Comparison of supplementary Linux kernel security solutions
Németh Tamás
<>
Nyugat-magyarországi Egyetem
According to the classic security modell of UNIX kernels, subject/processes running with the root privlege (i.e. using UID 0) are allowed to carry out every possible an every system object (i.e. files, hardware, network and other resources), while ordinary subjects are allowed to carry out only a subset of these actions. This mere two-level security modell was originally refined only by grouping the processes/users (GID), and the well known rwrwxrwx bitmaps on files. This serurity modell was getting more and more fine grained by the addition of some auxiliary devices, like setuid, setgid and sticky bits; decomposing the root privilege into so called capabilities; filesystem ACLs; etc. Editing the policy of this extended UNIX security modell is partly committed to the users discretion, therefore it's called a discretionary access control (DAC) system, as opposed to the Mandatory Access Control (MAC) systems introduced in this presentation, in which the security policy is under control of a special
administrative role.
I will introduce four prevalent MAC systems in the presentation: SELinux, originally developed by NSA; RSBAC, the one-person project of Amon Ott; AppArmor, which was originally developed by Immunix, then Novell, and currently by Canonical, the developer of Ubuntu Linux; and finally Grsecurity, which is developed mainly by Brad Spengler. I comapare these solutions by several aspects, léike the philosophy behind their security modells; their complexity or user friendlyness; the method of creating their security policy; the way of loading their their policies into the kernel; their additional security solutions; the steps of integrating them into the operating system; the possibilies of solving a given practical problem; etc.