Hey Everyone,

Ever wanted to learn more about SELinux? Run into problems with it and decided not to use it again? Want to learn more about how to configure mandatory access control on your Linux boxes so they aren’t easily rooted?

Join Unallocated Space as we host David Quigley on Saturday, February 25th, 2012 @ 5:00PM where he will give us a course in all things SELinux.

Event table space is limited, so please use http://www.eventbrite.com/event/2845199067 to reserve your spot today.

Abstract

Over a decade ago, researchers at the National Information Assurance Research Lab at the National Security Agency (NSA) identified a need for flexible mandatory access controls to help provide a solid foundation for secure systems.  This resulted in the development of the FLASK architecture. FLASK has been implemented in a number of operating systems, the most prominent of which is Linux under the name SELinux. Since the early days of SELinux adoption, much work as been done by the community to improve the utility and usability of SELinux. These enhancement have turned SELinux from a prototype research implementation into a robust access control mechanism that is used by a variety of customers world wide.

This tutorial is suitable for students with a broad range of experience in SELinux. The tutorial starts with the foundation concepts of SELinux allowing students to understand the new access control concepts that are provided. The tutorial then covers basic SELinux usage including: evaluating the state of an SELinux-enabled system, identifying SELinux information on system resources, and troubleshooting of basic SELinux errors.

Next, the tutorial covers troubleshooting errors with SELinux that result from non standard configurations of system services. For example, it is common to change the location that a web server serves pages from. SELinux needs to be informed of these changes to ensure that system resources are consistent with what SELinux expects. This section will also cover examples of other services which typically have non-standard configurations. Students will work through examples that address not only the issue at hand, but also expose the underlying cause. This increases the student’s understanding and allows each student to identify and resolve similar problems

Finally, the tutorial covers SELinux policy analysis and writing. As system administrators are constantly faced with deploying software created by their enterprise, understanding the SELinux security policy and how to extend it to cover in-house applications is very important. It covers basic policy development within the scope of the SELinux reference policy and how to iteratively develop an application policy while having minimal impact on
production systems.

About David

David Quigley started his career as a Computer Systems Researcher for the National Information Assurance Research Lab at the NSA where he worked as a member of the SELinux team but has since left that position. David leads the design and implementation efforts to provide Labeled-NFS support for SELinux. David has previously contributed to the open source community through maintaining the Unionfs 1.0 code base and through code contributions to various other projects. David has presented at conferences such as the Ottawa Linux Symposium, the StorageSS workshop, LinuxCon and several local Linux User Group meetings where presentation topics have included storage, file systems, and security.

David currently works as a Computer Science Professional for the Advanced Engineering and Development division at Keyw Corporation.