Studienprojekte
PROJEKT
Mandatory Access Control with SELinux
FAKTEN
Zeitraum
SS 2008
FH-Studierende
David Niedermaier, Stefan Schleifer, Frank Treichl
FH-Betreuer
DI Eckehard Hermann
Kurzbeschreibung
In this project we ll focus on SELinux, the NSA s Linux implementation of mandatory access control. First of all, a lot of research is necessary to understand the architecture of the Linux Kernel itself as well as SELinux, the Linux Security Module and, of course, theoretical aspects such as the Bell-LaPadula model. After gaining this knowledge, the development of an own application with a intended bug should be in the spotlight. Therefore, a policy for this application has to be developed as well as a reasonable exploit. Last but not least, the attack will be tested and SELinux hopefully prevents us from getting root access to the target system.
DETAILS
Ausgangssituation / Motivation / Einleitung
Security mechanism such as ûrewalls and anti virus products protects IT- systems from known attacks. In these days, more and more 0-day attacks arise and several toolkits exist to help script kiddies execute ready-made programs to attack systems.
Projektziel
The project should show how to use SELinux and what the problems of using it are.
Umsetzung
At first a lot of research has been done to understand the different components of the system. After that a demo application has been written and tested. The next step was to create a SELinux policy for this program. At last an exploit was tested with enabled and disabled SELinux on the written application. The difference between the tests has been documented.
