Linux gains embedded security framework
Aug 15, 2008 — by Eric Brown — from the LinuxDevices Archive — 21 viewsLWN.net has published an article on a new Linux access control mechanism called the Simplified Mandatory Access Control Kernel (Smack). Part of the mainline kernel since version 2.6.25, Smack is simpler and less resource-intensive than SELinux, especially for embedded developers, says the story.
“OLS: Smack for embedded devices,” written by Jake Edge, reviews a presentation about Smack given at the recent Ottawa Linux Symposium (OLS) by Smack developer Casey Schaufler. (His logo for Smack is pictured at top.)
Like SELinux, Smack is designed to harden the security of Linux systems via mandatory access control (MAC) policies. SELinux is an open source project maintained by the U.S. NSA (National Security Agency) that leverages MAC to confine the actions of any process, including a superuser process, within Linux. Linux distributions such as Red Hat Enterprise Linux and MontaVista Carrier Grade Edition have been configured with SELinux extensions.
So far, SELinux has ruled supreme, yet Smack appears to be gaining adherents among embedded developers. “Smack has the distinction of being the second user of the Linux Security Module (LSM) kernel interface to be merged into the mainline,” writes Edge. “This finally put to rest the idea that the LSM might some day be removed from the kernel, requiring all security solutions to be implemented in terms of SELinux.”
Smack differs from SELinux in that it requires MAC rules to be explicitly specified, rather than suggested implicitly in a set of policies, explains Edge. Smack labels entities as either being active “subjects” or passive “objects,” with a subject — typically a task — acting on an object, such as a file. Smack compares subject and object labels to see if they match. If they do not, it further consults a list of explicit access rules to see if access can be offered.
Furthermore, unlike with SELinux, objects “inherit the label of the subject that creates them,” so that an executables label “is only relevant to determine whether the subject process is allowed to execute it,” he explains. “The process that gets created has the label of the subject that executed it, not the label associated with the executable file.” In Schaufler's OLS presentation, he argued that this simplicity makes sense for single-purpose embedded devices that need only implement a limited set of functions. In such cases, reductions can be achieved in development time, as well as the amount of required RAM and flash.
Developers are also working on trimming down SELinux “and its enormous policy file” for embedded development, explains Page, but he argues that Smack is still likely to be far simpler and more resource-efficient. “Clearly Smack is vastly simpler,” concludes Page. “Whether it has enough capabilities to provide the protection that embedded developers require remains to be seen.”
Availability
The LWN.net article by Page should be available here. A previous LWN.net article on Smack written last October by Jonathan Corbet may be found here. Schaufler's OLS paper on Smack may be found on this OLS proceedings page, hosted by the Fedora Project. Schaufler's Smack site may be found here.
This article was originally published on LinuxDevices.com and has been donated to the open source community by QuinStreet Inc. Please visit LinuxToday.com for up-to-date news and articles about Linux and open source.