Professional Documents
Culture Documents
Ravi Shankar
Agenda
Billing Admit
Doctor Nurse
Clerk Clerk
Need: Easing Enterprise administration
complexity
– Most IT infrastructure management difficult
√
3. System administrator creates a role for file Create File
system administration called fs_manager
and assigns the same to bob. (can be done
through the GUI, download to kernel)
X
system
/usr/new
Assume role
fs_manager
Operating System
(Trusted Execution)
Trusted Execution
Modify
Trusted Execution
Configurable Policies
– Monitor all executions (& libraries) and loads of files in signature
database
– Monitor only loads of kernel extensions
– Lock the signature database. Even root cannot write to database
– Disable trusted file opens for write
Trusted Execution
Run Time Integrity Check
System Integrity Check Install Time population
(Entries can be added later)
Executable/
Module
Signature Certificates
Database Database
Hash/
Calculate
Signature
Hash
Integrity Checker Database
Tool
Hash Policy Engine
Eg: Disallow loads on non-match
File
Memory
System Integrity Status
Trojan Horse Detection Signature database can be customized
– Add entries for custom software
– Customer’s private/certificate key pair used
/usr/bin/chuser:
owner = root
…..
Fileset.sec.S size =
cert_tag = Install
signature =
Build process hash_value = Hash/
….
Signature
Database
buildsecattr
instsecattr
instsecattr
Packaging process
RBAC
databases
Fileset.sec
Package
∙
∙
Other Security databases
Feature availability Needed a separate install option Already installed and ready to use as part of the
regular AIX install
ISV support to ship signatures No Yes
/etc/security/pwdalg.cfg
Traditional Security
Audit and Monitor Assurance
Strong Authentication and Identification Labeled Security Protection Profile
EAL 4+
Labeled Printing
Printing with Labels
Headers, footers per MLS specs
Label based printer controls
c t DAC
b e
j ss) DAC c t
Su rocceess Access O bje
p rPo
(
Such an access control is not sufficient for organizations which deal with sensitive data.
t MAC DAC
ec
j s) t
b DAC DAC c
Su rocceesss Access O bje
ro
P
(p
Classification Compartmentsadmin
tech
mgt
Secret
Dominance
SL1 SL2
Secret A B Public B
Equality
SL1 SL2
Secret A B Secret A B
Disjoint
SL1 SL2
Public A C Public B
write same
subject object
(HIGH SL) read same (HIGH SL)
write read
write read up up
down down
read same
subject
object
(LOW SL)
(LOW SL) write same
Dir
Dir Min
Min SL
SL <=
<= File
File SL
SL <=
<= Dir
Dir Max
Max SL
SL
33 © 2007 IBM Corporation
STG Technical Conferences
Partitioned Directories
Called pdir
Redirects users to subdirectories
Subdirectories at different ESLs
Process accesses only subdirectory with same SL
as process
Therefore, all data in pdir subdirectory at same
level
– Downgrade path avoided
Partitioned Directories …
Directory
Directory
Min SL: U Max SL: SEC
hidden
hidden psdir
psdir hidden
hidden psdir
psdir
SL: U SL: SEC
FileA
FileA FileB
FileB FileA
FileA FileB
FileB
SL: U SL: U SL: SEC SL: SEC
packet
TCP Header
IP Header User Data
UDP Header
optional
37 © 2007 IBM Corporation
STG Technical Conferences
Labeled Printing
Labeled Printing
New Commands
New Commands….
pdset Converts regular directory to partitioned directory and associated partitioned sub
directories
lstxattr Displays the label and security flag attributes of files, processes, and IPC objects
settxattr Changes the label and security flag attributes of files, processes, and IPC objects
Miscellaneous
Archival commands (backup and restore) will store and restore labels by default.
– New options provided to ignore labels by authorized users
SMIT interfaces
Policy Management
Resources
AIX 6.1 Links
– Open Beta: https://www14.software.ibm.com/iwm/web/cc/earlyprograms/ibm/aix6beta
– Docs: http://publib.boulder.ibm.com/infocenter/pseries/v6r1/index.jsp
– Security guide: http://publib.boulder.ibm.com/infocenter/pseries/v6r1/topic/com.ibm.aix.security/doc/security/security.pdf
– WPAR: http://publib.boulder.ibm.com/infocenter/pseries/v6r1/topic/com.ibm.aix.wpar/wpar-kickoff.htm
– Security Redbook http://www.redbooks.ibm.com/redpieces/abstracts/sg247430.html?Open
pSeries Security
– http://www.ibm.com/eserver/pseries/security
AIX online publications
– http://www.ibm.com/servers/aix
– Technical ‘Redbooks’ PDF/HTML available at http://www.redbooks.ibm.com
• SG24-5962-00 AIX 4.3 Elements of Security
• SG24-5971-00 Additional AIX Security Tools
• SG24-7463-00 AIX 5L Differences Guide Version 5.3 Edition
HMC Security:
– http://www.ibm.com/servers/eserver/pseries/hardware/whitepapers/hmc_security.pdf
IBM Security
– http://www.ibm.com/security
Security Information by email.
– https://techsupport.services.ibm.com/server/pseries.subscriptionSvcs
IBM Security Response Alerts
– security-alert@austin.ibm.com
Resources
AIX LDAP integration : redbook
– http://www.redbooks.ibm.com/redpieces/pdfs/sg247165.pdf
AIX LDAP Configuration
– Server
• http://www-1.ibm.com/servers/aix/whitepapers/ldap_server.html
– Client
• http://www-1.ibm.com/servers/aix/whitepapers/ldap_client.pdf
AIX Virus Scan Software
– http://www-1.ibm.com/servers/eserver/pseries/security/feature/antivirus.html
SSH DeveloperWorks Articles
– http://www-106.ibm.com/developerworks/eserver/articles/openssh_aix.html
– http://www-106.ibm.com/developerworks/eserver/articles/openssh_updated.html
Service Update Management Assistant(SUMA): tool to monitor for security PTFs. : http://www-
03.ibm.com/servers/aix/whitepapers/suma.pdf
AIX user management using Kerberos server
– http://www-03.ibm.com/systems/p/library/wp_aix_lit.html
– http://www.ibm.com/servers/aix/whitepapers/aix_kerberos.pdf
– http://www.ibm.com/servers/aix/whitepapers/aix_kerberos2.pdf
NFS4 ACL: http://www.redbooks.ibm.com/redbooks/pdfs/sg246657.pdf
Questions ?