Using Containers for
Trusted Path

Daniel J Walsh

Consulting Engineer

Twitter: @rhatdan - Blog: danwalsh.livejournal.com

Email: dwalsh@redhat.com


Simon Sekidde

Solutions Architect

Twitter: @ssekidde - Email: ssekidde@redhat.com

Using Containers for
Trusted Path
Secure Pipes

Daniel J Walsh

Consulting Engineer

Twitter: @rhatdan - Blog: danwalsh.livejournal.com

Email: dwalsh@redhat.com


Simon Sekidde

Solutions Architect

Twitter: @ssekidde - Email: ssekidde@redhat.com

Trusted Path

Stephen Smalley, NSA inventor of SELinux,
hit me with a clue bat.

 
"Trusted Path" historically has meant a mechanism for ensuring that the
user is interacting with trusted software and vice versa, protecting
against interposition by trojans.  That's how it has been defined in
the TCSEC and elsewhere.

Think Control-Alt-Delete

SecurePipe

Cross Domain Solutions

Guard

http://selinuxproject.org/page/PipelineDemo
http://selinuxsymposium.org/2007/papers/10-GIAF.pdf
https://securityblog.org/2008/05/18/security-anti-pattern-mls-for-guards/
http://ieeexplore.ieee.org/document/646187/

Dirty Word Filters

Secure Pipe Definition

Data comes in one source

Goes through some filtering software

Exits the system clean

The problem is making sure it always goes through this path

Traditionally this has been difficult to setup

IE Expensive

Container technology makes it simple

Fairly Simple....

=

DEMO