Towards Making SELinux Smart
نویسنده
چکیده
This paper describes an intelligent, active, real-time, risk adaptable access control (RAdAC) system designed to extend the benefits of the National Security Agency's Security-Enhanced Linux (NSA's SELinux) by using SELinux not only as a secure base, but also as a source of input features to a Support Vector Machine (SVM) that will classify events/attacks in several categories. By enhancing SELinux with intelligence, it is hoped that the design will lead to real-time, non-signature based defensive systems capable of detecting and taking action against hostile users in the earliest stages of an attack.
منابع مشابه
Towards Intuitive Tools for Managing SELinux: Hiding the Details but Retaining the Power
The details of the SELinux access control mechanisms lead to the perception that SELinux is too complex for non-expert users to manage. We present techniques that bridge the gap between the comprehensive, low-level SELinux access controls and the intuitive, high-level abstractions familiar to system administrators. These techniques shield the user from SELinux implementation details without sac...
متن کاملAnalyzing Integrity Protection in the SELinux Example Policy
In this paper, we present an approach for analyzing the integrity protection in the SELinux example policy. The SELinux example policy is intended as an example from which administrators customize to create a policy for their site’s security goals, but the complexity of the model and size of the policy make this quite complex. Our aim is to provide an access control model to express site securi...
متن کاملSELinux and MLS: Putting the Pieces Together
Multi-Level Security (MLS) has been implemented on many different operating systems. We will discuss the reasons and motivations behind the improvements to the MLS model in SELinux that were accepted into the 2.6.12 Linux Kernel. An introduction to SELinux MLS representation, policy creation, and integration is provided to help further the adoption and use of this technology.
متن کاملSELinux Protected Paths Revisited
We revisit the notion of achieving a protected communication path for applications connected via the Internet using SELinux. Last year, we discussed the mechanism for integrating IPsec with SELinux security labels, but we did not consider the system goals for using such labels. Toward this end, we revisit early SELinux proposals for what is called a protected path. A protected path is a secure ...
متن کاملClassification of Malicious Distributed SELinux Activities
This paper deals with the classification of malicious activities occurring on a network of SELinux hosts. SELinux system logs come from a high interaction distributed honeypot. An architecture is proposed to compute those events in order to assemble system sessions, such as malicious ones. Afterwards, recognition mechanisms are proposed to classify those activities. The paper presents the class...
متن کامل