On Tue, Apr 19, 2016 at 10:48:30PM -0400, W. Michael Petullo wrote: > Some colleagues and I have been working on SimpleFlow, a simple > information-flow-based security module for Linux. Our goal is to > investigate the feasibility of implementing such a security model on > top of LSM and to produce a prototype which is useful for education and > certain computer-security competitions. > > We have adopted a very simple view of information flow (we do not claim > to approach HiStar, etc.). The system administrator designates some > filesystem objects as "confidential" and some programs as "trusted" > (both stored using extended attributes). Any process not loaded from > a trusted program will become "tainted" upon reading a confidential > object. The kernel transfers this taint status from process to process > as a result of inter-process communication (i.e., an untainted process > reads from a tainted process over an IPC channel). If a tainted process > writes to the network, the packet gets its RFC 3514 evil bit set. > > All of this seems to sort of work. We do our best to handle the forms > of IPC including shared memory. The grand multi-source transformer X11 > poses a problem; we presently set X11 as trusted, but we have plans to > deal with X11 in X11 as SELinux has attempted. > > We tried to avoid making changes to the core kernel. One such change is > an additional LSM call in fs/pipe.c. The other is a #define for the RFC > 3514 evil bit. > > For practical reasons, we have so far targeted 3.10.0. We intend to > eventually port to a kernel that supports LSM stacking. 3.10.0 is almost 3 years old and very obsolete, please use a much newer kernel as lots of stuff has changed in the vfs that you will have to deal with eventually. > We are presently preparing a paper that describes some of the things we > have done with SimpleFlow, and we are interested in hearing any feedback > on our approach or code. We attached a patch which represents our work > so far. We realize this is niche work, and perhaps SimpleFlow itself does > not belong in the mainline kernel. However, we would be keen to discuss > the concept even with people who are mildly interested. Try posting this to the linux-security list, they would be interested. thanks, greg k-h _______________________________________________ Kernelnewbies mailing list Kernelnewbies@xxxxxxxxxxxxxxxxx http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
