Design and Development of Mandatory Integrity Control in Astra Linux OS

Mandatory integrity control (MIC) is the security foundation of the Astra Linux operating system (OS) certified for the highest protection classes and trust levels, which, along with other mechanisms, including a closed software environment, ensures protection of privileged OS processes, integrity of executable and configuration system files and OS directories, as well as user data. The use of MIC is aimed for protecting against viruses (for example, ransomware), from the exploitation of many typical vulnerabilities in the software of the Linux family OS, including those leading to attacks by the adversaries with superuser’s root rights. The scientific basis for the implementation of MIC in the Astra Linux OS is the mandatory entity-role model of access and information flows security control in OS of Linux family (MROSL DP-model) that meets the criteria of GOST R 59453.1-2021. At the same time, the implementation of the MIC over the standard discretionary access control for the OS of Linux family presents significant difficulties and often requires the development of technologies and scenarios for the coordinated use of system and application software. In this regard, the authors conduct research on the design, development and effective use of MIC, a number of the results of which are devoted to this article. Firstly, there are modifications of the MROSL DP-model for the theoretical description of the MIC, including new features making for it. Secondly, adapting for MIC the container virtualization technology, when potentially "dangerous" software (for example, browsers) is launched at isolated intermediate integrity levels (in sessions of the system administrator with maximum integrity level) or negative integrity levels (in sessions of an unprivileged user with zero integrity level) in containers-sandboxes (for example, docker). Thirdly, technologies and scenarios for directly launching application software at intermediate or negative integrity levels with the configuration of the desktop menu of the system administrator or unprivileged user, respectively. Fourthly, the MIC configuration utility, which setting integrity levels or special flags for files and directories based on the rules of the AppArmor LSM module profiles.

1. ГОСТ Р 59453.1-2021 «Защита информации. Формальная модель управления доступом. Часть 1. Общие положения». М.: Стандартинформ. 16 с. / GOST R 59453.1-2021 «Information protection. Formal access control model. Part 1. General principles», 2021 (in Russian).

2. Bishop M. Computer Security: Art and Science, 2nd edition. Pearson Education Inc., 2018, 1440 p.

3. Девянин П.Н. Модели безопасности компьютерных систем. Управление доступом и информа-ционными потоками. Учебное пособие для вузов. 3-е изд., перераб. и доп. М.: Горячая линия – Телеком, 2020. 352 с.: ил. / P.N. Devyanin. Security models of computer systems. Control for ac-cess and information flows. Hotline-Telecom, 2020, 352 p. (in Russian).

4. Bell D.E., LaPadula L.J. Secure Computer Systems: Unified Exposition and Multics Interpretation. Bedford, Mass.: MITRE Corp., 1976. MTR-2997 Rev. 1.

5. ГОСТ Р 53113.1-2008 «Информационная технология. Защита информационных технологий и автоматизированных систем от угроз информационной безопасности, реализуемых с использо-ванием скрытых каналов. Часть 1. Общие положения». М.: Стандартинформ. 12 с. / GOST R 53113.1-2008 «Information technology. Protection of information technologies and automated sys-tems against security threats posed by use of covert channels. Part 1. General principles», 2008 (in Russian).

6. Sandhu R. Role-Based Access Control / Advanced in Computers. Academic Press, 1998. Vol. 46.

7. Biba K.J. Integrity Considerations for Secure Computer Systems. Bedford, Mass.: MITRE Corp., 1975. MTR-3153.

8. Conover M. Analysis of the Windows Vista security model / Technical Report, Symantec Corp., 2008, 18 p.

9. Операционная система специального назначения Astra Linux Special Edition. Доступно по ссыл-ке: https://astragroup.ru/software-services/os/, 16.10.2024. / Astra Linux Special Edition operating system. Available at: https://astragroup.ru/software-services/os/, accessed 16.10.2024.

10. Девянин П.Н., Тележников В.Ю., Третьяков С.В. Основы безопасности операционной системы Astra Linux Special Edition. Управление доступом. Учебное пособие. М., Горячая линия – Теле-ком, 2022, 148 стр. / Devyanin P.N., Telezhnikov V.Y., Tret’yakov S.V. Astra Linux Special Edition security basics. Access control. Hotline-Telecom, 2022, 148 p. (in Russian).

11. Девянин П.Н., Леонова М.А. Приемы по доработке описания модели управления доступом ОССН Astra Linux Special Edition на формализованном языке метода Event-B для обеспечения ее автоматизированной верификации с применением инструментов Rodin и ProB // Прикладная дискретная математика. 2021. № 52. С. 83-96. / P. N. Devyanin, M. A. Leonova, “The techniques of formalization of OS Astra Linux Special Edition access control model using Event-B formal meth-od for verification using Rodin and ProB”, Prikl. Diskr. Mat., 2021, no. 52, pp. 83–96 (In Russian).

12. ГОСТ Р 59453.2-2021 «Защита информации. Формальная модель управления доступом. Часть 2. Рекомендации по верификация формальной модели управления доступом». М.: Стандартин-форм. 12 с./ GOST R 59453.2-2021 «Information protection. Formal access control model. Part 2. Recommendations on verification of formal access control model», 2021 (in Russian).

13. Девянин П.Н. Результаты переработки уровней ролевого управления доступом и мандатного контроля целостности формальной модели управления доступом ОС Astra Linux. Труды ИСП РАН, том 35, вып. 5, 2023, стр. 7-22 / Devyanin P.N. The results of reworking the levels of role-based access control and mandatory integrity control of the formal model of access control in Astra Linux. Trudy ISP RAN/Proc. ISP RAS, vol. 35, issue 5, 2023, pp. 7-22 (in Russian).

14. Девянин П.Н. О разработке проекта национального стандарта ГОСТ Р «Защита информации. Формальная модель управления доступом. Часть 3. Рекомендации по разработке». Труды ИСП РАН, том 36, вып. 3, 2024, стр. 63-82 / Devyanin P.N. On the development of the draft standard GOST R “Information protection. Formal access control model. Trudy ISP RAN/Proc. ISP RAS, vol. 36, issue 3, 2024, pp. 63-82 (in Russian).

15. Wan Z., Lo D., Xia X., L. Cai. Practical and effective sandboxing for Linux containers / Empir Soft-ware Eng, 2019, Vol. 24, pp. 4034–4070.

16. N. Lopes, R. Martins, M.E. Correia, S. Serrano, F. Nunes. Container Hardening Through Automated Seccomp Profiling // In Proceedings of the 2020 6th International Workshop on Container Technolo-gies and Container Clouds, 2020, pp. 31–36.

17. J.-A. Kabbe. Security analysis of Docker containers in a production environment // Norwegian Uni-versity of Science and Technology, 2017, 91 p.

18. N. Li. Usable Mandatory Integrity Protection for Operating Systems // In proc of IEEE Symposium on Security and Privacy, 2007, pp.164-178.

19. Mandatory Integrity Control. Available at: https://learn.microsoft.com/en-us/windows/win32/secauthz/mandatory-integrity-control, accessed 16.10.2024.

20. H. Chen, N. Li, Z Mao. Analyzing and Comparing the Protection Quality of Security Enhanced Oper-ating Systems // In proc of the Network and Distributed System Security Symposium, 2009, 16 p.

21. AppArmor Core Policy Reference. Available at: https://gitlab.com/apparmor/apparmor/-/wikis/AppArmor_Core_Policy_Reference, accessed 21.10.2024.

22. Девянин П.Н., Хорошилов А.В., Тележников В.Ю. Формирование методологии разработки без-опасного системного программного обеспечения на примере операционных систем. Труды ИСП РАН, том 33, вып. 5, 2021, стр. 25-40 / Devyanin P.N., Telezhnikov V.Y., Khoroshilov V.V. Building a methodology for secure system software development on the example of operating sys-tems. Trudy ISP RAN/Proc. ISP RAS, vol. 33, issue 5, 2021, pp. 25-40 (in Russian).