Abstract
DMI proudly announces an Openday to learn how to hardening your GNU/Linux OS.
The event aims to present a general overview of Mandatory Access Control systems.
The first half of the event present an historical overview about architecture like Flux Advanced Security Kernel (FLASK), Role Based Access Control (RBAC) and Linux Security Modules ( LSM ). It continue with a presentation of limits and potential of four MAC tools. The tools examined will be : SELinux, AppArmor, Tomoyo Linux and Grsecurity.
The second half of the event it's a challange demo while will be tested the hardening of the GNU/Linux systems.
Last section will be dedicated to answers the questions
Event Overview
Introduction
9:00 am
MAC - Mandatory Access Control
(Speaker Di Franco F.)
FLASK architecture
(Speaker Scuderi A.)
RBAC - Role Based Access Control
(Speaker Pira F.)
LSM - Linux Security Module
(Speaker Gelardi G.)
Tool presentation
10:00 am
SELinux
(Speaker Zermo C. & Scuderi A.)
GRSecurity
(Speaker Pira F.)
Tomoyo
(Speaker Gelardi G.)
AppArmor
(Speaker Di Franco F.)
Tool demonstration
11:00 am
Technical Challange
Local exploit demonstration
Sample of local malware
Remote exploit demonstration
Sample of remote attack
Question time
F.A.Q
If you have any questions about linux hardening this is the best moment!
Event Schedule
Introduction
09:00 - 10:00
A little introduction about the concept of Mandatory Access Control and the difference between the access control systems.Flask, the most famous operating system security architecture that provide a flexible policy support.
RBAC, Role Based Access Control, a different implementation of Mandatory Access Control based on role.
LSM, the security framework provided by the linux kernel that allow different security model implementations.
Tool presentation
10:00 - 11:00
We'll make an overview about the features and the general-purpose security goals of the implementations of Mandatory Access Control.1. SELinux, developed in first time by NSA but released open source, has become the most used Mandatory Access Control System.
2. AppArmor, simple and effective path based implementation of Mandatory Access Control. 3. Tomoyo that provide the features to increase the security of a system, while also being useful purely as a systems analysis tool.
4. GRSecurity, RBAC implementation that provide a set of patches for the Linux kernel with an emphasis on enhancing security.
Tool demonstration
11:00 - 12:00
We'll make a concrete demonstration of the limit and potential of the presented tools1. Installation and configuration
2. Local exploit execution before and after the activation of security enforcement. We'll demonstrate how you can protect your system from trojan and guarantee the confidentially.
3. Remote exploit execution before and after the activation of security enforcement. We'll demonstrate how you can protect a web server from remote exploitation and how to confine your exposed web services.
The tools
SELinux
Speakers
A. Scuderi
C. Zermo
AppArmor
Speaker
F. Di Franco
Tomoyo
Speaker
G. Gelardi
GRSecurity
Speaker
F. Pira
