Some colleagues and I have been working on SimpleFlow, a simple information-flow-based security module for Linux. Our goal is to investigate the feasibility of implementing such a security model on top of LSM and to produce a prototype which is useful for education and certain computer-security competitions. We have adopted a very simple view of information flow (we do not claim to approach HiStar, etc.). The system administrator designates some filesystem objects as "confidential" and some programs as "trusted" (both stored using extended attributes). Any process not loaded from a trusted program will become "tainted" upon reading a confidential object. The kernel transfers this taint status from process to process as a result of inter-process communication (i.e., an untainted process reads from a tainted process over an IPC channel). If a tainted process writes to the network, the packet gets its RFC 3514 evil bit set. All of this seems to sort of work. We do our best to handle the forms of IPC including shared memory. The grand multi-source transformer X11 poses a problem; we presently set X11 as trusted, but we have plans to deal with X11 in X11 as SELinux has attempted. We tried to avoid making changes to the core kernel. One such change is an additional LSM call in fs/pipe.c. The other is a #define for the RFC 3514 evil bit. For practical reasons, we have so far targeted 3.10.0. We intend to eventually port to a kernel that supports LSM stacking. We are presently preparing a paper that describes some of the things we have done with SimpleFlow, and we are interested in hearing any feedback on our approach or code. We attached a patch which represents our work so far. We realize this is niche work, and perhaps SimpleFlow itself does not belong in the mainline kernel. However, we would be keen to discuss the concept even with people who are mildly interested. Thank you, -- Mike :wq
Attachment:
linux-3.10.0-327.el7-simple-flow.patch.gz
Description: application/gzip
_______________________________________________ Kernelnewbies mailing list Kernelnewbies@xxxxxxxxxxxxxxxxx http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies