About Us Our Work Employment News & Events
MITRE Remote Access for MITRE Staff and Partners Site Map
Our Work
Overview
Mission Areas
Systems Engineering
Information Technology
MITRE Research Program
MITRE Federal Employee Fellowship Program
Technology Transfer Office
Technical Papers

Follow Us:
Visit MITRE on Facebook
Visit MITRE on Twitter
Visit MITRE on Linkedin
Visit MITRE on YouTube
View MITRE's RSS Feeds
View MITRE's Mobile Apps
Home > Our Work > Technical Papers >

Confining the Apache Web Server with Security-Enhanced Linux

June 2001

Michelle J. Gosselin, The MITRE Corporation
Jennifer Schommer, The MITRE Corporation

ABSTRACT

Restricting the access of a web server to system resources limits the potential damage caused to those resources through exploitation of web server vulnerabilities. However, allowing the web server to access the required resources enables the web server to provide expected functionality. This combination of denying unnecessary access and allowing required access results in providing web server functionality while limiting damage.

To demonstrate this, we hosted the Apache web server on Security-Enhanced Linux, an operating system that enforces a mandatory access control policy. By tailoring the Security-Enhanced Linux policy, we were able to control interaction between the Apache web server and other processes and files on the system. The policy dictates that Apache is only allowed to display web pages and perform limited functions that support the display of web pages.

View/Download Document

Additional Search Keywords

operating system security, web server security, access control policy, apache selinux

 

Page last updated: June 27, 2001   |   Top of page

Homeland Security Center Center for Enterprise Modernization Command, Control, Communications and Intelligence Center Center for Advanced Aviation System Development

 
 
 

Solutions That Make a Difference.®
Copyright © 1997-2013, The MITRE Corporation. All rights reserved.
MITRE is a registered trademark of The MITRE Corporation.
Material on this site may be copied and distributed with permission only.
IDG's Computerworld Names MITRE a "Best Place to Work in IT" for Eighth Straight Year The Boston Globe Ranks MITRE Number 6 Top Place to Work Fast Company Names MITRE One of the "World's 50 Most Innovative Companies"
 

Privacy Policy | Contact Us