BC/NW 2024 № 1 (41):13.1

APPLICATION OF THE SELINUX FORCED ACCESS CONTROL SYSTEM ON THE EXAMPLE OF THE NATIONAL OPERATING SYSTEM RED OS

Tolmachev , I.S., Uymin  A.G.

Security-Enhanced Linux (SELinux) embodies a suite of access control policies embedded within the Linux kernel, offering augmented mandatory security levels for operating systems. The principal feature of SELinux's Mandatory Access Control (MAC) is its capacity to prevent attackers from establishing a foothold in the system even after exploiting vulnerabilities. This is achieved by enforcing mandatory policies that restrict actions within the system at large, rather than merely at user or group levels. SELinux transforms an operating system with discretionary privileges into one governed by mandatory access controls, facilitating precise and differentiated access management. Access control within SELinux is executed via security policy configurations, which constrict interactions among various applications and processes, thereby bolstering the system's overall security posture.[1][2]

This software package can be integrated into nearly any version of national Linux distributions, ensuring a broad application spectrum. SELinux has been incorporated into the national operating system RED, offering tools such as audit2allow, secon, and audit2why for operational management. Similarly, the Russian Alt Linux distribution incorporates MAC, although it is deactivated by default at the kernel level. Both distributions support logging and monitoring of SELinux security events, underlining the significance of implementing a mandatory access control system in the development of secure infrastructures based on national operating systems.[3][4]

Literature

1.       A. Eaman, B. Sistany, A. Felty Review of Existing Analysis Tools for SELinux Security Policies: Challenges and a Proposed Solution. MCETECH 2017: E-Technologies: Embracing the Internet of Things pp 116–135

2.     P.N Devyanin, V.V. Kulyamin, A.K. Petrenko, A.V. Khoroshilov, I.V. Shchepetkov Integration of mandatory and role-based access control and mandatory integrity control in the verified hierarchical security model of the operating system // Proceedings of ISP RAS. 2020. No. 1.

3.     S. Vermeulen SELinux System Administration Secondary Edition

4.     J. Wang, D. Li, L. Yang, L.Tan, H. Wang Security Strategy and Research of Power Protection Equipment Based on SELinux. Proceedings of Sixth International Congress on Information and Communication Technology pp 37–47