Introduction to the Linux Virtual Filesystem (VFS): A High-Level Tour

Let’s begin with a simple question: How are files accessed, and what steps are involved?

We can all agree data access has become ingrained in daily life. However, we don’t give much thought to where that data lives or the process that occurs before we see it. This is an intentional abstraction meant to limit the basic knowledge necessary to perform most data-related tasks. The Linux variant of this is called the Virtual Filesystem, or VFS for short. The VFS acts as the interface between the user and the file’s backing filesystem, masking any implementation details behind generic calls such as `open()`, `read()`, `write()`, etc.

LinuxMark SenofskyJune 28, 2022Linux, Filesystems

The Linux Security Hardening Checklist for Embedded Systems

There is no silver bullet to security, and even more importantly, there is no single source of truth for what security options are available, what they do, and what impacts they have, or even how they all work together.

In this post, we will enumerate the many security mechanisms that can be operationally deployed in an embedded system running Linux in order to secure that system from common software attacks. While the traditional approach to security relies on the CIA triad of confidentiality, integrity, and availability, the majority of this post is primarily focused on the principles and enforcement of integrity.

LinuxJonathan KlineFebruary 9, 2021Linux, SELinux, Cyber Security

The Most Secure Linux for Embedded Systems – Hint, It’s Not Enterprise Linux

Don’t get upset.

We fully acknowledge that the hard-working people who make enterprise type Linux distributions want to help their customers achieve secure systems and they strive to improve the security posture of their distributions all the time.

However, there are two major areas where these developers run up against a nearly insurmountable wall.

First, they use a different threat model. An enterprise distribution of Linux is designed with a threat model suited to datacenter/cloud deployments, but embedded and cyber-physical systems face a wider array of threats including situations where the attacker may have physical access to the system.

Second…

LinuxDan NolandDecember 9, 2020Linux, SELinux, Cyber Security, Secure Boot, Data At Rest

Protecting Linux-Based Systems from Russian Cyber-Espionage Malware, Drovorub

On August 13th, 2020, The National Security Agency and Federal Bureau of Investigations released a cybersecurity advisory that warned anyone deploying or maintaining a Linux system about a new Russian (and now worldwide) cyber espionage threat named Drovorub. Of course, this isn't the first time a government-sponsored cyber threat has found its way into the wild. But its newsworthiness lies not in its origin, novelty, or effectiveness, but in the fact that it can be completely prevented to begin with.

Cyber SecurityGuest UserAugust 28, 2020Cyber Security, Attacks, Countermeasures, Secure Boot, Linux

Application Whitelisting for Linux

Protecting endpoints is hard. Understatement of the millennium, right?

Protecting unmanaged endpoints is even harder. Doubtful that surprises anyone.

Protecting mission-critical, unmanaged endpoints? Well, saying it's impossible is a stretch, but superlatives are warranted.

One of the most common goals in system security is maintaining system integrity. Knowing what is running (or can run) on the deployed system is critical, especially in embedded and unmanaged use cases.

Enterprise and managed endpoints are not immune from these concerns either.

The countless servers and devices that drive the modern world and economy require the same assurances; the difference being the enterprise world usually has more infrastructure and connectivity to achieve these goals.

If we roll back the clocks to early 2018, maintaining system integrity was already a…

Linux and Hypervisor Hardening — Applying a Secure by Design Philosophy

Star Lab has long believed that Secure by Design is the best strategy for approaching security problems. To understand why this principle guides our work, you first need to understand the difficult class of problems we hope to address.

Linux, VirtualizationDan NolandApril 14, 2020Linux, SELinux, Cyber Security, Virtualization, Design

Beyond SELinux: Enforcing Confidentiality and Integrity for Applications and Data

One question we frequently get is “Why would I use something like Titanium Security Suite, instead of other Linux Security Modules (LSMs) like SELinux or AppArmor?”. In short, there’s no reason you can’t use both. SELinux and Titanium primarily differ in their threat model, concept of operations (CONOPS), and flexibility.

LinuxJonathan KlineMarch 31, 2020Linux, SELinux, Cyber Security

Linux Security Modules (LSMs) vs Secure Computing Mode (seccomp)

You are a security conscious systems-engineer using a Linux-based operating system for your project. You’ve already taken a tour of Linux Security Modules (LSMs) and know how you might use them to increase the security of your system.

However, you may have also heard about Linux’s Secure Computing (seccomp) facilities. You may wonder how LSMs and seccomp compare to one another, why you cannot implement the features of seccomp as an LSM, and when you should use each. This post aims to provide some answers.

Seccomp and LSMs both result in the kernel constraining how a process interacts with the system, but with important differences. Namely, Secure Computing Mode, or seccomp, is about limiting the system calls a process can make. LSMs, in contrast, are about controlling access to objects in the kernel.

Technology ProtectionShaun RuffellMarch 18, 2020Linux

KASAN: What is it? How does it work? And what are the strange numbers at the end?

Achieving memory safety is hard. Code is written by humans, and humans are bound to make mistakes. Tack on pointer arithmetic and strict aliasing and the situation only becomes more complex. ZDNet recently posted an article stating that 70 percent of all (Microsoft) security bugs are memory safety issues, and I would guess that this statistic is not specific to Microsoft. In LLVM 3.1 and in GCC 4.8, the compilers introduced the -fsanitize=address option and the asan libraries for user-space applications to be built with the Address Sanitizer.

LinuxDan RobertsonDecember 11, 2019Linux, Kernel

A Brief Tour of Linux Security Modules

I’m guessing, if you’re reading this post, you already have some familiarity with Linux Security Modules (LSMs). If you’ve used SELinux or AppArmor then you’ve used an LSM. If you’ve used any modern Linux distribution or Android-based device, you’ve (probably) used an LSM.

Technology ProtectionShaun RuffellNovember 21, 2019Linux, SELinux