Z. Cliffe Schreuders presenting at LCA2010
A New Paradigm for Restricting Applications and Protecting Yourself from Your Processes
User-oriented access control models such as those traditionally used by Linux and Windows fail to protect users’ resources from zero day exploits and malware. These security systems can not protect users from maliciously behaving processes as they run with access to all the permissions of the users who run them. These restrictions are inadequate as malicious code often does not act on behalf of the user it is associated with.
Some previous approaches to application-oriented access controls such as AppArmor, SELinux, system call interposition mechanisms, and jails will be discussed. Their biggest obstacle to adoption – their usability and policy complexity – will be explored.
In this talk I will present and demonstrate a new way of restricting applications, which is based on the functionalities they perform. Applications are assigned ‘functionalities’ which are reusable policy abstractions which can be adjusted to the needs of specific applications.
Using this new scheme, users and administrators specify the functionalities the program is authorised to perform, and may provide some related application-specific information. Consequently these policies simultaneously enforce the security goals of users and administrators, for example enforcing mandatory and discretionary restrictions. The effect is that each process is restricted to only perform actions that are permitted by all the policies that apply to it. Therefore, a process compromised by a zero day exploit or by malware is confined to the privileges afforded to the functionalities assigned to it. Any attempts to act beyond the actions permitted by functionalities are denied.
The new model is known as Functionality-Based Application Confinement (FBAC), and the Linux implementation is known as FBAC-LSM. FBAC-LSM is a Linux Security Module (LSM) with user-space tools.
Z. Cliffe Schreuders is a PhD candidate at Murdoch University, in Perth, Western Australia. Recently Cliffe has presented at academic and Linux conferences in England, Portugal, New Zealand, USA and Australia. His current research aims to provide more usable application restrictions. He has written a new security mechanism FBAC-LSM for Linux which restricts programs based on the functionalities they provide.