DocumentCode :
3227451
Title :
SELinux in and out
Author :
Khan, Kashif Ahmad ; Amin, Muhammad ; Afridi, Abbas Khan ; Shehzad, Waqas
Author_Institution :
Dept. of CS, NUCES, Peshawar, Pakistan
fYear :
2011
fDate :
27-29 May 2011
Firstpage :
339
Lastpage :
343
Abstract :
Security Enhanced Linux (SELinux) is a widely used Mandatory Access Control system which is integrated in the Linux kernel. It is an added layer of security mechanism on top of the standard Discretionary Access Control system that Unix/Linux and other major operating systems have. SELinux does not nullify DAC but in fact supports DAC and its checks are performed after DAC´s. If DAC allows an operation then SELinux checks that operation by comparing it with the set of specified rules that it has and decides based on those rules only. If DAC denies some access then SELinux checks are not performed. Because DAC allows users to have full control over files that they own, they could unwantedly set any permission on the files that they own, at their own discretion, which could prove dangerous so for this reason SELinux brings the Mandatory Access Controls (MAC) mechanism which enforces rules based on a specified policy and denies access operations if policy in use do not allow it, even if the file permissions were world-accessible using DAC In this paper we discuss various SELinux policies and provide a statistical comparison using standard Delphi method.
Keywords :
Linux; authorisation; Unix; file permissions; mandatory access control system; operating systems; security enhanced Linux; security mechanism; standard Delphi method; standard discretionary access control system; Organizations; Security; Usability; Access Controls; MAC; SELinux;
fLanguage :
English
Publisher :
ieee
Conference_Titel :
Communication Software and Networks (ICCSN), 2011 IEEE 3rd International Conference on
Conference_Location :
Xi´an
Print_ISBN :
978-1-61284-485-5
Type :
conf
DOI :
10.1109/ICCSN.2011.6014064
Filename :
6014064
Link To Document :
بازگشت