view tools/security/policytools.txt @ 0:7d21f7218375

Exact replica of unstable on 051908 + README-this
author Mukesh Rathor
date Mon May 19 15:34:57 2008 -0700 (2008-05-19)
line source
1 ##
2 # policytools.txt
3 # <description to the sHype/Xen policy management tools>
4 #
5 # Author:
6 # Reiner Sailer 08/31/2006 <>
7 #
8 #
9 ##
11 This file describes the Xen-tools to create and maintain security
12 policies for the sHype/Xen access control module.
14 A security policy (e.g. "example.chwall_ste.test") is defined in
15 XML. Read in the user manual about the naming of policies. The policy
16 name is used by the Xen management tools to identify existing
17 policies. Creating the security policy means creating a policy
18 description in XML:
19 /etc/xen/acm-security/policies/example/chwall_ste/test-security_policy.xml.
21 The policy XML description must follow the XML schema definition in
22 /etc/xen/acm-security/policies/security_policy.xsd. The policy tools
23 are written against this schema; they will create and refine policies
24 that conform to this scheme.
26 Two tools are provided to help creating security policies:
29 1. xensec_ezpolicy: The starting point for writing security policies.
30 ===================
32 This wxPython-based GUI tool is meant to create very quickly a
33 starting point for a workload protection security policy. Please start
34 the tool (xensec_ezpolicy) and press <CTRL-h> for usage explanations.
35 The Xen User guide explains its usage at an example in chapter
36 "sHype/Xen Access Control".
38 The output of the tool is a security policy that is fully operable. It
39 is sufficient to create policies that demonstrate how sHype/ACM works.
41 However, it defines only a basic set of security labels assuming that
42 Domain0 hosts and virtualizes all hardware (storage etc.). Use
43 xensec_gen to refine this policy and tailor it to your requirements.
46 2. xensec_gen: The tool to refine a basic security policy:
47 ==============
49 The xensec_gen utility starts a web-server that can be used to
50 generate the XML policy files needed to create or maintain a
51 policy. It can be pre-loaded with a policy file created by
52 xensec_ezpolicy.
54 By default, xensec_gen runs as a daemon and listens on port 7777 for
55 HTTP requests. The xensec_gen command supports command line options
56 to change the listen port, run in the foreground, and a few others.
57 Type 'xensec_gen -h' to see the full list of options available.
59 Once the xensec_gen utility is running, point a browser at the host
60 and port on which the utility is running (e.g. http://localhost:7777).
61 You will be presented with a web page that allows you to create or
62 modify the XML policy file:
64 - The Security Policy types section allows you to create or modify
65 the policy types and conflict set definitions
67 - The Security Policy Labeling section allows you to create or
68 modify label definitions
70 The policy generation tool allows you to modify an existing policy
71 definition or create a new policy definition file. To modify an
72 existing policy definition, enter the full path to the existing file
73 (the "Browse" button can be used to aid in this) in the Policy File
74 entry field. To create a new policy definition file leave the Policy
75 File entry field blank. At this point click the "Create" button to
76 begin modifying or creating your policy definition.
78 Security Policy Types Section
79 -----------------------------
81 You will then be presented with a web page. The upper part of it will
82 allow you to create either Simple Type Enforcement types or Chinese
83 Wall types or both, as well as Chinese Wall conflict sets.
85 As an example, to add a Simple Type Enforcement type:
87 - Enter the name of a new type under the Simple Type Enforcement Types
88 section in the entry field above the "New" button.
90 - Click the "New" button and the type will be added to the list of
91 defined Simple Type Enforcement types.
93 To remove a Simple Type Enforcement type:
95 - Click on the type to be removed in the list of defined Simple Type
96 Enforcement types.
98 - Click the "Delete" button to remove the type.
100 Follow the same process to add Chinese Wall types. The Chinese Wall
101 Conflict Set allows you to add Chinese Wall types from the list of
102 defined Chinese Wall types.
105 Security Policy Labels:
106 -------------------------
108 The security policy label section of the web page allows you to create
109 labels for classes of virtual machines and resources. The input
110 policy type definitions on the upper part of the web page will provide
111 the available types (Simple Type Enforcement and/or Chinese Wall) that
112 can be assigned to a virtual machine class. Resource classes only
113 include simple type enforcement types; the Chinese Wall policy does
114 apply only to virtual machines.
116 As an example, to add a Virtual Machine class (the name entered will
117 become the label that will be used to identify the class):
119 - Enter the name of a new class under the Virtual Machine Classes
120 section in the entry field above the "New" button.
122 - Click the "New" button and the class will be added to the table of
123 defined Virtual Machine classes.
125 To remove a Virtual Machine class:
127 - Click the "Delete" link associated with the class in the table of
128 Virtual Machine classes.
130 Once you have defined one or more Virtual Machine classes, you will
131 be able to add any of the defined Simple Type Enforcement types or
132 Chinese Wall types to a particular Virtual Machine.
134 If you create a new policy, you must also define which Virtual Machine
135 class is to be associated with the bootstrap domain (or Dom0 domain).
136 By default, the first Virtual Machine class created will be associated
137 as the bootstrap domain.
139 To save your policy definition file, click on the "Generate XML"
140 button on the top of the page. This will present you with a dialog
141 box to save the generated XML file on your system. The default name
142 will be security_policy.xml which you should change to follow the
143 policy file naming conventions based on the policy name that you
144 choose to use.
146 To get a feel for the tool, you could use one of the example policy
147 definitions files from /etc/xen/acm-security/policies/example as
148 input or a policy created by the xensec_ezpolicy tool.