![Page 1: Linux Kernel Security: Adapting 1960s Technology to Meet 21st Century Threats](https://reader034.vdocuments.net/reader034/viewer/2022042714/55614f4ed8b42a780d8b4d94/html5/thumbnails/1.jpg)
Linux Kernel Security
Adapting 1960s Technology to Meet 21st Century Threats
James MorrisRed Hat
LinuxCon Boston 2010
![Page 2: Linux Kernel Security: Adapting 1960s Technology to Meet 21st Century Threats](https://reader034.vdocuments.net/reader034/viewer/2022042714/55614f4ed8b42a780d8b4d94/html5/thumbnails/2.jpg)
History
Fig. 1
![Page 3: Linux Kernel Security: Adapting 1960s Technology to Meet 21st Century Threats](https://reader034.vdocuments.net/reader034/viewer/2022042714/55614f4ed8b42a780d8b4d94/html5/thumbnails/3.jpg)
“The first fact to face is that UNIX was not developed with security, in any realistic
sense, in mind; this fact alone guarantees a vast number of holes.”
Dennis Ritchie, “On the Security of UNIX”, 1979
![Page 4: Linux Kernel Security: Adapting 1960s Technology to Meet 21st Century Threats](https://reader034.vdocuments.net/reader034/viewer/2022042714/55614f4ed8b42a780d8b4d94/html5/thumbnails/4.jpg)
Unix DAC
Fig. 2
![Page 5: Linux Kernel Security: Adapting 1960s Technology to Meet 21st Century Threats](https://reader034.vdocuments.net/reader034/viewer/2022042714/55614f4ed8b42a780d8b4d94/html5/thumbnails/5.jpg)
DAC is “simple” and somewhat effective, but inadequate for modern environment:
Does not protect against flawed or malicious code
![Page 6: Linux Kernel Security: Adapting 1960s Technology to Meet 21st Century Threats](https://reader034.vdocuments.net/reader034/viewer/2022042714/55614f4ed8b42a780d8b4d94/html5/thumbnails/6.jpg)
(Actually, DAC is not simple)
Fig. 3
![Page 7: Linux Kernel Security: Adapting 1960s Technology to Meet 21st Century Threats](https://reader034.vdocuments.net/reader034/viewer/2022042714/55614f4ed8b42a780d8b4d94/html5/thumbnails/7.jpg)
“It must be recognized that the mere notion of a super-user is a theoretical, and usually practical,
blemish on any protection scheme.”
(also from Ritchie 1979)
![Page 8: Linux Kernel Security: Adapting 1960s Technology to Meet 21st Century Threats](https://reader034.vdocuments.net/reader034/viewer/2022042714/55614f4ed8b42a780d8b4d94/html5/thumbnails/8.jpg)
Enhanced DAC
Fig. 4
![Page 9: Linux Kernel Security: Adapting 1960s Technology to Meet 21st Century Threats](https://reader034.vdocuments.net/reader034/viewer/2022042714/55614f4ed8b42a780d8b4d94/html5/thumbnails/9.jpg)
POSIX Capabilities (privileges)
Access Control Lists (ACLs)
![Page 10: Linux Kernel Security: Adapting 1960s Technology to Meet 21st Century Threats](https://reader034.vdocuments.net/reader034/viewer/2022042714/55614f4ed8b42a780d8b4d94/html5/thumbnails/10.jpg)
Namespaces
Fig. 5
![Page 11: Linux Kernel Security: Adapting 1960s Technology to Meet 21st Century Threats](https://reader034.vdocuments.net/reader034/viewer/2022042714/55614f4ed8b42a780d8b4d94/html5/thumbnails/11.jpg)
Network Access Control
Netfilter
iptables
ebtables
Fig. 6
![Page 12: Linux Kernel Security: Adapting 1960s Technology to Meet 21st Century Threats](https://reader034.vdocuments.net/reader034/viewer/2022042714/55614f4ed8b42a780d8b4d94/html5/thumbnails/12.jpg)
CryptographyFig. 7
![Page 13: Linux Kernel Security: Adapting 1960s Technology to Meet 21st Century Threats](https://reader034.vdocuments.net/reader034/viewer/2022042714/55614f4ed8b42a780d8b4d94/html5/thumbnails/13.jpg)
Disk Encryption:
dm-cryptecryptfs
Network Encryption:
IPsec
![Page 14: Linux Kernel Security: Adapting 1960s Technology to Meet 21st Century Threats](https://reader034.vdocuments.net/reader034/viewer/2022042714/55614f4ed8b42a780d8b4d94/html5/thumbnails/14.jpg)
ASLR
NX
GCC
/dev/mem
Kernel pointers
System Hardening
Fig. 8
![Page 15: Linux Kernel Security: Adapting 1960s Technology to Meet 21st Century Threats](https://reader034.vdocuments.net/reader034/viewer/2022042714/55614f4ed8b42a780d8b4d94/html5/thumbnails/15.jpg)
The Inevitability of Failure
The Flawed Assumption of Security in Modern Computing Environments
Fig. 9
![Page 16: Linux Kernel Security: Adapting 1960s Technology to Meet 21st Century Threats](https://reader034.vdocuments.net/reader034/viewer/2022042714/55614f4ed8b42a780d8b4d94/html5/thumbnails/16.jpg)
Mandatory security
Trusted / protected path
Assurance
![Page 17: Linux Kernel Security: Adapting 1960s Technology to Meet 21st Century Threats](https://reader034.vdocuments.net/reader034/viewer/2022042714/55614f4ed8b42a780d8b4d94/html5/thumbnails/17.jpg)
Linux Security Modules
READ LSM Hook
LSM Module
![Page 18: Linux Kernel Security: Adapting 1960s Technology to Meet 21st Century Threats](https://reader034.vdocuments.net/reader034/viewer/2022042714/55614f4ed8b42a780d8b4d94/html5/thumbnails/18.jpg)
SELinux
Generalized MAC
Very fine-grained
Policy-flexible
![Page 19: Linux Kernel Security: Adapting 1960s Technology to Meet 21st Century Threats](https://reader034.vdocuments.net/reader034/viewer/2022042714/55614f4ed8b42a780d8b4d94/html5/thumbnails/19.jpg)
Simplified Mandatory Access Control Kernel (SMACK)
Simple label-based MAC
Policy is written as triples:
subject object [–rwxa]
![Page 20: Linux Kernel Security: Adapting 1960s Technology to Meet 21st Century Threats](https://reader034.vdocuments.net/reader034/viewer/2022042714/55614f4ed8b42a780d8b4d94/html5/thumbnails/20.jpg)
TOMOYO
Path-based MAC scheme
Automatic real-time policy generation
Policy applied to trees of process invocation
![Page 21: Linux Kernel Security: Adapting 1960s Technology to Meet 21st Century Threats](https://reader034.vdocuments.net/reader034/viewer/2022042714/55614f4ed8b42a780d8b4d94/html5/thumbnails/21.jpg)
AppArmor
Pathname access control scheme
Security usability via familiar abstractions
![Page 22: Linux Kernel Security: Adapting 1960s Technology to Meet 21st Century Threats](https://reader034.vdocuments.net/reader034/viewer/2022042714/55614f4ed8b42a780d8b4d94/html5/thumbnails/22.jpg)
Extending MAC
Netlabel
Secmark
NFSv4
sVirt
![Page 23: Linux Kernel Security: Adapting 1960s Technology to Meet 21st Century Threats](https://reader034.vdocuments.net/reader034/viewer/2022042714/55614f4ed8b42a780d8b4d94/html5/thumbnails/23.jpg)
Audit
Required for certification
Monitor syscall, LSM & misc. security events
Actually quite useful
![Page 24: Linux Kernel Security: Adapting 1960s Technology to Meet 21st Century Threats](https://reader034.vdocuments.net/reader034/viewer/2022042714/55614f4ed8b42a780d8b4d94/html5/thumbnails/24.jpg)
Integrity & Platform Security
TPM
IMA / EVM
TXT
VT-d
![Page 25: Linux Kernel Security: Adapting 1960s Technology to Meet 21st Century Threats](https://reader034.vdocuments.net/reader034/viewer/2022042714/55614f4ed8b42a780d8b4d94/html5/thumbnails/25.jpg)
Anti Malware
Best done in userland
... but, file scanning still desired
fsnotify
fanotify
![Page 26: Linux Kernel Security: Adapting 1960s Technology to Meet 21st Century Threats](https://reader034.vdocuments.net/reader034/viewer/2022042714/55614f4ed8b42a780d8b4d94/html5/thumbnails/26.jpg)
Seccomp
Extremely lightweight sandboxing
Reduces attack surface
![Page 27: Linux Kernel Security: Adapting 1960s Technology to Meet 21st Century Threats](https://reader034.vdocuments.net/reader034/viewer/2022042714/55614f4ed8b42a780d8b4d94/html5/thumbnails/27.jpg)
Current Status
Meets extremely wide range of security goals
Security features now mainstream
Better equipped to address modern threats
![Page 28: Linux Kernel Security: Adapting 1960s Technology to Meet 21st Century Threats](https://reader034.vdocuments.net/reader034/viewer/2022042714/55614f4ed8b42a780d8b4d94/html5/thumbnails/28.jpg)
Ongoing Challenges
Continued refinement & hardening
Multiple security models hindering adoption
Threats will continue to evolve
![Page 29: Linux Kernel Security: Adapting 1960s Technology to Meet 21st Century Threats](https://reader034.vdocuments.net/reader034/viewer/2022042714/55614f4ed8b42a780d8b4d94/html5/thumbnails/29.jpg)
How to Help
Enable features
Report problems
Share knowledge
Fig. 10
![Page 30: Linux Kernel Security: Adapting 1960s Technology to Meet 21st Century Threats](https://reader034.vdocuments.net/reader034/viewer/2022042714/55614f4ed8b42a780d8b4d94/html5/thumbnails/30.jpg)
Resources
Linux Kernel Security Wiki
LSM Mailing List
LWN Security page
![Page 31: Linux Kernel Security: Adapting 1960s Technology to Meet 21st Century Threats](https://reader034.vdocuments.net/reader034/viewer/2022042714/55614f4ed8b42a780d8b4d94/html5/thumbnails/31.jpg)
Questions ?
![Page 32: Linux Kernel Security: Adapting 1960s Technology to Meet 21st Century Threats](https://reader034.vdocuments.net/reader034/viewer/2022042714/55614f4ed8b42a780d8b4d94/html5/thumbnails/32.jpg)
Useful URLs
Kernel Security Wikihttp://security.wiki.kernel.org/
LSM Mailing Listhttp://vger.kernel.org/vger-lists.html#linux-security-module
LWN Security Pagehttp://lwn.net/Security/
“The Inevitability of Failure: The Flawed Assumption of Security in Modern Computing Environments”
http://csrc.nist.gov/nissc/1998/proceedings/paperF1.pdf
LSM Usenix Paperhttp://www.usenix.org/event/sec02/wright.html
Kernel Memory Protectionhttp://lwn.net/Articles/329787/
Linux Security Model Comparisonhttp://tomoyo.sourceforge.jp/wiki-e/?WhatIs#comparison
![Page 33: Linux Kernel Security: Adapting 1960s Technology to Meet 21st Century Threats](https://reader034.vdocuments.net/reader034/viewer/2022042714/55614f4ed8b42a780d8b4d94/html5/thumbnails/33.jpg)
Useful URLs ...SELinux
http://selinuxproject.org/“Have You Driven an SELinux Lately?” (OLS paper on current state)
http://namei.org/ols-2008-selinux-paper.pdf“Anatomy of Fedora Kiosk Mode”
http://namei.org/presentations/fedora-kiosk-mode-foss-my-2008.pdf“SELinux Memory Protection Tests”
http://people.redhat.com/drepper/selinux-mem.html“A seatbelt for server software: SELinux blocks real-world exploits”
http://www.linuxworld.com/news/2008/022408-selinux.html
SMACKhttp://schaufler-ca.com/
AppArmorhttp://en.opensuse.org/Apparmor
TOMOYOhttp://tomoyo.sourceforge.jp/
“POSIX file capabilities: Parceling the power of root”http://www.ibm.com/developerworks/library/l-posixcap.html
“POSIX Access Control Lists on Linux”http://www.suse.de/~agruen/acl/linux-acls/online/
![Page 34: Linux Kernel Security: Adapting 1960s Technology to Meet 21st Century Threats](https://reader034.vdocuments.net/reader034/viewer/2022042714/55614f4ed8b42a780d8b4d94/html5/thumbnails/34.jpg)
Useful URLs ..."Implementing Native NFSv4 ACLs in Linux"
http://lca2009.linux.org.au/slides/79.tar.gz
“Applying mount namespaces”http://www.ibm.com/developerworks/linux/library/l-mount-namespaces.html
“Disk encryption in Fedora: Past, present and future”http://is.gd/16012
“Limiting buffer overflows with ExecShield” (2005)http://www.redhat.com/magazine/009jul05/features/execshield/
“Linux Kernel Heap Tampering Detection”http://phrack.org/issues.html?issue=66&id=15#article
“System integrity in Linux”http://lwn.net/Articles/309441/
“Linux kernel integrity measurement using contextual inspection” (LKIM)http://portal.acm.org/citation.cfm?id=1314354.1314362
Intel TXT Sitehttp://www.intel.com/technology/security/
IBM TCPA Resources http://www.research.ibm.com/gsal/tcpa/tcpa_rebuttal.pdf
Invisible Things Labs http://theinvisiblethings.blogspot.com/
![Page 35: Linux Kernel Security: Adapting 1960s Technology to Meet 21st Century Threats](https://reader034.vdocuments.net/reader034/viewer/2022042714/55614f4ed8b42a780d8b4d94/html5/thumbnails/35.jpg)
Image Credits
1. Bell Labs
2. Duke University Ad*Access
3. Hao Chen, David Wagner, and Drew Dean.
4. “nofeel” (flickr)
5. Unknown
6. Ian Lloyd (flickr)
7. James Morris
8. Steve Jurvetson (flickr)
9. Michael Scott (flickr)
10. Alfred T Palmer (LoC)