An Introduction to MAC, RBAC and LSM to better understanding the theory behind hardening tools such SELinux, GrSecurity and more.

1. Hardening Two June 13, 2016 Francesco Pira (fpira.com)
An Introduction to MAC, RBAC and LSM
The theory behind hardening tools

2. Hardening Two June 13, 2016 Francesco Pira (fpira.com)
Before we start…
• each system has its own security requirements
• each system has different overriding security
requirements
• sometimes you need to combine multiple solutions
• showed approaches are build into the system

3. Hardening Two June 13, 2016 Francesco Pira (fpira.com)
Information
Main security requirements
Confidentiality
Availability
Integrity

4. Hardening Two June 13, 2016 Francesco Pira (fpira.com)
Keywords
• roles
• subjects
• objects
• policy
• policy defines behaviour of roles / subjects / objects
as higher abstraction of users
as abstraction of executables
as abstraction of system resources
as a set of rules (usually system-wide)

5. Hardening Two June 13, 2016 Francesco Pira (fpira.com)
Available options
• DAC, Discretionary Access Control
• MAC, Mandatory Access Control
• RBAC, Role-Based Access Control
* DAC and MAC are mutually exclusive. RBAC can coexist with others.

6. Hardening Two June 13, 2016 Francesco Pira (fpira.com)
Discretionary Access Control
• focuses on availability
• user in control
• user can forward privileges
• user can revoke permissions
• can’t be used in hardening tools!

7. Hardening Two June 13, 2016 Francesco Pira (fpira.com)
Mandatory Access Control
• focuses on confidentiality
• acts system-wide
• by design: 1 trusted admin, no roles
• controls access to objects
• subjects can’t change the policy
• neither users at lower level can do

8. Hardening Two June 13, 2016 Francesco Pira (fpira.com)
Role-Based Access Control
• focuses on integrity
• needs authentication
• each role access only data who is allowed to (default is deny)
• not mandatory by design
• can coexist with MAC if the hierarchy is a tree
• policy tied to roles, roles tied to users
• usually implemented via ACL

9. Hardening Two June 13, 2016 Francesco Pira (fpira.com)
Hooking the kernel: LSM
• a framework embedded in the Linux kernel
• designed not to degrade system performance
• hardening tools via modules
• system resources have hooks
• hooks -> pointers to module functions (low-level API, kind of)
• table of (dummy) functions called security_ops
• dummy functions replaced at boot time with (e.g.) SELinux ones

10. Hardening Two June 13, 2016 Francesco Pira (fpira.com)
Hooking the kernel: LSM
Resource request
Sys call
DAC check
LSM hook
complete request
LSM module
engine
SELinux*
kernel space
user space
* as an example

11. Hardening Two June 13, 2016 Francesco Pira (fpira.com)
LSM hooks
• hooks are divided into categories
• task hooks
• program loading hooks
• IPC hooks
• filesystem hooks
• network hooks
• and more…

12. Hardening Two June 13, 2016 Francesco Pira (fpira.com)
Questions?
Thank you!