dc.contributor.advisor |
Fernando S |
|
dc.contributor.advisor |
Gamage C |
|
dc.contributor.author |
Fernando MRI |
|
dc.date.accessioned |
2018 |
|
dc.date.available |
2018 |
|
dc.date.issued |
2018 |
|
dc.identifier.uri |
http://dl.lib.uom.lk/handle/123/16921 |
|
dc.description.abstract |
Usage of Network services and network stack-based applications on Linux systems
are increasing rapidly, hackers around the world exploit security flaws there by
executing sophisticated attacks on these services and compromising the entire system.
Applying SELinux policies to a system which serves multiple network services has
been a challenge due to policy conflicts. These policy conflicts are overridden by the
security administrator there by applying SELinux rules to make the network services
operational, however this might result in loop holes thereby information leakage from
one or multiple services to another. This results in compromisal of not only the
network service being attacked but other running services in the system which might
lead to the entire trusted computing base being compromised. Deployment of SELinux
Multi Level Security mandatory access control is an appropriate model to be applied
over a system where we can segregate information flow from various security levels
into the level of even categorized compartments. However, when running multiple
network services over a single SELinux MLS enabled system, it is required to
determine the security levels to be labelled over the subjects and the objects of the
respective network services to overcome the ambiguity of the security levels in the
information flow of a security lattice. Preserving both confidentiality and integrity of
a system is a challenge and it is required to find the most secure way of information
flow in a security lattice while achieving it using the existing SELinux MLS
framework. This research focuses on a number of access control models, security
models, lattice-based access control models and a wide range of SELinux security
policy implementations. The goal of this research is to determine the security labels
and security levels of the network services intended to run on a SELinux MLS enabled
system while allowing information flow through the security lattice only if required. |
en_US |
dc.language.iso |
en |
en_US |
dc.subject |
COMPUTER SCIENCE AND ENGINEERING-Dissertations |
en_US |
dc.subject |
COMPUTER SCIENCE-Dissertations |
en_US |
dc.subject |
COMPUTER SECURITY-Multi-Level Security |
en_US |
dc.subject |
COMPUTER SECURITY-Mandatory Access Control |
en_US |
dc.subject |
SECURITY ENHANCED LINUX |
en_US |
dc.subject |
BELL LAPADULA MODEL |
en_US |
dc.title |
Generic selinux rules & policies for secure execution of network services in LINUX |
en_US |
dc.type |
Thesis-Full-text |
en_US |
dc.identifier.faculty |
Engineering |
en_US |
dc.identifier.degree |
MSc in Computer Science |
en_US |
dc.identifier.department |
Department of Computer Science & Engineering |
en_US |
dc.date.accept |
2018 |
|
dc.identifier.accno |
TH4243 |
en_US |