Re: Mandatory Access Control

[Elmar Stellnberger <estellnb@gmail.com>]

Dear Henriette,

Yes, I am using qemu-kvm based virtualization. According to my 
experience that was sufficient to protect the host from the guest. The 
most vulnerable part will be the graphics output as I have already said. 
Nonetheless I did also receive the many messages about vulnerabilities 
in the Wifi stack. Gonna have to tell that I do only have practical 
experience with qemu-kvm/ethernet. You can use a mobile wifi router 
through which you plug in your ethernet port (or wait for and trust in 
the fixes). Separating the Wifi driver in its own Xen-domain would of 
course be another solution as long as all graphcis output still becomes 
filtered by emulating a virtual graphics card/device.

Best Elmar


On 29.11.2015 22:31, Henriette wrote:
> Hey Elmar,
>
> I was looking into using virtualization for security purposes too. However I
> refrained from using a full grown vbox installation so far.
>
> I saw that qemu provides a user-mode virtualization. I could imagine that this
> brings already some security if you are able to specify access only to certain
> directories etc. However I couldn't find any info with some quick google
> searches on how to use qemu to improve systems security by virt. Are you using
> this mode to get some security or is there no way around a full virtualization
> to improve security?
>
> Best Henriette
>
> Am Sun, 29 Nov 2015 21:26:41 +0100
> schrieb Elmar Stellnberger <estellnb@gmail.com>:
>
> > SELinux is more elaborate and more complicated than Apparmor; tomoyo
> > relatively new. I would personally regard none of those MAC systems as
> > ultimate remedy to hard security problems. In 2011 I had a
> > RedHat/SELinux system in its default configuration and it was
> > compromised within minutes by simply viewing the page of my bank with a
> > web browser (read the whole at:
> > http://www.elstel.org/Censorship.html.en). Note that a single faulty
> > system call in the Linux kernel may be used to obtain root rights
> > leaving all additional security gains that MAC systems should deliver
> > behind. Please note also that a system can not be secured without
> > securing your X-server (formerly one could even paste text into any
> > other window like a root console without being in need of root rights).
> > Finally the security profiles of MAC systems are very complicated so
> > that they would hardly deliver the security as possible in theory. If
> > you wanna ask me for my security solution it is qemu based and puts the
> > most vulnerable system components like browsers and email programs into
> > a virtual machine namely qemu which is maintained by the Open Source
> > commnunity.
> >
> > Regards,
> > Elmar
> >
> > On 29.11.2015 18:29, c4p0 wrote:
> > > I read the fucking manuals but don't have clear what is the better
> > > option of "Mandatory Access Control" for debian jessie.
> > > (AppArmor, SElinux, tomoyo, etc ..)
> > >
> > > someone can give me your opinion about it?
> > > thanks in advance