hacking Attempt.

Acknowledgements

I would like to thank my former supervisor Dr. Diane Gan and current supervisor Dr. Alan Soper for all of their support during the implementation of this project and taking time out of their busy schedules.

I would also like to thank Dr. Mariusz Pelc, for his support and immense help in setting-up my experiment are duly acknowledged.

I am very grateful to my parents for their support and all other help throughout this degree and my whole life.

List of Figures

Chapter 1: Introduction

    Security Enhanced Linux is an implementation of a mandatory access control mechanism. SELinux is incorporated in the Linux kernel and is used to check the operations allowed after the standard Linux discretionary access controls are checked. SELinux nowadays comes already installed with Redhat and Fedora Linux and there are separate packages available for some other Linux distribution like Ubuntu, Suse, etc.

    SELinux was originally developed by the NSA and was released for the public at the end of 2000 and open source community adopted it and it is still being developed by them and also by NSA as well.

    SELinux works with defining permissions for how all the processes or subjects will interact with the system including files, ports, devices, other processes, etc. called objects. This Project tells about the practical implementation and setting up of policies of SELinux in a Redhat Enterprise Linux 5 server. The other tested operating systems were Fedora 10, Fedora 11 and Fedora 9. The problem of 0-day vulnerability or system patching system made this module to be incorporated in the Linux Security Modules which is an extension of the Linux kernel which allows security systems to be added easily to the kernel. Redhat Enterprise Linux 5 (RHEL5) 30 day evaluation version will be used for this experiment which include setting up policies for containing FTP service (Subject) in its domain and won't let users even root to access even their home directories unless specified.

Aim & Objectives

Chapter 2: Literature Review

    Operating system security is primary security for every computing system because it the most crucial point of failure in an entire system. Securing a system is necessary but if the applications installed in the system have some weakness then security of the system would be of no use. SELinux acts like an internal firewall in a system.

SELinux is a security module incorporated in the LSM (Linux Security Module) in the kernel of Linux. It was first developed by the NSA and now has been adopted in the open source community and is going continuous development. It is an implementation of flexible and fine-grained mandatory access control architecture called Flux Advanced Security Kernel or FLASK added in the Linux Kernel.

Architecture Concepts

    The large part of the SELinux Architecture is called FLASK, which also was designed by NSA. Mandatory Access Control (MAC) is implemented by the Flask architecture, which mainly focuses on providing an administratively defined security policy which control all the subjects and objects after the decision has been taken by all the security relevant information. The Flask architecture additionally focuses on the model of least privilege which gives the services precisely the rights it needs to execute the given task. Integrating MAC is a very important step in building of a secure operating system. It would considerably improve security of a system and also enable protection from vulnerabilities that infect systems these days [1].

    MAC architecture's needs the capacity to implement an administratively-set security policy on all the objects and subjects in the system on the decisions based on labels containing various information regarding security.

References

  • P.A. Loscocco, P.A. Muckelbauer, S.D. Smalley, R.C. Taylor, J.F. Farrell and S.J. Turner. The Inevitability of Failure: The Flawed Assumption of Security in Modern Computing Environments. In minutes of the 21st National Information System Security Conference, pages 303-314, October 1998.

Writing Services

Essay Writing
Service

Find out how the very best essay writing service can help you accomplish more and achieve higher marks today.

Assignment Writing Service

From complicated assignments to tricky tasks, our experts can tackle virtually any question thrown at them.

Dissertation Writing Service

A dissertation (also known as a thesis or research project) is probably the most important piece of work for any student! From full dissertations to individual chapters, we’re on hand to support you.

Coursework Writing Service

Our expert qualified writers can help you get your coursework right first time, every time.

Dissertation Proposal Service

The first step to completing a dissertation is to create a proposal that talks about what you wish to do. Our experts can design suitable methodologies - perfect to help you get started with a dissertation.

Report Writing
Service

Reports for any audience. Perfectly structured, professionally written, and tailored to suit your exact requirements.

Essay Skeleton Answer Service

If you’re just looking for some help to get started on an essay, our outline service provides you with a perfect essay plan.

Marking & Proofreading Service

Not sure if your work is hitting the mark? Struggling to get feedback from your lecturer? Our premium marking service was created just for you - get the feedback you deserve now.

Exam Revision
Service

Exams can be one of the most stressful experiences you’ll ever have! Revision is key, and we’re here to help. With custom created revision notes and exam answers, you’ll never feel underprepared again.