Developer Summit 2009/Abstracts/Tricca Pending

From SELinux Wiki
Revision as of 23:49, 21 July 2009 by JamesMorris (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search


Philip Tricca


Video Streaming in Policy Confined Environments


Traditional cross-domain data dissemination systems in military environments have relied heavily on text and structured message parsing. Due to technical, budgetary and political hurdles data labeling has never been fully adopted on many networks. Thus data residing in a network domain does not carry any indication as to its integrity or sensitivity level. Data sensitivity is instead proven through inspection at the point of dissemination where a "go / no-go" decision is made. All data then is assumed to be at "system-high" until proven otherwise upon each dissemination request.

This approach is acceptable for simple textual data but for data objects with complex structures the inspection burden is significantly higher or even impractical. We argue that, given current trends toward increasing complexity in media formats, automated sensitivity detection at the network boundary won't scale. More complex formats drive increased complexity and cost (CPU cycles) into inspection engines. This causes the latency of data dissemination operations to be severely increased. It may even result in the requirement for manual human review of the data if no automated inspection mechanisms exist.

As an alternative we propose leveraging current labeling and MAC information ow enforcement technologies to provide protected paths between labeled sources and their destination. We construct these paths as processing pipelines using the GStreamer framework across multiple SELinux hosts. As these pipelines may span sensitivity domains in either direction, one-way information ow semantics are particularly im- portant in some cases. We discuss these cases, our efforts to preserve these semantics where possible and the difficulties we have encountered.

GStreamer also presents an interesting challenge in that it is itself a complex pipelin- ing architecture. We present our work to decompose GStreamer pipelines into separate processes for increased policy granularity and look to discuss the pros and cons of this approach. Specific metrics and architectures will be presented, and discussion around integration with policy development tools like the CDS Framework would be beneficial.

This talk will be short: approximately 20 minutes. Additional time may be necessary for questions.