SENG Compiler and Examples

I’ve finally uploaded a copy of the proof-of-concept SENG compiler and some examples of using it to write policies.

For the uninitiated: SENG is an experimental language for writing SELinux policies. In a nutshell, it augments the existing language with higher-level constructs aimed at eliminating the need for macros. It was first presented publicly at the SELinux Symposium earlier this month.

The compiler source code and examples are stored in a Bazaar-NG (a.k.a. bzr) repository. If you don’t already have a bzr client installed and can’t get one from your Linux distribution of choice, follow that link to download one. That done, all you need to do is get started is run the following to check out the latest copy:

$ bzr get

To bring that copy up-to-date, go into the directory you checked the code out to and run:

$ bzr pull

That’s it! There’s a couple README files included that should give you enough to get started. To build the compiler, you’ll need Java 1.5 as well as Ant and JavaCC.

I hope to flesh out the (admittedly meager) example as time goes on, but in the near future homework will be claiming more of my “free” time.

I apologize for the delay in getting this out, but there were some problems with the code that needed fixing before showing it to the world.

Comments Off

Click-Through Agreements Are Dumb

So I ordered something online the other day, and I get its shipping confirmation in my e-mail. It has a link to the UPS package tracker for my shipment. Notice anything odd about the URL?

That’s right, the URL tells the server you agreed to whatever terms and conditions they want to impose on you to access the tracker, without ever presenting them to you.


SELinux Symposium Notes: Session 5

[Editor's note: still more notes taken during the talks at the SELinux Symposium earlier this month. For entertainment use only.]

Keynote Address:UK e-Government: Security Challenges and Solutions for Innovative Service Delivery (Dr. Steve Marsh, UK Cabinet Office)

2000 — put all govt services online by 2005; govt must meet citizens’ needs
requires entire process change to shared services, not just putting up web pages; could save 10%
fun fact: recenue from online crime in US exceeds drug trafficking — suggests risks at play
public sector, man-in-street don’t know how to secure infrastructure, but not just an IT dept problem
must secure govt services and assure public it’s secure — if not used, investment is wasted
testing sees if code behavior matches requirements; doesn’t check for security faults & unexpected behavior
products becoming more complicated, & lifecycle shorter than time need to evaluate their security
locking machine away fails due to networking; air gaps not practical for public services
remote access + secure network = difficult but necessary; esp w/ mobile code; from walls to communities of interest
public sector, public don’t expect to run into barriers day-to-day — have to implement domain separation?
separate networks, VMs to isolate apps; lockdown removes functionality and tends to break apps –> MAC better
crime follows value; can’t let crime erode confidence in govt services — need cost-effective technologies for security
domain separation needed to protect supply chains
[Q: how does compartmentalization hinder operations in emergencies (e.g. Katrina)? A; need to evaluate the risk that a security mechanism blocks business]

Case Study: Open Source and Commercial Applications in a Java-based SELinux Cross Domain Solution (Boyd Fletcher, Joint Forces Command – Joint Experimentation Directorate, USA)

sharing information across networks & classification/information domains
want to securely share as much information with as many people as fast as possible
allow only desired flows and verify only valid, clean data is being moved
TE MAC simplifies the problem; allows assured pipelines to be constructed & reduces burden of software developer (can lock down & isolate parts)
chat tool: operates at ingress & egress of box, though for historical reasons not truly a secure pipeline
in Java, need init scripts & jar files for proper domain assignment; improperly handled exceptions leads to fail-open
commercial apps often ill-behaved but can be constrained by policy; leverages all aspects of SELinux
minimize technical expertise to deploy system

Case Study: Enhancing IBM Websphere with SELinux (Marc Hocking, Technology Cabinet Office, e-Government Unit, UK; Karl MacMillan, Tresys Technology, USA, and Doc Shankar, IBM, USA)

goal: access to data “anytime, anywhere, anyhow” by UK govt user to departmental data in a low-assurance env
federated identity among departments, central authorization w/ permissions decided by depts
desired capability: access to system throughout UK, providing mobility & disaster recovery
support of above UK program & explore SELinux with complicated middleware
sandboxing, enforce n-tier architecture, network security at process level (per-app firewall)
allow Websphere admin to specify security configuraiton, w/o SELinux-specific expertise
and support full Websphere functionality
problem: current SELinux policies are rigid and inflexible, difficult to customize in app-specific, & changes require writing policy
soln: run Websphere-specific tool to take description of app & emit refpol modules, packages for each system

Comments Off