Enterprises are looking to implement the strongest available security for their computer systems and networks while not compromising usability and accessibility. One of the strongest security tools available is SELinux, which is a mechanism for supporting access control security policies. SELinux, or Security-Enhanced Linux, operates at the kernel level of a Linux-based machine. In use, it can potentially label every object in a system for purposes of access control decisions, and can conceptually elevate the system to a more sophisticated security infrastructure. SELinux allows administrators to implement all of the main security paradigms in terms of access control theory. Similar to SELinux, AppArmor also provides kernel-level security features and customizable access-control policies.
To implement SELinux policies, enterprises may connect to a Linux machine, write a policy for the machine, and then compile and load the policy for implementation by the Linux kernel. This is a difficult, time-consuming, slow, and complex process. Moreover, the SELinux policy syntax and audit logs can be difficult to understand. Often, these types of information require parsing tools to interpret and utilize. These problems are compounded if an enterprise has many different SELinux policies to implement concurrently. Consequently, even for organizations that have the capability of utilizing SELinux, they often disable SELinux because of its difficulties.
Moreover, for organizations that do attempt to enable SELinux, the complexity and time-consuming nature of it make implementations imperfect and inefficient. Enterprises may spend considerable time and effort implementing SELinux, only to have considerable wasted time and significant security vulnerabilities. Even for these organizations, therefore, it is difficult to achieve the security advantages of SELinux.
Accordingly, there is a need for technological solutions for improving the security and usability of SELinux and other security-enhanced operating system tools (e.g., AppArmor). Such tools should be customizable, efficient, and enable enterprises to achieve the security benefits that SELinux, AppArmor, and other security-enhanced operating system tools have the promise of offering. Moreover, such tools should be able to operate in modern computing environments involving virtualized processing and distributed architectures.