Generic selinux rules & policies for secure execution of network services in LINUX

Abstract

Usage of Network services and network stack-based applications on Linux systems are increasing rapidly, hackers around the world exploit security flaws there by executing sophisticated attacks on these services and compromising the entire system. Applying SELinux policies to a system which serves multiple network services has been a challenge due to policy conflicts. These policy conflicts are overridden by the security administrator there by applying SELinux rules to make the network services operational, however this might result in loop holes thereby information leakage from one or multiple services to another. This results in compromisal of not only the network service being attacked but other running services in the system which might lead to the entire trusted computing base being compromised. Deployment of SELinux Multi Level Security mandatory access control is an appropriate model to be applied over a system where we can segregate information flow from various security levels into the level of even categorized compartments. However, when running multiple network services over a single SELinux MLS enabled system, it is required to determine the security levels to be labelled over the subjects and the objects of the respective network services to overcome the ambiguity of the security levels in the information flow of a security lattice. Preserving both confidentiality and integrity of a system is a challenge and it is required to find the most secure way of information flow in a security lattice while achieving it using the existing SELinux MLS framework. This research focuses on a number of access control models, security models, lattice-based access control models and a wide range of SELinux security policy implementations. The goal of this research is to determine the security labels and security levels of the network services intended to run on a SELinux MLS enabled system while allowing information flow through the security lattice only if required.