Return to Abstract and Formats

Table of contents

Meeting Critical Security Objectives with Security-Enhanced Linux

Presentation Outline

The Need for Secure OS

Why is DAC inadequate?

What can MAC offer?

MAC Implementation Issues

Customize according to need

Security Solutions with Flexible MAC

Toward a New Form of MAC

The Flask Security Architecture

The Flask Security Architecture (2)

Policy Decisions

Policy Changes

Controlled Services

Security Server Interface

Security Server Interface (2)

Security Server Interface (3)

Permission Checking Examples

Permission Checking Examples (2)

API Enhancements

Example Security Server

Example Policy Configuration: TE Concepts

Type Enforcement: Domains

Type Enforcement: Types

Sample TE Rules

Example Policy Configuration: RBAC concepts

Role-Based Access Control: Roles

Example Policy Configuration: Security Objectives

Limiting raw access to data

Limiting raw access to data (2)

Kernel integrity protection

Kernel integrity protection (2)

System file integrity protection

System file integrity protection

Confining privileged processes

Confining privileged processes (2)

Separating Processes

Administrator domain protection

Malicious software protection

Performance

Ongoing and future work

Linux Security Module Project

Questions?

Author: Peter A. Loscocco

E-mail: loscocco@tycho.nsa.gov