1 / 13

An overview of AppArmor

Doug Stanley 07/17/2010 An overview of AppArmor. An overview of AppArmor. Application Security System Mandatory Access Control Makes sure that applications behave as expected Can protect against zero day and unknown flaws. What is it?. Originally created by Immunix

erinpowell
Download Presentation

An overview of AppArmor

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Doug Stanley07/17/2010 An overview of AppArmor An overview of AppArmor

  2. Application Security System Mandatory Access Control Makes sure that applications behave as expected Can protect against zero day and unknown flaws What is it?

  3. Originally created by Immunix Immunix acquired by Novell in 2005 In 2007, Novell laid off the AppArmor staff Currently seems to be maintained by the community Brief History

  4. Discretionary access control is not enough Hard to make applications 100% secure Define what "good" application behavior is. It's relatively easy to use Why AppArmor?

  5. Implemented as an LSM Protects individual applications More precisely, protects system from applications Profiles define appropriate behavior Uses Posix Capabilites So, how does it work?

  6. Automated tools for created profiles are available Profiles are human readable text files Path based restrictions Filesystem neutral Ability to "include" profiles in other profiles Allows for having both enforced and complain profiles Can also restrict network operations Tamperproof Some features of AppArmor

  7. Path based restrictions Too "easy"? Not truly complete mediation Only protects applications for which a profile exists Some drawbacks of AppArmor

  8. Path based vs Label based How they're integrated in the system Managed differently AppArmor vs SELinux

  9. Sample profile for tcpdump from the Ubuntu wiki [1]#include <tunables/global>/usr/sbin/tcpdump {#include <abstractions/base>#include <abstractions/nameservice>#include <abstractions/user-tmp>capability net_raw,capability setuid,capability setgid,capability dac_override,network raw,network packet, Anatomy of a profile

  10. # for -Dcapability sys_module,@{PROC}/bus/usb/ r,@{PROC}/bus/usb/** r,# for -F and -waudit deny @{HOME}/.* mrwkl,audit deny @{HOME}/.*/ rw,audit deny @{HOME}/.*/** mrwkl,audit deny @{HOME}/bin/ rw,audit deny @{HOME}/bin/** mrwkl,@{HOME}/ r,@{HOME}/** rw,/usr/sbin/tcpdump r,}For a complete list of capabilities, see [18] Anatomy of a profile continued

  11. Least Privilege Fail-Safe Defaults Complete Mediation For protected applications Defense in Depth Open Design Privilege Separation Psychological Accpetance Principles of Secure Design

  12. Psychologically acceptable Good balance of ease of use and security Not overly confusing Application developers can create profiles for users Effective Conclusion

  13. https://wiki.ubuntu.com/AppArmor http://en.wikipedia.org/wiki/AppArmor http://www.linux-magazine.com/Issues/2006/69/COUNTERPOINT http://developer.novell.com/wiki/index.php/Apparmor_FAQ http://www.novell.com/linux/security/apparmor/selinux_comparison.html http://developer.novell.com/wiki/index.php/Apparmor_FAQ https://help.ubuntu.com/9.10/serverguide/C/apparmor.html http://www.nuxified.org/blog/novells_comparison_of_apparmor_and_selinux https://apparmor.wiki.kernel.org/index.php/Documentation http://en.wikipedia.org/wiki/SELinux http://en.wikipedia.org/wiki/Linux_Security_Modules http://en.wikipedia.org/wiki/Immunix http://www.defcon.org/images/defcon-15/dc15-presentations/dc-15-cowan.pdf http://www.linux-magazine.com/w3/issue/69/AppArmor_vs_SELinux.pdf http://www.ratliff.net/blog/2007/10/03/security-design-principles/ http://selinuxproject.org/page/FAQ http://manpages.ubuntu.com/manpages/karmic/en/man7/apparmor.7.html http://manpages.ubuntu.com/manpages/karmic/en/man7/capabilities.7.html References

More Related