SELinux models

From SELinux Wiki
Revision as of 14:29, 2 July 2009 by DominickGrift (Talk | contribs)

Jump to: navigation, search

Introduction to SELinux security models and concepts

SELinux implements a security model that is a combination of SELinux user identities, Role-Based Access control and Type Enforcement. Optionally models that can be implemented are User-Based Access Control, Multi Level Security or Multi Category Security. Each of these models have a Security attribute and the combination of these Security attributes is called a Security context.

SELinux User Identities

The SELinux User Identity attribute is the first attribute in the Security context. This attribute is used to assign SELinux Roles and Security Level ranges, or Security Category ranges to Linux User Identities. SELinux User Identities are independent of the Linux User Identities. Constraints in the security policy define whether SELinux User Identities can be changed.

Role-Based Access Control

The Role-based Access Control attribute is the second attribute in the Security context. This attribute is used to assign Security domains to SELinux User Identities. Role-Based Access Control is only applicable to processes. The SELinux Role attribute in Security contexts for files is generic.

Type Enforcement

The Type Enforcement attribute is the third attribute in the Security context. This attribute is used to assign types to processes and files. These types can be used to define how processes and files can interact. Type transitions define whether types for processes and files can be changed.


Optional models



User-Based Access Control

The User-Based Access Control attribute is the first attribute in the Security context. User-Based Access Control is a optional extension to SELinux User Identities. The Security model is used to achieve SELinux User Identity seperation. Constraints in the security policy define how SELinux User Identities can interact with eachothers resources.

Multi Level Security

The Multi Level Security attributes are the fourth and fifth attributes in the Security context. These attributes are used to assign Security levels and Security compartments to processes and files to enforce confidentiality. Constraints in the security policy define how processes and files can interact. Processes are forced to operate on specified Security Levels and in specified Security Compartments. The Multi Level Security model enforces a "no read up and no write down" policy. Multi Level Security and Multi Category Security are mutually exclusive.

Multi Category Security

The Multi Category Security attributes are the fouth and fifth attributes in the Security context. These attributes are used to assign Security Categories to processes and files. The Security level attribute in Multi Category Security contexts is generic. Constraints in the security policy define how processes and files can interact. Multi Category Security is a implementation of Multi Level Security where the use of assigned Security Categories is to the discretion of the user. Multi Category Security and Multi Level Security are mutually exclusive.

--DominickGrift 06:31, 2 July 2009 (PDT)