Design and development of mandatory integrity control in Astra Linux OS

Mandatory integrity control (MIC) is the security foundation of the Astra Linux operating system (OS) certified for the highest protection classes and trust levels, which, along with other mechanisms, including a closed software environment, ensures protection of privileged OS processes, integrity of executable and configuration system files and OS directories, as well as user data. The use of MIC is aimed for protecting against viruses (for example, ransomware), from the exploitation of many typical vulnerabilities in the software of the Linux family OS, including those leading to attacks by the adversaries with superuser’s root rights. The scientific basis for the implementation of MIC in the Astra Linux OS is the mandatory entity-role model of access and information flows security control in OS of Linux family (MROSL DP-model) that meets the criteria of GOST R 59453.1-2021. At the same time, the implementation of the MIC over the standard discretionary access control for the OS of Linux family presents significant difficulties and often requires the development of technologies and scenarios for the coordinated use of system and application software. In this regard, the authors conduct research on the design, development and effective use of MIC, a number of the results of which are devoted to this article. Firstly, there are modifications of the MROSL DP-model for the theoretical description of the MIC, including new features making for it. Secondly, adapting for MIC the container virtualization technology, when potentially "dangerous" software (for example, browsers) is launched at isolated intermediate integrity levels (in sessions of the system administrator with maximum integrity level) or negative integrity levels (in sessions of an unprivileged user with zero integrity level) in containers-sandboxes (for example, docker). Thirdly, technologies and scenarios for directly launching application software at intermediate or negative integrity levels with the configuration of the desktop menu of the system administrator or unprivileged user, respectively. Fourthly, the MIC configuration utility, which setting integrity levels or special flags for files and directories based on the rules of the AppArmor LSM module profiles.