From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from goalie.tycho.ncsc.mil (goalie [144.51.3.250]) by tarius.tycho.ncsc.mil (8.13.1/8.13.1) with ESMTP id p1MHsYWA009622 for ; Tue, 22 Feb 2011 12:54:34 -0500 Received: from c-sl428.itechfrontiers.net (localhost [127.0.0.1]) by msux-gh1-uea02.nsa.gov (8.12.10/8.12.10) with ESMTP id p1MHsXfg005105 for ; Tue, 22 Feb 2011 17:54:33 GMT Message-ID: <4D63F854.3030907@itechfrontiers.com> Date: Tue, 22 Feb 2011 12:54:28 -0500 From: "cto@itechfrontiers.com" MIME-Version: 1.0 To: Sanjai Narain CC: selinux@tycho.nsa.gov Subject: Re: SELinux and Stuxnet References: <0B31D28E10F4FA489A0261135B94A14804A4489F@XMB-AMS-109.cisco.com> <4D45E42A.80303@research.telcordia.com> <4D4604DB.3060402@itechfrontiers.com> <4D63EA14.2080701@itechfrontiers.com> <4D63F01E.70903@research.telcordia.com> <4D63F5A9.3000301@itechfrontiers.com> In-Reply-To: <4D63F5A9.3000301@itechfrontiers.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Sender: owner-selinux@tycho.nsa.gov List-Id: selinux@tycho.nsa.gov Need to add it myself, that human being is also error-prone, i.e. last message I meant "waives" and wrote "waves" such errors happen even in development, in software and in security On 2/22/2011 12:43 PM, cto@itechfrontiers.com wrote: Sanjai, Security is a complex business, I'm afraid that SELINUX is an attempt to simplify part of this job at least, The more secure you want to make a system the more complex naturally it becomes, however complexity is enemy of security by itself, There is somewhat a dilemma, a paradox in here, I'm afraid it cannot be oversimplified as regular users would become security experts or such simplification waves the need for security specialists Best, Patrick K. > > > On 2/22/2011 12:19 PM, Sanjai Narain wrote: >> Hi Patrick: Thanks for your note. I understand that SELinux does not >> directly apply to Stuxnet since it targeted Windows. However, my >> question was conceptually motivated: whether mandatory access control >> could have contained the impact of this worm, had it been available. I >> had thought that the answer is yes but wanted to find out from other >> experts. I believe you concur. Now, if only we could make SELinux a lot >> easier to use..... this is where one of my interests lie. -- Sanjai >> >> >> On 2/22/2011 11:53 AM, cto@itechfrontiers.com wrote: >>> On 1/30/2011 7:39 PM, cto@itechfrontiers.com wrote: >>>> Hello, >>>> >>>> Stuxnet is a Windows Worm, and SELinux is Mandatory Access Control for >>>> Linux >>>> >>>> on Linux SELinux can reduce the impact of such worms if targeting Linux >>>> boxes, but it is not a preemptive mechanism for not having any kind of >>>> compromise due to any vulnerability, Although if you protect your >>>> system >>>> and targeted processes you may have reach the goal of containing the >>>> impact of possible compromises >>>> >>>> >>>> Best, >>>> >>>> Patrick K. >>>> >>>> On 1/30/2011 5:20 PM, Sanjai Narain wrote: >>>>> Has there been thinking on whether SELinux-hardened machines can avoid >>>>> the spread of Stuxnet-like worms? Thanks. --Sanjai >>>>> >>>> >>>> >>>> -- >>>> This message was distributed to subscribers of the selinux mailing >>>> list. >>>> If you no longer wish to subscribe, send mail to >>>> majordomo@tycho.nsa.gov >>>> with >>>> the words "unsubscribe selinux" without quotes as the message. >>> >>> Sanjai, >>> >>> SELinux is Mandatory Access Control for Linux >>> >>> Stuxnet only compromises Windows, SCADA and PLC 7 systems (Siemens >>> systems) >>> >>> it is a worm, for a worm to compromise a system you need to have >>> certain vulnerabilities >>> >>> It cannot compromise Linux (the same way); as that worm has been >>> designed for particular purposes and taking advantages of Windows >>> vulnerabilities >>> >>> If you mean protecting a network using Linux front ends or inline >>> systems Like IPS systems that's another story which is irrelevant to >>> SELINUX actually (although an IPS system -Intrusion Prevention system- >>> on Linux can take advantages of SELINUX) >>> >>> in brief , theoretically in case of a worm for Linux, it could be >>> contained if SELINUX is effectively used. >>> >>> in practice Stuxnet is for Windows >>> >>> Best, >>> >>> Patrick K. >>> >>> > > > -- > This message was distributed to subscribers of the selinux mailing list. > If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov > with > the words "unsubscribe selinux" without quotes as the message. -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.