“SELinux uses mandatory access controls to enforce the
separation of information based on confidentiality and integrity
requirements to provide system security. SEL uses a flexible
mandatory access control architecture based on Type Enforcement, a
mechanism first developed for the LOCK system. The architecture was
transferred to the University of Utah’s Fluke research operating
system. At this point, the architecture was changed to provide
better support for dynamic security policies, and the architecture
was renamed Flask. This is what is used in SEL.”
“In the Flask architecture, the security policy logic is
encapsulated within a separate component of the operating system
with a general interface for obtaining security policy decisions.
This separate component is referred to as the security server,
which is a kernel subsystem in SEL. Other subsystems are called
object managers. Flask specifies the interfaces provided by the
security servers to object managers. This way, the object managers
can remain independent of the specific security policy that is
used. SEL’s security server has a security policy that combines
Type Enforcement, role-based access controls (RBAC) and multi-level
security. One can specify which combination of the above methods is
desired with a policy language configuration file. This is compiled
into a binary representation that is read by the security server at
boot time.”
“This is an entirely different way to handle access
permissions, compared to the user/privilege model most UNIX systems
currently use. SEL could implement that model along with a
granularity that could modify user privileges based on the
specifics of what is being executed and what files are being used.
Pretty powerful stuff.”