1. Security-Enhanced Linux by Atul Jha aka koolhead17 By Atul Jha

2. SELinux: What? 3. Mandatory Access Control Complements traditional Discretionary Access Control 4. SELinux: Why? 5. Integrity (Type Enforcement) Confidentiality (Multi Level Security) Role Based Access Control 6. SELinux: Where? 7. Kernel: Security server Object manager Access Vector Cache 8. User space: Coreutils Policycoreutils Checkpolicy 9. SELinux-policy: Configuration data Rules that govern access 10. Policy models and concepts 11. SELinux identities or User based access control: - First field in security context tuple - SELinux identities a way to map Linux logins to SELinux Users - User based access control mechanisme to isolate SELinux users 12. Role Based Access Control: - Second field in security context tuple - Mechanism that enables SELinux users to switch types 13. Type Enforcement: - Third field in security context tuple - Processes and objects are assigned types - Policy governs how types can interact 14. Multi Level Security or Multi Category Security: - Fourth field in security context tuple 15. MLS: - Processes and objects are assigned security levels - Security level is a sensitivity and compartment(s) - s0 SystemLow - s15:c0.c1023 SystemHigh 16 sensitivities 1024 compartments No read up and no write down 16. MCS: - Alternative way to use MLS attribute - Only one sensitivity - 1024 categories - Semi-discretionary - MCS used in Svirt and Sandbox -X 17. SELinux resources: http://www.selinuxproject.org/page/User_Resources