Trustifier KSE™ (Kernel Security Enforcer)—a modular, injectable, kernel-level security reference monitor. KSE can be used to provide the deep levels of control needed in modern systems and networks, but without the usability issues that infest traditional positive-security models.
Trustifier KSE gives the security owner a new mechanism with which to define access and operational authorization within a system and across the network. As the name suggests, Trustifier KSE enforcement occurs at the kernel-level within the operating environment. All existing and future applications, software systems, data and libraries are subject to the over-arching security rules within Trustifier KSE
In businesses, information security is still regarded as a necessary evil. This is further frustrated by a lack of comprehensive solutions. Most of the existing solutions only focus on perimeter security, and do not address the biggest threat of them all: insider-attacks. The handful that do, are extremely difficult to use and do not scale well. KSE is designed to specifically address practical problems in modern cybersecurity such as providing insider-attack protection including protecting against evil-system administrators.
A practical and simple example
Consider a system with a user, Bob, whose work is deemed sensitive. We want to ensure that no one, including the system administrator can access Bob’s files and data, and that Bob cannot maliciously share his sensitive information with anyone else.
Discretionary Access Control
DAC systems (such as Windows and Linux) cannot address this problem. If Bob wants to share this content, or if the system administrator wants to access it, it’s game over.
Traditional Mandatory Access Control (MAC) security systems
Traditional MAC systems (e.g. SELinux, STOP/OS etc.) do address this problem, but are extremely difficult to manage. The primary reason for this is the complexity in specifying the rules.
For instance, SE Linux requires 90,000+ rules by default on a per workstation or server environment in order to just get going. Yet, if you need to stop an on-going attack immediately—by revoking the offending user’s access privileges—SE Linux provides no practical way of achieving it, without requiring you to shut down the entire system, get the permissions right and the restart.
This problem is not just limited to SELinux. Pick any modern IPS, IDS, Role Based Access Control system, or a Mandatory Access Control system of your choice. They all suffer from either lack of capability or complexity of implementation, or both.
KSE Mandatory Access Control
Now consider how KSE is able to perform the same task:
trustifier kse rank user:bob user:bob=1s
Using the command above, the security owner can immediately make everything that Bob owns on the system subject to Mandatory Access Control rules and stop everyone, including root from accessing Bob’s content while the system is running.
This, and all other KSE rules, are enforced in real-time. Which means that if someone is in the middle of looking at Bob’s content, the moment that command is entered, access to that content is removed and any programs that are “looking” at Bob’s files / directories are immediately denied access, automatically.
This is an example of the use of a KSE Security Primitive. In this case it’s the User to User Ranking Primitive—one of the several KSE mandatory access control enforcers.
Security Primitives are mathematical objects inside Trustifier KSE which ensure that business security rules can be algebraically mapped to system security rules.
The representation of a business rule as an algebraic mapping is the key to KSE’s security guarantees. Since the business rule is transformed into a reversible map AS-IS, its meaning is not lost in translation and is enforced as intended. This property is a unique feature in KSE and is necessary to build verifiable and consistent security rules.