From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from goalie.tycho.ncsc.mil (goalie [144.51.242.250])
 by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id v8LF35Lg012272
 for <selinux@tycho.nsa.gov>; Thu, 21 Sep 2017 11:03:05 -0400
Received: by mail-qk0-f178.google.com with SMTP id b82so5924998qkc.4
 for <selinux@tycho.nsa.gov>; Thu, 21 Sep 2017 07:26:53 -0700 (PDT)
Message-ID: <59C3CC27.7010102@quarksecurity.com>
Date: Thu, 21 Sep 2017 10:26:47 -0400
From: Joshua Brindle <brindle@quarksecurity.com>
MIME-Version: 1.0
To: masoom alam <masoom.alam@gmail.com>
CC: selinux@tycho.nsa.gov
References: <CAPihp9nPSh1mnnAsZ3aHL3KqBq80RQKLjq8N_AF29iNn3UKj+A@mail.gmail.com>
In-Reply-To: <CAPihp9nPSh1mnnAsZ3aHL3KqBq80RQKLjq8N_AF29iNn3UKj+A@mail.gmail.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Subject: Re: A casestudy where selinux has stopped malware attacks
List-Id: "Security-Enhanced Linux \(SELinux\) mailing list"
 <selinux.tycho.nsa.gov>
List-Post: <mailto:selinux@tycho.nsa.gov>
List-Help: <mailto:selinux-request@tycho.nsa.gov?subject=help>

masoom alam wrote:
> Hi every one,
>
> Do we have some thing like the mentioned subject documented?
>
> Thank you.
>

Probably one of the better catalogued set of malware stopped by SELinux, 
which shows various ways SELinux mitigated the attacks, is The Case For 
SEAndroid from Stephen Smalley:

https://selinuxproject.org/~jmorris/lss2011_slides/caseforseandroid.pdf