LinuxSecurity.com: Serious Security for Linux?Feb 24, 2000, 00:24 (2 Talkback[s])
(Other stories by Paul D. Robertson)
"Recently many Linux and Unix detractors have been harping on the fact that Linux's security model is based on an old and archaic way of doing business. Open-source advocates who are trying to get better security commonly point to Open BSD as their platform of choice. Linux has slowly been evolving extra security features, such as capabilities added to the 2.1.x and 2.2.x kernels. Unfortunately, not a lot of software takes advantage of these new features."
"In the US military and intelligence communities, commercial Unix vendors have traditionally sold special versions of their Operating Systems which use formal security models and conform to varying degrees to part of a set of documents called "The Rainbow Series" colloquially; particularly, the "Orange Book" which is about trusted host security, and the "Red Book" which is about trusted networking implementations."
"What I'd like to do here is discuss an Open Source project called RSBAC (Rule Set Based Access Control) which attempts to bring a significantly higher level of security to the Linux kernel and operating environment. After the introduction, we'll interview the project's founder, Amon Ott, and see what the future holds for some *serious* security in Linux."