Novell will sell support service subscriptions to companies and users of AppArmour. Frank Rego, product manager for platform security at Novell, said AppArmour was the primary motivation behind Novell's purchase of Immunix last May. The software is also included with Novell's openSUSE 10.0 Linux distribution.
AppArmour is a Linux security framework designed to protect applications from being exploited by an attacker. It does this by profiling applications on a system, looking at which users need them, and applying the principle of least privilege to applications, according to the project's detail page. AppArmour scans a single machine, or an entire network, for individual open ports, generating security reports on individual pieces of the system, explained Crispin Cowan, director of software engineering at Novell and the former chief technology officer for Immunix.
According to Cowan, Novell is releasing AppArmour under the GPL to put the software in the hands of more users and developers, a problem he said Immunix had when the software was proprietary.
"In the Linux community, [users] really don't consider proprietary solutions, regardless of the effectiveness of the software," Cowan said. "So getting the community interested in it will be easier with it as open source software."
Rego said Novell's hope is that by making AppArmour a "feature of the Linux platform," that Linux users will look for it.
AppArmour is similar in function to SELinux, which was created by the US National Security Agency, and which Immunix had a hand in developing. However, while SELinux is integrated into the Linux kernel, AppArmour is not.
"This type of application security is becoming more important as customers realize that security flaws are the source of their headaches," Rego said. "The more secure we can make the Linux platform, the more comfortable [people] will be in adopting the Linux platform."
According to Cowan, the major difference between AppArmour and SELinux is ease of use. While SELinux requires more steps that are specific to each application, AppArmour is wizard-based and quicker to set up, he said.
In calling AppArmour easier to use, Cowan said that system protection with SELinux takes more time because there is more to set in it depending on the user's system and network.
Frank Mayor, chief technology officer at Tresys Technology, a major contributor to the SELinux kernel, said that while there are numerous details that can be changed by users in SELinux, they don't necessarily have to be. He also said that while SELinux offers more options, ease of use is not the priority in this type of software.
"Easier is not more secure," counters Mayor. "It scales from the simple to the complex. There's nothing that SELinux doesn't express ... in terms of Linux resources."
In addition to pointing that out that the long-time integration of SELinux with the Linux kernel also makes the software better fit for system protection, Mayor said the SELinux method of protecting individual processes is better than AppArmour's monitoring of path names, which could be bypassed by malicious software.
AppArmour also only allows interprocess communication where the administrator has allowed it in each application's profile, where Mayor said permitting interprocess communication is another strength of SELinux.
The need for application protection
It is clear that security enhancements like AppArmour and SELinux are badly needed. According to Alan Paller, director of research at the SANS Institute, the fastest growing area of cross-platform attack are applications such as backup software, antivirus software, and media players and instant messaging software, among others. Paller oversees the Institute's annual Top 20 Internet Security Vulnerabilities list, which breaks potential at-risk applications into 20 categories and includes specific lists of the software and their potential vulnerabilities.
Paller said users can expect software vendors to enable automatic patching of flaws over the next few years, but that attacks specifically aimed at applications will continue to escalate as auto-patching becomes standard across all software platforms.
As an example of weakness in one application area, he said that last summer, as crackers discovered weaknesses in backup software, the Internet Storm Center, a network of about 500,000 IP addresses that act as sensors, which SANS monitors, was pinged five million times over the course of one week by malware of some sort that was looking for vulnerabilities. Paller said that means that an attack tool "knocked on the door," although there is no way to know how many machines were actually affected by the virus. The ISC and SANS can't determine how many computers were actually affected because users don't normally reporter when their machines have been taken over by malicious software. The IP addresses are used as sensors by the ISC as an early warning system for attacks on the Internet.
Paller said that operating systems are becoming more difficult to effectively attack because patches for OSes are being released quickly in response to attack tools, so "the bad guys" will continue to take aim at applications. Attempted attacks, he said, will continue to grow over the next few years.
Software such as SELinux and AppArmour are effective in defending against attempted attacks on applications, Paller said, because they act as fire doors, containing viruses and other malicious software inserted onto machines in such a way that "if one application has a problem, the other applications don't have a problem because things can be isolated."
Cowan said the solution to the problem of application flaws is simple: "Only run perfect software. Unfortunately," he said, "there's a shortage of that."