Questions about using apparmor
I am investigating a Mandatory Access Control (MAC) scheme based on embedded Linux.
I have some questions about Apparmor while learning through the following resources.
https://gitlab.com/apparmor/apparmor
https://medium.com/information-and-technology/so-what-is-apparmor-64d7ae211ed
I finished adding Kernel configure and apparmor tools (ex. Apparmor_parser) through the link above and tried some tests.
As I learned through the above tutorial, I create a profile for a specific application and then use the apparmor_parser utility to enable this profile, then the application's behavior will only be accessible to the content specified in the profile.
Here are some additional features I would like to see in apparmor:
If there is a critical resource in my device, I want to make access to this resource only accessible to a specific application.
The important resources are certificates of devices or private keys.I want to make access to a library such as openssl in my device accessible only to a specific application.
As I wrote above, it seems that it is possible to control access by creating and activating a profile for a specific application when the application is infringed.
However, when the malware application is installed on the device, it seems that it is possible to access important information (device certificate or private key) or the encryption library in the device.
If you have any questions, please answer them.
linux macintosh apparmor
asked 1 hour ago
user331348user331348
1
New contributor
user331348 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
I am investigating a Mandatory Access Control (MAC) scheme based on embedded Linux.
I have some questions about Apparmor while learning through the following resources.
https://gitlab.com/apparmor/apparmor
https://medium.com/information-and-technology/so-what-is-apparmor-64d7ae211ed
I finished adding Kernel configure and apparmor tools (ex. Apparmor_parser) through the link above and tried some tests.
As I learned through the above tutorial, I create a profile for a specific application and then use the apparmor_parser utility to enable this profile, then the application's behavior will only be accessible to the content specified in the profile.
Here are some additional features I would like to see in apparmor:
If there is a critical resource in my device, I want to make access to this resource only accessible to a specific application.
The important resources are certificates of devices or private keys.I want to make access to a library such as openssl in my device accessible only to a specific application.
As I wrote above, it seems that it is possible to control access by creating and activating a profile for a specific application when the application is infringed.
However, when the malware application is installed on the device, it seems that it is possible to access important information (device certificate or private key) or the encryption library in the device.
If you have any questions, please answer them.
linux macintosh apparmor
asked 1 hour ago
user331348user331348
1
New contributor
user331348 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
I am investigating a Mandatory Access Control (MAC) scheme based on embedded Linux.
I have some questions about Apparmor while learning through the following resources.
https://gitlab.com/apparmor/apparmor
https://medium.com/information-and-technology/so-what-is-apparmor-64d7ae211ed
I finished adding Kernel configure and apparmor tools (ex. Apparmor_parser) through the link above and tried some tests.
As I learned through the above tutorial, I create a profile for a specific application and then use the apparmor_parser utility to enable this profile, then the application's behavior will only be accessible to the content specified in the profile.
Here are some additional features I would like to see in apparmor:
If there is a critical resource in my device, I want to make access to this resource only accessible to a specific application.
The important resources are certificates of devices or private keys.I want to make access to a library such as openssl in my device accessible only to a specific application.
As I wrote above, it seems that it is possible to control access by creating and activating a profile for a specific application when the application is infringed.
However, when the malware application is installed on the device, it seems that it is possible to access important information (device certificate or private key) or the encryption library in the device.
If you have any questions, please answer them.
linux macintosh apparmor
asked 1 hour ago
user331348user331348
1
New contributor
user331348 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
I am investigating a Mandatory Access Control (MAC) scheme based on embedded Linux.
I have some questions about Apparmor while learning through the following resources.
https://gitlab.com/apparmor/apparmor
https://medium.com/information-and-technology/so-what-is-apparmor-64d7ae211ed
I finished adding Kernel configure and apparmor tools (ex. Apparmor_parser) through the link above and tried some tests.
As I learned through the above tutorial, I create a profile for a specific application and then use the apparmor_parser utility to enable this profile, then the application's behavior will only be accessible to the content specified in the profile.
Here are some additional features I would like to see in apparmor:
If there is a critical resource in my device, I want to make access to this resource only accessible to a specific application.
The important resources are certificates of devices or private keys.I want to make access to a library such as openssl in my device accessible only to a specific application.
As I wrote above, it seems that it is possible to control access by creating and activating a profile for a specific application when the application is infringed.
However, when the malware application is installed on the device, it seems that it is possible to access important information (device certificate or private key) or the encryption library in the device.
If you have any questions, please answer them.
linux macintosh apparmor
linux macintosh apparmor
asked 1 hour ago
user331348user331348
1
New contributor
user331348 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
asked 1 hour ago
user331348user331348
1
New contributor
user331348 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
asked 1 hour ago
user331348user331348
1
New contributor
user331348 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
asked 1 hour ago
user331348user331348
1
asked 1 hour ago
user331348user331348
1
1
New contributor
user331348 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
New contributor
user331348 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
user331348 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
add a comment |
0
active
oldest
votes
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "106"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
user331348 is a new contributor. Be nice, and check out our Code of Conduct.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f494340%2fquestions-about-using-apparmor%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
0
active
oldest
votes
0
active
oldest
votes
active
oldest
votes
active
oldest
votes
user331348 is a new contributor. Be nice, and check out our Code of Conduct.
user331348 is a new contributor. Be nice, and check out our Code of Conduct.
user331348 is a new contributor. Be nice, and check out our Code of Conduct.
user331348 is a new contributor. Be nice, and check out our Code of Conduct.
Thanks for contributing an answer to Unix & Linux Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f494340%2fquestions-about-using-apparmor%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
