Securing the Root Through SELinux

Conference paper
Part of the Advances in Intelligent Systems and Computing book series (AISC, volume 243)


The protection of the root user is an important requirement for Linux systems. Recent developments in the area of cyber security have tackled this issue with the use of mandatory access control (MAC) mechanisms. Though MAC policies confine the root as per organizational requirements, yet security problems arise during the management of critical components. This gives rise to the need for incorporation of additional authentication mechanisms into the current scheme for the protection of security-sensitive components under the administration of root. We propose a scheme which uses MAC policies as a base for external device authentication of the root user.


SELinux Authentication Mandatory access control 


  1. 1.
    Jordan, CS.: A Guide to Understanding Discretionary Access Control in Trusted Systems, pp. 5–15. DIANE Publishing, PA (1987) (NCSC-TG-003 VERSION-1)Google Scholar
  2. 2.
    Bell, D., LaPadula, L.: Secure computer system: unified exposition and multics interpretation. Technical Report M74-244, Mar 1976Google Scholar
  3. 3.
    Biba, K.: Integrity considerations for secure computer systems. Technical Report MTR-3153, Apr 1977Google Scholar
  4. 4.
    Spencer, R., Smalley, S., Loscocco, P., Hibler, M., Andersen, D., Lepreau, J.: The flask security architecture: system support for diverse security policies. In: Proceedings of the Eighth USENIX Security Symposium, The USENIX Association, Aug 1999Google Scholar
  5. 5.
    Ferraiolo, D.F., Kuhn, D.R.: Role-based access controls. In: Proceedings of the 15th NIST-NSA National Computer Security Conference, Baltimore, Maryland, 13–16 Oct 1992Google Scholar
  6. 6.
    Badger, L., Sterne, D.F., Sherman, D.L., Walker, K.M., Haghighat, S.A.: A domain and type enforcement UNIX prototype. In: Proceedings of the 5th USENIX UNIX Security Symposium, June 1995Google Scholar
  7. 7.
    Xu, X., Xiao, C., Gao, C., Tian, G.: A study on confidentiality and integrity protection of SELinux. International Conference on Networking and Information Technology, June 2010Google Scholar
  8. 8.
    Tate, B.: Selinux; securing a legacy ftp server, SANS Institute GSEC v1.4c, Jan 2005Google Scholar
  9. 9.
    Shinde, P., Sharma, P., Guntupalli, S.: Automated process classification framework using SELinux security context. In: Proceedings of the Third International Conference on Availability, Reliability and Security, 2008Google Scholar

Copyright information

© Springer India 2014

Authors and Affiliations

  1. 1.Department of Computer EngineeringDefence Institute of Advanced Technology PunePuneIndia

Personalised recommendations