Logo Unict Logo Cdl Informatica Logo Nas lab

DMI proudly announces an Openday to learn how to hardening your GNU/Linux OS.
The event aims to present a general overview of Mandatory Access Control systems.
The first half of the event present an historical overview about architecture like Flux Advanced Security Kernel (FLASK), Role Based Access Control (RBAC) and Linux Security Modules ( LSM ). It continue with a presentation of limits and potential of four MAC tools. The tools examined will be : SELinux, AppArmor, Tomoyo Linux and Grsecurity.
The second half of the event it's a challange demo while will be tested the hardening of the GNU/Linux systems.
Last section will be dedicated to answers the questions

Event Overview


9:00 am

MAC - Mandatory Access Control
(Speaker Di Franco F.)

FLASK architecture
(Speaker Scuderi A.)

RBAC - Role Based Access Control
(Speaker Pira F.)

LSM - Linux Security Module
(Speaker Gelardi G.)

Tool presentation

10:00 am

(Speaker Zermo C. & Scuderi A.)

(Speaker Pira F.)

(Speaker Gelardi G.)

(Speaker Di Franco F.)

Tool demonstration

11:00 am

Technical Challange

Local exploit demonstration
Sample of local malware

Remote exploit demonstration
Sample of remote attack

Question time

If you have any questions about linux hardening this is the best moment!

Event Schedule


09:00 - 10:00

A little introduction about the concept of Mandatory Access Control and the difference between the access control systems.
Flask, the most famous operating system security architecture that provide a flexible policy support.
RBAC, Role Based Access Control, a different implementation of Mandatory Access Control based on role.
LSM, the security framework provided by the linux kernel that allow different security model implementations.

Tool presentation

10:00 - 11:00

We'll make an overview about the features and the general-purpose security goals of the implementations of Mandatory Access Control.
1. SELinux, developed in first time by NSA but released open source, has become the most used Mandatory Access Control System.
2. AppArmor, simple and effective path based implementation of Mandatory Access Control.
3. Tomoyo that provide the features to increase the security of a system, while also being useful purely as a systems analysis tool.
4. GRSecurity, RBAC implementation that provide a set of patches for the Linux kernel with an emphasis on enhancing security.

Tool demonstration

11:00 - 12:00

We'll make a concrete demonstration of the limit and potential of the presented tools
1. Installation and configuration
2. Local exploit execution before and after the activation of security enforcement. We'll demonstrate how you can protect your system from trojan and guarantee the confidentially.
3. Remote exploit execution before and after the activation of security enforcement. We'll demonstrate how you can protect a web server from remote exploitation and how to confine your exposed web services.

The tools


A. Scuderi
C. Zermo


F. Di Franco


G. Gelardi


F. Pira

Contact us

Sweetbus, Team
University of Catania

Sweetbus mail account
We're on social networks