Re: A casestudy where selinux has stopped malware attacks

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Android has tried to document pretty extensively how the reduction of
attack surface provided by SELinux has resulted in a significant
percentage of bugs being unreachable.

See, for example
https://www.blackhat.com/docs/us-17/thursday/us-17-Kralevich-Honey-I-Shrunk-The-Attack-Surface-Adventures-In-Android-Security-Hardening.pdf
slide 52, where 44% of our security bulletin class bugs are reduced in
severity because of SELinux attack surface management.

However, SELinux's primary goal isn't attack surface management
(although it's very good at it). It's primary purpose is containment
and being able to reason about the state of the system assuming a
compromise of any component. If SELinux stops a malware author, that
malware author will simply choose to not publish their non-working
code. Most people, including malware authors, will only celebrate
their successes, but won't publicize their failures. Measurements in
this area are hard.

-- Nick


On Wed, Sep 20, 2017 at 9:13 PM, masoom alam <masoom.alam@xxxxxxxxx> wrote:
> Hi every one,
>
> Do we have some thing like the mentioned subject documented?
>
> Thank you.
>
>
> ----
> Dr. Masoom Alam,
> Associate Professor,
> Department of Computer Science,
> COMSATS Institute of Information Technology,
> Park Road, Islamabad
> Off +92-51-9049-5391
> Cell +92-332-9298-404



-- 
Nick Kralevich | Android Security | nnk@xxxxxxxxxx | 650.214.4037



[Index of Archives]     [Selinux Refpolicy]     [Linux SGX]     [Fedora Users]     [Fedora Desktop]     [Yosemite Photos]     [Yosemite Camping]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux