MILS, MSL, MLS: Figuring Out All Those Secure Acronyms

Aug. 28, 2008
Few embedded designs are isolated these days. Still, most users and quite a few developers only think of names and passwords when it comes to security. Yet there’s much more, and it really needs to be incorporated throughout the design process

Few embedded designs are isolated these days. Still, most users and quite a few developers only think of names and passwords when it comes to security. Yet there’s much more, and it really needs to be incorporated throughout the design process. It also means you need to grok security.

I thought I did until I had to complete a more complex installation of multiple Security Enhanced Linux (SELinux) systems running as virtual machines (VMs) on a Xen server. I was using CENTOS, a free version of Red Hat Linux. SELinux is enabled by default, and sticking with the standard packages resulted in a secure system that worked just fine until I started moving away from the conventional configurations.

I had to learn security debugging techniques to figure out what I was doing wrong. Searching the Web helped. Fixing the problem then was trivial. In my case, I was lucky enough to have someone else do the base design.

SO WHAT IS MLS? SELinux implements the Flask security architecture, which supports a number of access control policies including type enforcement, role-based access control, and multilevel security (MLS). MLS permits higher-level access to less sensitive information.

SELinux removes one of the major problems with Linux, the root super user account. With SELinux and similar systems, user accounts should only get the access they need. This means developers have to understand what access is needed and what isn’t. Too little access and things don’t work, as in my case. Too much and an undesired breach of security can result.

My problem was an issue of role-based access control and policies that were in place with respect to the storage and VM images. SELinux tracks not only the files and directories involved but also the hard-disk volumes containing them. By default, Xen images cannot be stored on newly added hard disks or virtual volumes. I was using the Linux Logical Volume Manager (LVM) as well. Set the proper security contexts and everything works and is bundled up tight.

So is SELinux the ultimate? Of course not. Red Hat’s Enterprise Linux with SELinux meets Common Criteria Evaluation Assurance Level (EAL) 4. The highest rating is EAL 7, and you need to move to operating systems like Green Hills’ Integrity or Lynuxworks’ LynxOS. Meeting these security levels is a combination of validation and features. Validation is time-consuming and costly, though, which is why few platforms receive EAL 7 certification.

SEPARATION KERNELS The MILS (multiple independent levels of security) architecture addresses domain separation. It’s simpler than MLS and often sufficient for many applications.

Multiple single-level (MSL) separation kernels like Integrity with Padded Cell support and Lynuxworks’ LynxSecure take advantage of VM hardware that is becoming more common. Standard on most 64-bit architectures, it allows operating systems or standalone applications to run on a single machine so one VM can’t corrupt another.

The main difference between products like Integrity and LynxSecure and other VM products like Microsoft’s Hyper-V, VMware, and Xen is the size and complexity of the hypervisor that controls the VM hardware and system. In this case, smaller is better and also easier to verify, which is why LynxSecure and Integrity are utilized in highly secure applications.

MLS systems like SELinux are often found on servers and workstations and in higher-end embedded systems, but they will be found in lighter-weight platforms as well—even cell phones. MontaVista’s Mobilinux implements uSELinux basics, providing security and foregoing the higher-end facilities that are invaluable on servers but not on embedded platforms.

About the Author

William G. Wong | Senior Content Director - Electronic Design and Microwaves & RF

I am Editor of Electronic Design focusing on embedded, software, and systems. As Senior Content Director, I also manage Microwaves & RF and I work with a great team of editors to provide engineers, programmers, developers and technical managers with interesting and useful articles and videos on a regular basis. Check out our free newsletters to see the latest content.

You can send press releases for new products for possible coverage on the website. I am also interested in receiving contributed articles for publishing on our website. Use our template and send to me along with a signed release form. 

Check out my blog, AltEmbedded on Electronic Design, as well as his latest articles on this site that are listed below. 

You can visit my social media via these links:

I earned a Bachelor of Electrical Engineering at the Georgia Institute of Technology and a Masters in Computer Science from Rutgers University. I still do a bit of programming using everything from C and C++ to Rust and Ada/SPARK. I do a bit of PHP programming for Drupal websites. I have posted a few Drupal modules.  

I still get a hand on software and electronic hardware. Some of this can be found on our Kit Close-Up video series. You can also see me on many of our TechXchange Talk videos. I am interested in a range of projects from robotics to artificial intelligence. 

Sponsored Recommendations

Comments

To join the conversation, and become an exclusive member of Electronic Design, create an account today!