Institutional-Repository, University of Moratuwa.
Generic selinux rules & policies for secure execution of network services in LINUX
JavaScript is disabled for your browser. Some features of this site may not work without it.
Generic selinux rules & policies for secure execution of network services in LINUX
Fernando MRI
Abstract:
Usage of Network services and network stack-based applications on Linux systems
are increasing rapidly, hackers around the world exploit security flaws there by
executing sophisticated attacks on these services and compromising the entire system.
Applying SELinux policies to a system which serves multiple network services has
been a challenge due to policy conflicts. These policy conflicts are overridden by the
security administrator there by applying SELinux rules to make the network services
operational, however this might result in loop holes thereby information leakage from
one or multiple services to another. This results in compromisal of not only the
network service being attacked but other running services in the system which might
lead to the entire trusted computing base being compromised. Deployment of SELinux
Multi Level Security mandatory access control is an appropriate model to be applied
over a system where we can segregate information flow from various security levels
into the level of even categorized compartments. However, when running multiple
network services over a single SELinux MLS enabled system, it is required to
determine the security levels to be labelled over the subjects and the objects of the
respective network services to overcome the ambiguity of the security levels in the
information flow of a security lattice. Preserving both confidentiality and integrity of
a system is a challenge and it is required to find the most secure way of information
flow in a security lattice while achieving it using the existing SELinux MLS
framework. This research focuses on a number of access control models, security
models, lattice-based access control models and a wide range of SELinux security
policy implementations. The goal of this research is to determine the security labels
and security levels of the network services intended to run on a SELinux MLS enabled
system while allowing information flow through the security lattice only if required.
Files in this item
This item appears in the following Collection(s)
Related items
Showing items related by title, author, creator and subject.
-
Dissanayake, DMSK [Thesis-Full-text]There is a growing tendency in the security of an ERP systems. This has resulted in security issues when an implementing an ERP system. Despite many researchers have discovered various solution for the improve ERP system ...
-
Karunarathne, WKS [Thesis-Abstract]The internet put the rest ofthe world at the reach ofpersonal computer. In the same way, it is also made personal computers reachable by the rest ofthe world. Good News and Bad News! Over the last decade, the internet ...
-
Wijesekera, NTS [Article-Abstract]Climate change studies have come to maturity with the 4th report of the Intergovernmental panel on Climate Change in 2007. Conclusions about temperature increases, rainfall variations, climate change relationships with ...
Search UoM-IR
Browse
-
All of UoM-IR
-
This Collection