中国科学技术大学：《安全操作系统》课程教学资源（PPT课件讲稿）第十一讲 国外知名安全操作系统介绍——SELinux CaseStudy SELinux

第八章国外知名安全操作系统介绍 'SE-Linux介绍 ☆EROS介绍 1958 o 嵌入式系统实验室 EMBEDDED SYSTEM LABORATORY SUZHOU INSTITUTE FON ADVANCED STUDY OF USTC

第八章 国外知名安全操作系统介绍 ❖SE-Linux介绍 ❖EROS介绍

Reference book BEATING THE O-DAY VULNERABILITY THREAT SELinux SELINUX NSA's Open Source NSA's Open Source Security Enhanced Linux Security Enbanced Linux By Bill McCarty *October 2004 Pages:254 O'REILLY BILL MCCARTY and Technolo 嵌入式系统实验室 EMBEDDED SYSTEM LABORATORY SUZHOU INSTITUTE FON ADVANCED STUDY OF USTC

Reference Book ❖SELinux NSA's Open Source Security Enhanced Linux ❖By Bill McCarty ❖October 2004 ❖Pages: 254

声明 本部分内容参考了网上搜索到的多个ppt >David Quigley关于SELinux的ppt《Security Enhanced Linux》 >Kenduest Lee(小州)的《SELinux入门初探》 1958 0 嵌入式系统实验室 EMBEDDED SYSTEM LABORATORY SUZHOU INSTITUTE FON ADVANCED STUDY OF USTC

声明 ❖ 本部分内容参考了网上搜索到的多个ppt ➢David Quigley关于SELinux的ppt《 Security Enhanced Linux》 ➢Kenduest Lee（小州）的《SELinux入门初探》

主要内容 *Definition History Concepts 空水大 *Architecture SELinux Policy Language Userspace 冬实现 使用 of Science and Technolooyof china 嵌入式系统实验室 EMBEDDED SYSTEM LABORATORY SUZHOU INSTITUTE FON ADVANCED STUDY OF USTC

主要内容 ❖Definition ❖History ❖Concepts ❖Architecture ❖SELinux Policy Language ❖Userspace ❖实现 ❖使用

主要内容 *Definition History Concepts 水天 *Architecture SELinux Policy Language Userspace 冬实现 使用 of Science and Technolooyof china 嵌入式系统实验室 EMBEDDED SYSTEM LABORATORY SUZHOU INSTITUTE FON ADVANCED STUDY OF USTC

主要内容 ❖Definition ❖History ❖Concepts ❖Architecture ❖SELinux Policy Language ❖Userspace ❖实现 ❖使用

Wikipedia says: Security-Enhanced Linux (SELinux)is a Linux feature that provides a variety of security policies, including U.S.Department of Defense style mandatory access controls,through the use of Linux Security Modules (LSM)in the Linux kernel.It is not a Linux distribution,but rather a set of modifications that can be applied to Unix-like operating systems,such as Linux and BSD Primarily developed by the US National Security Agency 嵌入式系统实验室 EMBEDDED SYSTEM LABORATORY SUZHOU INSTITUTE FON ADVANCED STUDY OF USTC

Wikipedia says: ❖Security-Enhanced Linux (SELinux) is a Linux feature that provides a variety of security policies, including U.S. Department of Defense style mandatory access controls, through the use of Linux Security Modules (LSM) in the Linux kernel. It is not a Linux distribution, but rather a set of modifications that can be applied to Unix-like operating systems, such as Linux and BSD. … ❖Primarily developed by the US National Security Agency …

运行示意图 Action Subject Request SELinux Permission Object (eg:read) Security Granted Yes (eg:a process) Server (eg:a file) No SELinux AVC: Policy Denied Database Message 1 ence and Tec7人 嵌入式系统实验室 EMBEDDED SYSTEM LABORATORY SUZHOU INSTITUTE FON ADVANCED STUDY OF USTC

运行示意图

主要内容 *Definition History Concepts 空天 *Architecture SELinux Policy Language Userspace 冬实现 使用 of Science and Technolooyof china 嵌入式系统实验室 EMBEDDED SYSTEM LABORATORY SUZHOU INSTITUTE FON ADVANCED STUDY OF USTC

主要内容 ❖Definition ❖History ❖Concepts ❖Architecture ❖SELinux Policy Language ❖Userspace ❖实现 ❖使用

SELinux Timeline 1985:LOCK (early Type Enforcement) 1990: DTMach/DTOS 1995: Utah Fluke /Flask 1999:2.2 Linux Kernel (patch) 2000: 2001:2.4 Linux Kernel (patch) 2002: LSM 2003:2.6 Linux Kernel (mainline) 2006: Full network labeling Present 嵌入式系统实验室 EMBEDDED SYSTEM LABORATORY SUZHOU INSTITUTE FON ADVANCED STUDY OF USTC

SELinux Timeline 1985: LOCK (early Type Enforcement) 1990: DTMach / DTOS 1995: Utah Fluke / Flask 1999: 2.2 Linux Kernel (patch) 2000: 2001: 2.4 Linux Kernel (patch) 2002: LSM 2003: 2.6 Linux Kernel (mainline) 2006: Full network labeling Present

主要内容 *Definition History Concepts 空大 *Architecture SELinux Policy Language Userspace 冬实现 使用 of science and Technolooyot china 嵌入式系统实验室 EMBEDDED SYSTEM LABORATORY SUZHOU INSTITUTE FON ADVANCED STUDY OF USTC

主要内容 ❖Definition ❖History ❖Concepts ❖Architecture ❖SELinux Policy Language ❖Userspace ❖实现 ❖使用