Search My Blog

Wednesday, May 12, 2010

Role-based access control in SELinux

Role-based access control in SELinux

Learn your way around this admin-friendly security administration layer

Serge E. Hallyn (sergeh@us.ibm.com), Software Engineer, IBM 

Summary:  Role-based access control (RBAC) is a general security model that simplifies administration by assigning roles to users and then assigning permissions to those roles. RBAC in Security-Enhanced Linux (SELinux) acts as a layer of abstraction between the user and the underlying type-enforcement (TE) model, which provides highly granular access control but is not geared for ease of management. Learn how the three pieces of an SELinux context (policy, kernel, and userspace) work together to enforce the RBAC and tie Linux® users into the TE policy.

Date:  13 Feb 2008
Level:  Intermediate
Also available in:   Japanese

Activity:  14846 views
Comments:   0 (Add comments)

1 star2 stars3 stars4 stars5 stars Average rating (based on 17 votes)
  • +Show articles and other content related to my search: selinux rbac

The security policy implemented in Security-Enhanced Linux (SELinux) is type enforcement (TE) under a layer of role-based access control (RBAC). (SELinux also orthogonally implements multi-level security (MLS), which is outside the scope of this article.) TE is the most visible, and therefore the most well known, server because it enforces fine-grained permissions: when something breaks because of unexpected access denials, TE is most likely responsible. In TE, a process's security domain (its domain of influence over the system) is determined by the task's history and the currently executing program.

The concept of RBAC isn't discussed as often as TE and can be confusing because of the way it is integrated with TE. You generally think of RBAC as specifying the access that users in certain roles may receive. SELinux specifies the role-based access in terms of TE, however, so the goal of RBAC in SELinux is to allow management of privileges based on roles that the authorized user may assume, then restrict the domains of influence that a role may enter by specifying the TE domains with which a role may be combined into a valid context.

To see how this works, take a look at a very simple cash register accounting system using SELinux to provide the security guarantees. You'll see the same solution in two very different environments (see Downloads to view the code for both):

  • The from-scratch SELinux system built in the developerWorks article "SELinux from scratch." This system demonstrates how several of the pieces in the kernel and in userspace are bound together.
  • A Fedora Core 8 system. The Fedora Core 8 system (new at the time of this writing) shows how SELinux and RBAC are tightly integrated.

Read more...
http://www.ibm.com/developerworks/linux/library/l-rbac-selinux/

Don

No comments: