On Mon, 2003-08-25 at 13:02, Bennett Todd wrote:
> I'd be interested in that too. And if anybody wanted to include
> RSBAC in the overview that'd be neat.

There was a lengthy thread comparing SELinux and RSBAC a long time ago on this mailing list, and author of RSBAC was involved in that discussion. The thread begins at
http://marc.theaimsgroup.com/?l=selinux&m=98618795624462&w=2. We also provided a brief summary of differences (from our perspective) in the related work section of our paper published at Freenix '01, available from http://www.nsa.gov/selinux/docs.html.

We haven't done a detailed comparison with grsecurity. At the time SELinux was developed and released, I don't think that grsecurity included any notion of mandatory access controls, which are the focus of SELinux. I see that the grsecurity features page now claims to provide role based access control and mandatory access control, but it isn't clear what their access control model is.

See http://www.nsa.gov/selinux/faq.html#I18 for a general statement of some of the distinctives of SELinux.

-- 
Stephen Smalley <sds@epoch.ncsc.mil>
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.