Introduction

The National Security Agency (NSA) released Security-Enhanced Linux (SELinux) in December of 2000 under the General Public License (GPL). An integration of the Flask mandatory access control (MAC) architecture with Linux, SELinux provides a flexible mechanism to enforce the separation of information based on confidentiality and integrity requirements. This integration of MAC mechanisms into a mainstream operating system has allowed the NSA to transfer such security concepts to a wider community and demonstrate their viability. SELinux addresses the threats of tampering and the bypass of application security mechanisms, and can strictly confine any damage caused by malicious or flawed applications.

The MITRE Corporation has been involved with the SELinux project since 2000, beginning with the modification of several user utilities to provide SELinux-related information to the user. Since then, MITRE's contribution to the SELinux community has been two-fold: development of individual application policies (roughly between 2000 and 2002), and the design and development of SELinux policy management tools.

Publications

MITRE's SELinux group has published a small number of papers on the theory and applications of this technology.

• SE Linux Symposium 2006: Guided Policy Generation for Application Authors [PDF, 317KB]
  We designed Polgen primarily for security administrators who confront unfamiliar programs and are obliged to integrate them into existing policy. This paper highlights changes made to Polgen to adapt it to the needs of application authors, people that are less likely to be well versed in SE Linux policy than are security administrators. Key changes include an architecture specification language and a refinement of the wizard-style interface for application authors. When complete, this tool will expand the community of policy authors, and further accelerate the adoption of SE Linux.



• Workshop on Issues in the Theory of Security 2003: Verifying Information Flow Goals in Security-Enhanced Linux [PDF, 256KB]
  In this paper, we first provide a formalization of the access control mechanism of the SELinux security server. This serves as a more compact and rigorous adjunct to the SELinux documentation. It also serves as a basis for our analysis methods.

Automated Policy Generation

The MITRE policy generation tools, polgen, provide a systematic way to generate policy for programs on an SELinux system. Specifically, polgen attempts to generate policy for a program based on patterns in the program's behavior. The policy that polgen suggests is tailored to the behavior of the program and includes suggestions for new system types when appropriate to support least-privilege on an SELinux system. This process is predictable and repeatable, but interactive. The user, presented with a suggested policy description, can modify that description before actual policy is produced. The current version of polgen is included here.

NOTE: Please read through the license listed here before downloading the SLAT distribution. Download of the distribution indicates acceptance of the license terms.

• Read GPL license before downloading software
• Download Polgen Version 1.3 (RPM)
• Download md5sum [1KB]
• Download Polgen Version 1.3 (Source tarball)
• Download md5sum [1KB]

Automated Policy Analysis

The SELinux Analysis Tools (SLAT) provide a systematic way to determine if security goals are achieved by a given SELinux policy configuration. In particular, SLAT is concerned with information flow security goals, which describe desired paths by which information moves throughout a system. We provide a simple syntax in which to express these goals. We envision SLAT usage to be ongoing: whenever a system's policy configuration is modified, SLAT can be used to ensure continued enforcement of the pre-existing security goals. Included here are a paper describing the theoretical underpinnings of SLAT, and the software distribution.

NOTE: Please read through the license listed here before downloading the SLAT distribution. Download of the distribution indicates acceptance of the license terms.

• Achieving Security Goals with Security-Enhanced Linux [PDF, 167K] February 2002
• Read GPL license before downloading software
• Download SLAT Version 2.0 [TAR, 440KB]
• Download RPM [227KB]
• Download md5sum [1KB]

Application Policies

MITRE's apache policy was merged into the example policy as the original httpd policy in September of 2001, and has been further maintained and developed by others since then. The original policy and documentation included here.

• Confining the Apache Web Server with Security-Enhanced Linux
• Apache policy statements
• Apache policy summary

MITRE also developed a policy for sendmail that was not merged into the example policy.

• Sendmail Policy Statements text files
  • Sendmail (daemon)
  • Sendmail (user mode)
  • Procmail
  • Smrsh
• Sendmail policy summary

Please note that these policies were written for older versions of SELinux. They may not build with the current policy, and are provided here for reference only.

For more information, please contact Brian Sniffen using the employee directory.

Serving as Architects of Information Advantage.™
Copyright © 1997-2008, The MITRE Corporation. All rights reserved.
MITRE is a registered trademark of The MITRE Corporation.
Material on this site may be copied and distributed with permission only.

Privacy Policy | Contact Us