Domain and Type Enforcement in Linux

Domain and Type Enforcement (DTE) is a simple and well-known access control system, which has been used at the microkernel level in SPIN, the kernel level in Unix, and the user-space library level in CORBA. This work implements DTE as a Linux Security Module, and provides tools for the composition and analysis of policies. The goal is to bring Mandatory Access Control in Linux to the level of ease of use of cryptography tools and libraries.;Tools have been created to edit DTE policies and query transitions through different privilege levels. A subtle modification of the Bell LaPadula (BLP) access control model\u27s star property, applied to a DTE policy, results in a relation on types which permits us to concisely express, and therefore verify, goals for that policy. Policy creation is simplified using composition of policy modules, and enhanced by automatic verification of persistence of any desirable properties, including the modified BLP relation on types, across module application

Modular Construction of DTE Policies

Permission is granted for noncommercial reproduction of the work for educational or research purposes

Leveraging IPsec for Mandatory Per-Packet Access Control

Mandatory access control (MAC) enforcement is becoming available for commercial environments. For example, Linux 2.6 includes the Linux Security Modules (LSM) framework that enables the enforcement of MAC policies (e.g., Type Enforcement or Multi-Level Security) for individual systems. While this is a start, we envision that MAC enforcement should span multiple machines. The goal is to be able to control interaction between applications on different machines based on MAC policy. In this paper, we describe a recent extension of the LSM framework that enables labeled network communication via IPsec that is now available in mainline Linux as of version 2.6.16. This functionality enables machines to control communication with processes on other machines based on the security label assigned to an IPsec security association. We outline a security architecture based on labeled IPsec to enable distributed MAC authorization. In particular, we examine the construction of a xinetd service that uses labeled IPsec to limit client access on Linux 2.6.16 systems. We also discuss the application of labeled IPsec to distributed storage and virtual machine access control.