|
The Next Wave (TNW)
About
Subscribe to TNW
Archive
Security Enhanced Linux
What's New
Frequently Asked Questions
Background
Documents
License
Download
Participating
Mail List
Remaining Work
Contributors
Related Work
Press Releases
Information Assurance Research
NIARL In-house Research Areas
Mathematical Sciences Program
Sabbaticals
Computer & Information Sciences Research
Technology Transfer
Advanced Computing
Advanced Mathematics
Communications & Networking
Information Processing
Microelectronics
Other Technologies
Technology Fact Sheets
Publications
Related Links
|
SELinux DocumentationApplication of the Flask Architecture to the X Window System ServerEamon Walsh (National Security Agency) AbstractThis paper will outline the progress that has been made on extending the coverage of Security-Enhanced Linux access controls to the X Window System server, a major component of the Linux desktop. This has been accomplished by applying the Flask architecture to the X server and extending the reach of SELinux policy to cover X server objects. Modifications have been made to both SELinux library and the X.Org X server implementation in support of this goal. In the SELinux library, improved capabilities for obtaining policy decisions from the kernel were added. In the X server, a set of general security hooks was added, followed by a Flask module which makes use of them. This module extends the enforcement of kernel-based security policy to the X server in userspace, providing fine-grained access and information flow control to this vital desktop component using the existing SELinux policy store and toolchain. The paper appears in the Proceedings of the 2007 SELinux Symposium and is also available here in: The 2007 SELinux Symposium presentation slides are available here in: * To view documents stored as Portable Document Format (PDF) files your local computer must have a viewer application or a Web browser plug-in that supports the PDF file format.Linux is a registered trademark of Linus Torvalds |
|
|
Date Posted: Jan 15, 2009 | Last Modified: Jan 15, 2009 | Last Reviewed: Jan 15, 2009 |











