Mandatory Access Control with AppArmor

Mandatory Access Control (MAC) is a policy-based security framework that augments conventional security systems by providing an additional layer of protection. Unlike normal permissions, which revolve around performing functions on a filesystem, MAC deals with applications rather than files and directories. MAC doesn't replace existing permissions but supplements them. Since Linux Kernel 2.6, all the MAC versions are implemented over the Linux Security Module (LSM) framework. This article will focus on AppArmor [1], which has been around since 1998 and has been supported by Canonical since 2009.

One advantage of a policy-based model is that a policy cannot be changed by the user, unlike normal permissions, which can be changed if you have sufficient rights. Another added benefit is that it is applicable to all users, even those with superuser privileges.

AppArmor: A Beginner's Delight

Policy-based systems have a higher learning curve, but even the most basic MAC will bolster the system security. Many policy-based systems are so complex that users don't delve deeply enough to implement them effectively. One benefit of AppArmor is that it is comprehensive, yet simple enough to deploy with minimal investment of time and training.

[...]

Use Express-Checkout link below to read the full article (PDF).

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy Linux Magazine

SINGLE ISSUES
Print Issues
Digital Issues
 
SUBSCRIPTIONS
Print Subs
Digisubs
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • AppArmor

    After penetrating a remote system, intruders might think they are home and dry, but AppArmor spoils the fun, locking the miscreants in a virtual cage.

    more »
  • AppArmor

    When an attacker succeeds in infecting a victim’s system, the attacker inherits the victim’s privileges. App Armor beats the attack by reducing the potential victim’s privileges to a minimum.

    more »
  • AppArmor vs. SELinux

    Security Enhanced Linux or App Armor? Linux Magazine invited two well-known personalities from Red Hat and Novell to debate the merits of their security systems.

    more »
  • openSUSE Tumbleweed Ditches AppArmor for SELinux

    If you're an openSUSE Tumbleweed user, you can expect a major change to the distribution.

    more »
  • Novell Dismisses AppArmor Developer

    Two years after acquiring the company that developed AppArmor Novell has dismissed the developer behind the security technology.

    more »
comments powered by Disqus