First page Back Continue Last page Overview Text

Notes:


SELinux project motivated by NSA's recognition of the critical role of operating system security in supporting higher level security requirements.
Increasing connectivity and data sharing make the risk even higher today.
Malicious code and even "malicious data" attacks are a threat even with benign users.
Applications depend on the OS to protect them against subversion and bypass.
Encryption doesn't protect the data while it is being processed.
Network firewalls, guards, etc. operate too far from from the real processing, cannot protect data at the desired granularity, are susceptible to malicious insiders, malicious software executed by benign insiders, and malicious data attacks, and cannot provide end-to-end security for inbound or outbound transactions.
Hardware virtualization operates at too low of a level to allow controlled sharing at desired granularity.
Secure applications require a secure OS, and secure transactions require not only secure communications but also secure endpoints.