Description

A secure application should do what it is supposed to do, and nothing else. It is the surprising "something else" behaviors in software that become vulnerabilities that attackers exploit to compromise systems. AppArmor is a security system that confines applications to do only what they are supposed to do, including facilities to easily generate security policies for applications. AppArmor is GPL software, a standard feature of SUSE Linux, and ports are available for Ubuntu, Gentoo, Slackware, and Red Hat Linux.

In this course you will learn how to use AppArmor to secure both individual applications, and entire systems. Students will be given a VMware Linux image with AppArmor pre-installed to exercise with.We begin with a basic demonstration, where I will show building a security profile for Apache in a few minutes. We then as a group build a profile for another application.

Security is the business of saying "no" sometimes, and therefore always imposes a degree of inconvenience. With perfection comes security and convenience as software "just works" and only does correct things, but there is a supply problem with perfect software :) AppArmor approximates correctness by describing roughly what the application should be permitted to do, and asks you questions about how you want your security profiles to behave. You can turn the knob either way; towards very tight security policy that is more secure, or towards looser security policy that may relax security to provide more convenience. We will study in depth how best to answer these questions, depending on your usage scenarios.

To protect an entire system, you must address every avenue of attack. We will learn how to use AppArmor to protect the system from:

• Network attacks against servers

• Content attacks against desktops

• Keyboard and mouse attacks against kiosks

We will examine how to use AppArmor to confine users as well as applications. You can use this technique to confine both normal and root users to execute only the commands you permit, operating on only the files you want. You can thus even provide for a root-privileged system administrator who can only perform tasks relevant to their role.

Finally we will examine the resulting security of these measures. Some of the applications provided on the VMware Linux image have vulnerabilities, and we will attack these vulnerabilities and observe what happens. In the ultimate end game, we will look at what can and cannot be done from within a root privileged shell confined by AppArmor.

Prerequisites

• basic command line proficiency on Linux systems

• basic Linux/*NIX system administration skills

• basic familiarity with shell wildcards: *, [], and {}

If you knowbash,chmod, andgrep, then you are ready. Knowing an editor such asviwill help, but is not necessary.

Prerequisite material

You need to bring your own laptop with these capabilities:

• A copy of VMware Workstation, VMware Server, or VMware player installed and working.

• Available for free download here http://www.vmware.com/download/

• Please install it ahead of time, so we do not have to spend class time debugging VMware issues.

• 5 GB of free disk space to install the Linux image we will use.

• >Ability to dedicate 256MB of RAM to the VMware guest.

  • If you have 512MB of RAM, you will suffer poor performance.

• An SSH client installed on your host, so that you can connect to your guest.

Additionally, if you have SUSE, Ubuntu, Gentoo, Slackware, or Red Hat installed on your laptop, you may wish to experiment with AppArmor on your host OS. However, compatibility issues may prevent this from working on the day of the class, and breaking your computer is your problem. That's why we primarily work on VMware :)