Institutional-Repository, University of Moratuwa.  

Generic selinux rules & policies for secure execution of network services in LINUX

Show simple item record

dc.contributor.advisor Fernando S
dc.contributor.advisor Gamage C
dc.contributor.author Fernando MRI
dc.date.accessioned 2018
dc.date.available 2018
dc.date.issued 2018
dc.identifier.uri http://dl.lib.uom.lk/handle/123/16921
dc.description.abstract Usage of Network services and network stack-based applications on Linux systems are increasing rapidly, hackers around the world exploit security flaws there by executing sophisticated attacks on these services and compromising the entire system. Applying SELinux policies to a system which serves multiple network services has been a challenge due to policy conflicts. These policy conflicts are overridden by the security administrator there by applying SELinux rules to make the network services operational, however this might result in loop holes thereby information leakage from one or multiple services to another. This results in compromisal of not only the network service being attacked but other running services in the system which might lead to the entire trusted computing base being compromised. Deployment of SELinux Multi Level Security mandatory access control is an appropriate model to be applied over a system where we can segregate information flow from various security levels into the level of even categorized compartments. However, when running multiple network services over a single SELinux MLS enabled system, it is required to determine the security levels to be labelled over the subjects and the objects of the respective network services to overcome the ambiguity of the security levels in the information flow of a security lattice. Preserving both confidentiality and integrity of a system is a challenge and it is required to find the most secure way of information flow in a security lattice while achieving it using the existing SELinux MLS framework. This research focuses on a number of access control models, security models, lattice-based access control models and a wide range of SELinux security policy implementations. The goal of this research is to determine the security labels and security levels of the network services intended to run on a SELinux MLS enabled system while allowing information flow through the security lattice only if required. en_US
dc.language.iso en en_US
dc.subject COMPUTER SCIENCE AND ENGINEERING-Dissertations en_US
dc.subject COMPUTER SCIENCE-Dissertations en_US
dc.subject COMPUTER SECURITY-Multi-Level Security en_US
dc.subject COMPUTER SECURITY-Mandatory Access Control en_US
dc.subject SECURITY ENHANCED LINUX en_US
dc.subject BELL LAPADULA MODEL en_US
dc.title Generic selinux rules & policies for secure execution of network services in LINUX en_US
dc.type Thesis-Full-text en_US
dc.identifier.faculty Engineering en_US
dc.identifier.degree MSc in Computer Science en_US
dc.identifier.department Department of Computer Science & Engineering en_US
dc.date.accept 2018
dc.identifier.accno TH4243 en_US


Files in this item

This item appears in the following Collection(s)

Show simple item record