virtual SELinux appliances, automated test suites

virtual SELinux appliances, automated test suites

[coderman]

there have been some interesting discussions in the past here and
elsewhere related to combining virtual machines and SELinux enabled
operating system instances. (open source NetTop where virtual
instances also apply SELinux policy internally?) [1] [2] [3]

i'd like to know if anyone is aware of additional resources related to
this approach.  i am using  this method coupled with user centric two
factor authentication (right now token + pass phrase) to provide a
secure environment for various task/service oriented OS instances
(virtual appliances as VMware calls them when virtualized.[4] 
currently these are dedicated instances launched from boot loader and
the virtualization piece is where my focus now resides)

the terra project looks promising but i cannot find any code or
implementation details aside from that presented in the paper. [5]

the various User Mode Linux images which support SELinux policy are
relevant though i would prefer a stronger xen/vmware isolation between
virtual instances. [6] [7]

the secure virtual file system uses xen to manage fs communication
used by virtual machines although it too lacks detail.  if
code/implementation for this could be obtained and SELinux aware
instances executed under xen this might fit the bill nicely. [8]

the way in which we are using virtual appliances requires the OS
images be pre-populated with all necessary keys, configuration, and
application data.  this places an emphasis on testing to ensure
mastered os instances / appliances function as desired standalone or
within a network.  information related to automated regression
testing, learning modes for SELinux policy definition/refinement, and
other relevant resources would be greatly appreciated.  there is
little information on these methods currently available that i was
able to find applied to SELinux although similar projects exist for
other targets. [9] [10]

best regards,


[1.] " Paranoid Penguin - The Future of Linux Security"
  http://www.linuxjournal.com/node/8296/print

[2.] "xen 2.0 - adding selinux permissions"
  http://www.nsa.gov/selinux/list-archive/0411/9642.cfm

[3.] "Re: XP as a base for NetTop"
  http://www.nsa.gov/selinux/list-archive/0405/7222.cfm

[4.] "Community Virtual Appliances"
  http://www.vmware.com/vmtn/appliances/community.html

[5.] "Terra: A Virtual Machine-Based Platform for Trusted Computing"
  http://footstool.stanford.edu/~jchow/papers/sosp03/terra.pdf

[6.] "The ADIOS Project - Automated Download and Installation of
Operating Systems"
  http://dc.qut.edu.au/adios/news.html

[7.] "Annotated HOWTO for creating an SELinux enabled UML system"
  http://www.golden-gryphon.com/software/security/selinux-uml.xhtml

[8.] "SVFS: Secure Virtual File System"
  http://www.eecs.umich.edu/~zhaoxin/svfs_intro.htm

[9.] "Systrace - Interactive Policy Generation for System Calls"
  http://www.citi.umich.edu/u/provos/systrace/

[10.] "Using Test Suites to Validate the Linux Kernel"
  http://linuxquality.sunsite.dk/articles/testsuites/


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: virtual SELinux appliances, automated test suites

[coderman]

On 2/28/06, coderman <coderman@gmail.com> wrote:
> ...
> the way in which we are using virtual appliances requires the OS
> images be pre-populated with all necessary keys, configuration, and
> application data.  this places an emphasis on testing to ensure
> mastered os instances / appliances function as desired standalone or
> within a network.  information related to automated regression
> testing, learning modes for SELinux policy definition/refinement, and
> other relevant resources would be greatly appreciated.

it might be helpful to mention existing systems for policy generation
and testing, and OS/application testing with these policies. 
comparisons and commentary regarding real world use, lessons learned,
etc is solicited.

relevant conversations and details from the symposium would also be appreciated.

policy management/generation:
- reference policy (everyone knows about it; listed for completeness)
 [ http://serefpolicy.sourceforge.net/api-docs/ ]

- setools, policycoreutils, audit2allow, audit2ref, apol
  [ http://selinux.sourceforge.net/devel/userland.php3
   http://www.tresys.com/selinux/selinux_policy_tools.shtml ]

- slat, polgen
  [ http://www.mitre.org/tech/selinux/ ]

- selinux policy editor (and accompanying simplified policy language)
 [ http://seedit.sourceforge.net/ ]

- selpec, sellog, selchk
  [ http://www.selinux.hitachi-sk.co.jp/en/tool/selaid/selaid-top.html ]

- SLIDE (eclipse plugin, not useful standalone / console?)
  [ http://selinux-ide.sourceforge.net/index.php ]

- CDS Framework IDE (no standalone/console mode?)
  [ http://tresys.com/selinux/cds_framework.shtml ]

- SELinux Policy Server
  [ http://tresys.com/selinux/selinux_policy_server.shtml ]

- conditional policy extension
 [ http://tresys.com/files/docs/cond-readme.txt ]

- Lopol: A Deductive Database Approach to Policy Analysis and Rewriting
 [ nothing public at this time? ]

- CIPSO / IPsec policy hooks / SELinux Protected Paths
 [ nothing public at this time? ]

- SENG: An Enhanced Policy Language for SELinux
 [ nothing public at this time? ]



OS/Application level testing / automation:
- Linux Test Project / selinux-testsuite
 [ http://ltp.sourceforge.net/
   limited mainly to testing selinux kernel capabilities? ]

- Towards Automated Authorization Policy Enforcement
 [ nothing public at this time? ]

- Software Testing Automation Framework / STAX
 [ http://staf.sourceforge.net/index.php ]

- Other test tools?
 [ http://ltp.sourceforge.net/tooltable.php ]


regarding SELinux within or hosting virtual OS instances i am still
interested in any projects / experiences using the xen hypervisor
specifically: http://www.xensource.com/

best regards,


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: virtual SELinux appliances, automated test suites

[Antoine Martin]

On Tue, 2006-02-28 at 17:26 -0800, coderman wrote:
> there have been some interesting discussions in the past here and
> elsewhere related to combining virtual machines and SELinux enabled
> operating system instances. (open source NetTop where virtual
> instances also apply SELinux policy internally?) [1] [2] [3]
http://uml.nagafix.co.uk/SELinux/

> the various User Mode Linux images which support SELinux policy are
> relevant though i would prefer a stronger xen/vmware isolation between
> virtual instances. [6] [7]
What makes you think that the isolation with UML is weaker than
xen/vmware? Have you looked at skas0 (and skas3 without procmm) ?
On the page above you can also find some policies for containing the UML
instance on the host using SELinux. (as well as running SELinux in the
guest)

Antoine


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.