Abstract
The protection of the root user is an important requirement for Linux systems. Recent developments in the area of cyber security have tackled this issue with the use of mandatory access control (MAC) mechanisms. Though MAC policies confine the root as per organizational requirements, yet security problems arise during the management of critical components. This gives rise to the need for incorporation of additional authentication mechanisms into the current scheme for the protection of security-sensitive components under the administration of root. We propose a scheme which uses MAC policies as a base for external device authentication of the root user.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Jordan, CS.: A Guide to Understanding Discretionary Access Control in Trusted Systems, pp. 5–15. DIANE Publishing, PA (1987) (NCSC-TG-003 VERSION-1)
Bell, D., LaPadula, L.: Secure computer system: unified exposition and multics interpretation. Technical Report M74-244, Mar 1976
Biba, K.: Integrity considerations for secure computer systems. Technical Report MTR-3153, Apr 1977
Spencer, R., Smalley, S., Loscocco, P., Hibler, M., Andersen, D., Lepreau, J.: The flask security architecture: system support for diverse security policies. In: Proceedings of the Eighth USENIX Security Symposium, The USENIX Association, Aug 1999
Ferraiolo, D.F., Kuhn, D.R.: Role-based access controls. In: Proceedings of the 15th NIST-NSA National Computer Security Conference, Baltimore, Maryland, 13–16 Oct 1992
Badger, L., Sterne, D.F., Sherman, D.L., Walker, K.M., Haghighat, S.A.: A domain and type enforcement UNIX prototype. In: Proceedings of the 5th USENIX UNIX Security Symposium, June 1995
Xu, X., Xiao, C., Gao, C., Tian, G.: A study on confidentiality and integrity protection of SELinux. International Conference on Networking and Information Technology, June 2010
Tate, B.: Selinux; securing a legacy ftp server, SANS Institute GSEC v1.4c, Jan 2005
Shinde, P., Sharma, P., Guntupalli, S.: Automated process classification framework using SELinux security context. In: Proceedings of the Third International Conference on Availability, Reliability and Security, 2008
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer India
About this paper
Cite this paper
Chatterjee, A., Mishra, A. (2014). Securing the Root Through SELinux. In: Mohapatra, D.P., Patnaik, S. (eds) Intelligent Computing, Networking, and Informatics. Advances in Intelligent Systems and Computing, vol 243. Springer, New Delhi. https://doi.org/10.1007/978-81-322-1665-0_65
Download citation
DOI: https://doi.org/10.1007/978-81-322-1665-0_65
Publisher Name: Springer, New Delhi
Print ISBN: 978-81-322-1664-3
Online ISBN: 978-81-322-1665-0
eBook Packages: EngineeringEngineering (R0)