Linuxkernel security enhancements

1
Linux-kernel security enhancements

• Karri Huhtanen ltkhuhtanen_at_iki.figt

2
Why?

• Linux is used more and more in network
  appliances, routers and other critical systems.
• Critical systems like these often cannot be
  upgraded and rebooted instantly when new security
  hole and fix is found.
• Plain vanilla Linux kernel and system is very
  vulnerable compared to specialized router
  operating systems because of the basic Unix
  kernel security features.
• Linux kernel has no encryption support for
  securing communications or data in plain vanilla
  kernel (at least yet)
• Thus there is a need for hardened Linux kernel
  and security enhancements

3
How?

• Designed security architecture needed just
  closing security holes is not the solution
• Buffer overflow memory protection/restrictions,
  sandboxes for services, processes and users
• Resource restrictions/limitations within kernel
  or outside (e.g. Fork bomb protection, firewall
  rules that limit the number of open connections
  etc.)
• Mandatory Access Controls (Root has too much
  power), subject/object -model based access
  control
• Logging, traceability of actions, integrity
  checks
• Hiding existence i.e. network transparency
• Communications / data encryption support (e.g.
  IPSEC stack, filesystem encryption)

4
Integrity and Access Control

• NSA Security-Enhanced Linux ( www.nsa.gov/selinux/
  )
• A result of several NSA security research
  projects, from design to implementation approach
• Security-enhanced Linux is only a research
  prototype that is intended to demonstrate
  mandatory controls in a modern operating system
  like Linux and thus is very unlikely to meet any
  interesting definition of secure system. -- NSA
  SELinux FAQ
• A starting point and a theoretical model for
  future kernel development and Linux Security
  Module work (http//lsm.immunix.org/)
• LIDS (www.lids.org)
• Root has too much power.
• Access Control List implementation patch for
  Linux kernel
• file/process protection and capabilities control
• An opensource community's equivalent of NSA
  SELinux?
• grsecurity (www.grsecurity.net)
• A large collection of security enhancement
  patches for Linux kernel
• Buffer overflow/memory protections, ACLs for
  files/sockets/consoles/processes/whatever,,
  logging, resource restrictions/limits, network
  invisibility/OS signature hiding etc.

5
Communications and Data Encryption

• FreeS/WAN IPSEC stack
• WWW site www.freeswan.org
• X.509 certificate support www.strongsec.com/frees
  wan/
• The leading free open source Linux IPSEC stack,
  commercial IPSEC stacks available for network
  appliance developers available from for example
  SSH Communications, SecGo, (F-Secure?)
• Advantages free, open source, available for all,
  (cheap), interoperable
• Disadvantages no management software, only 3DES
  encryption, limited hardware encryption and
  modern IP technologies support
• International Crypto API for GNU/Linux
• WWW site sourceforge.net/projects/cryptoapi/
• Provides kernel modules for creating encrypted
  loopback devices to encrypt for example your home
  partition
• Based on international crypto patch for GNU/Linux
• Advantages free, open source, available for all,
  cheap, several encryption algorithms implemented
  (blowfish, AES etc.)
• Disadvantages documentation, encryption of whole
  disk/swap is not possible

6
About this presentation and report

• This presentation will be soon added in several
  formats in iki.fi/khuhtanen/interests/security/
• The report, which presents these security
  enhancements in detail will be published on the
  same web page.
• The report will also most likely contain a report
  of the practical experiment where some or all of
  the presented security enhancements are combined
  in single kernel. The success or failure of this
  experiment as well as the succesful/failing
  combination is documented in the report.
• Questions? Suggestions of things to note in the
  report?