Security architecture for a systematic administration of SELinux policies in distributed environments

  • Authors:

  • Pedro Chavez Lugo;Juan J. Flores;Juan Manuel Garcia Garcia

  • Affiliations:

  • Division de Estudios de Postgrado, Facultad de Ingenieria Electrica, Universidad Michoacana, Morelia, Michoacan, Mexico;Division de Estudios de Postgrado, Facultad de Ingenieria Electrica, Universidad Michoacana, Morelia, Michoacan, Mexico;Departamento de Sistemas Computacionales, Instituto Tecnologico de Morelia, Morelia, Michoacan, Mexico

  • Venue:
  • DNCOCO'08 Proceedings of the 7th conference on Data networks, communications, computers
  • Year:
  • 2008

Quantified Score

Hi-index 0.00

Visualization

Abstract

Users and organizations seek to obtain from an operating system integrity, confidentiality, and availability in both hardware and software resources. These characteristics must come coupled with easy handling and administration. An operating system designed under the criteria of the class A1, consists of a collection of security strengthening mechanisms for the kernel. SELinux is an example of this type of operating system that supports several types of security policies applied to access control. In this article we address the problem of inconsistency in SELinux policies, which is present in distributed environments. To solve this problem, we propose an architecture that integrates a policy server for enabling a simple and secure administration. The policy server collects, integrates, and updates all policies that are applied in the distributed environment. We aim to achieve authenticity, integrity and confidentiality in the policy update process through the Kerberos V protocol. We propose a redundant policy server. We do not assure that the proposed architecture is bug free; it is impossible to guarantee a completely secure system. Nonetheless, we consider it a viable solution for centralized management of SELinux policies.