ITworld.com: Could Linux be too open for our own good?; NSA's super-secure LinuxFeb 26, 2001, 20:02 (4 Talkback[s])
(Other stories by Larry Loeb)
"SELinux uses mandatory access controls to enforce the separation of information based on confidentiality and integrity requirements to provide system security. SEL uses a flexible mandatory access control architecture based on Type Enforcement, a mechanism first developed for the LOCK system. The architecture was transferred to the University of Utah's Fluke research operating system. At this point, the architecture was changed to provide better support for dynamic security policies, and the architecture was renamed Flask. This is what is used in SEL."
"In the Flask architecture, the security policy logic is encapsulated within a separate component of the operating system with a general interface for obtaining security policy decisions. This separate component is referred to as the security server, which is a kernel subsystem in SEL. Other subsystems are called object managers. Flask specifies the interfaces provided by the security servers to object managers. This way, the object managers can remain independent of the specific security policy that is used. SEL's security server has a security policy that combines Type Enforcement, role-based access controls (RBAC) and multi-level security. One can specify which combination of the above methods is desired with a policy language configuration file. This is compiled into a binary representation that is read by the security server at boot time."
"This is an entirely different way to handle access permissions, compared to the user/privilege model most UNIX systems currently use. SEL could implement that model along with a granularity that could modify user privileges based on the specifics of what is being executed and what files are being used. Pretty powerful stuff."