Friday, August 19, 2011

Multi-Level Security in SELINUX

Having information of different security levels on the same computer systems poses a real threat. It is not a straight-forward matter to isolate different information security levels, even though different users log in using different accounts, with different permissions and different access controls.


One of the solution is to purchase dedicated systems to each security level but this is very expensive. Another inexpensive solution is use MLS feature of selinux.

The term multi-level arises from the defense community's security classifications: Confidential, Secret, and Top Secret.

The Bell-La Padula Model (BLP) model is used in selinux to protect multi level data.

Under such a system, users, computers, and networks use labels to indicate security levels. Data can flow between like levels, for example between "Secret" and "Secret", or from a lower level to a higher level. This means that users at level "Secret" can share data with one another, and can also retrieve information from Confidential-level (i.e., lower-level), users. However, data cannot flow from a higher level to a lower level. This prevents processes at the "Secret" level from viewing information classified as "Top Secret". It also prevents processes at a higher level from accidentally writing information to a lower level. This is referred to as the "no read up, no write down" model.