Slashdot Mirror

← Back to Stories (view on slashdot.org)

NAI Labs releases LOMAC, a kernel security extension

Posted by Nik on from the security-thru-well-written-code dept.

Tim Fraser writes "NAI Labs has released a new version of the Linux LOMAC kernel extension , their latest in a series of security extension products they're involved with -- ranging from components of TrustedBSD to SELinux. LOMAC provides a drop-in security solution that does not require extensive administration unlike other kinds of Mandatory Access control (MAC). There's a port of LOMAC to FreeBSD in the works. The release announcement has more details.

7 of 62 comments (clear)

  1. Drop in security? by idistrust · · Score: 3
    I don't think that anything can be drop in security. Somebody's GOT to know what they're doing. Back in the olden days I messed around with Bastille's "drop-in-security" and ended up with a foobar'd system that I couldn't even get into. That's not security, that's just uselessness.

    With all of that aside though, any kind of thing like this has got to be good. When high-up people see that something like Linux is getting support like this, they (in my experience) become a little less afraid of it. Didn't Microsoft claim to have some kind of security certification on NT or something like that? My memory is getting sketchy so there's a damn good chance I'm wrong. But if Linux could have something similar to that... it would definitely be a start. To some people, fancy titles mean everything.

    Mike.

    --

    --Ask a silly person, get a silly answer.

  2. Good to see true kernel level security solutions by hillct · · Score: 3

    This is great news for the linux community. It's interestingthat commercial software vendors (vs OSS vendors) seem to think things like this for linux are not viable. Strange. Seems to work for me. Security by closed source is a variant on security through obscurity and we all know what a falacy this is.

    Great Work Guys!

    --CTH

    --

    --

    --Got Lists? | Top 95 Star Wars Line
  3. Re:Too good to be true? by Lord+of+the+Files · · Score: 5

    The author gave a talk at our lug last week. This is my understanding of what he said.

    Basically LOMAC's goal is to increase security without being intrusive. (Intrusive systems are hard to get people to use). It doesn't protect against everything, or even close to everything. It does make a class of actions which should basically never be done impossible.

    It divides the fs into level 1 and level 2 parts. Level 2 stuff is things like /etc, /usr, and anything else only root should be mucking with. Level 1 is everything else. Programs begin running at level 2, and are demoted to level 1 as soon as they read a level 1 file (or from the network which is considered level 1).

    This keeps someone who compromised your copy of bind running as root from reconfiguring your system. It doesn't stop them from trashing your www data, or anything else going on at level 1.

    i.e. it eliminates a certain class of problems.

    As to it being drop in, it's a kernel module. What is level 1 vs. level 2 in the file system is defined at compile time. There is _no_ configuration, which makes it very easy to use.

    --

    God does not play dice - Einstein

    Not only does God play dice, he sometimes throws them where they

  4. Ok, so what's so great about it... by Anonymous Coward · · Score: 4

    Am I missing something, but how does this differ from giving every critical file the system immutable flag (under BSDs), then when the box has come up nicely you lift the security level, to something that enforces the chflags and doesn't let you change them?

    Ok, so it's nice to just load it, and all your problems will go away. Anyways the standard user won't use it because they haven't heard of it, and they dont know how to get it or compile it.

    Anyone with more experience about system should use something like LIDS or SELinux, which lets you do much more fine-grained control, and SELinux really rocks in this aspect. Of course SELinux isn't very stable yet, so using it on a web-server maybe ain't the worlds greatest idea, but this is where LIDS comes to play.

    SELinux is of course very cool when building remote administration computers (one computer in the network and all remote administrators has to log in to it, and connect from it to the server they wan't to administer) or shell boxes.

    So I really don't think this is anything great, or?

    1. Re:Ok, so what's so great about it... by Tim+Fraser · · Score: 3

      Hi!

      LOMAC is my project, and I was among the NAI Labs contractors working on the NSA's SELinux project for a short while, too. SELinux is indeed an excellent technology. I've found SELinux to be extremely stable - I never had any of the released versions of SELinux crash on me in my (roughly) 6 months of usage.

      The NSA's SELinux project and NAI Labs' LOMAC project have different goals. SELinux is designed to provide powerful features like extremely-fine-grained access control and a time-tested highly-general Flask architecture. LOMAC is designed to remain compatible with existing Linux kernels and software, and work without configuration, even at the cost of some features.

      So, the LOMAC LKM is completely specialized towards supporting a single, simple, coarse-grained form of access control. However, it can be loaded into unmodified off-the-CD-ROM Linux kernels, and you don't have to configure it to recognize your local users and applications. SELinux provides many more powerful features, but it requires you do some configuration, and to patch your kernel and some of your applications.

      It's a tradeoff. Depending on your requirements, you may prefer different choices along the features/compatibility line.

      As for the comparison with the immutable flag, LOMAC provides a more flexible solution that allows admins to modify critical files that are immutable to normal users. LOMAC also provides a mechanism to prevent clever attackers from using Trojan horses or input designed to cause buffer overflows to get control of privileged processes.

      There's a complete description in the LOMAC manual on ftp.tislabs.com/pub/lomac, if you're curious.

      - Tim Fraser, NAI Labs

  5. Lomac. by Matt2000 · · Score: 3


    Protect your computer from outside forces, befriend LOMAC of the forest people. He will pound intruders with sticks and release hounds upon persons who would scan your ports.

    He shall call locusts to protect ftp, floods to guard again DoS and will conceal your serial ports with small bushes and shrubbery.

    It is LOMAC! Flee!

    He shall create small burrowing animals to scratch at the shins of Chinese hackers who would defile your graduate hompage. He will attach secret undersea creatures to the undersides of your mouse to protect you against static charges. He will warn you when you sit weird and your leg might fall asleep.

    It is LOMAC! (Score:-1, Retarded).

    --

  6. Re:This is ok but... by Tim+Fraser · · Score: 3

    Hi!

    Thanks for your interest in LOMAC! LOMAC is my project, and I've talked quite a bit with Amon Ott, RSBAC's creator. We'll both be at the Kernel Security Extension BOF at the upcoming USENIX Annual Technical Conference this June.

    LOMAC and RSBAC have different goals. RSBAC's goal is to provide a general framework that can (simultaneously) support a wide variety of access control mechanisms. LOMAC's goal is to be compatible with existing Linux kernels and software. There's a tradeoff between functionality and compatibility: RSBAC provides general support, but requires a kernel patch. The LOMAC LKM supports only one access control mechanism, but it can be loaded into unmodified off-the-CD-ROM Linux kernels.

    I've talked to Amon Ott about porting LOMAC to RSBAC's framework. I'm hoping to do a demo-quality port this summer, if I can find the time.

    Also, LOMAC allows remote administration via SSH.

    - Tim Fraser, NAI Labs