The National Security Agency's Information Assurance Research Office is integrating a flexible mandatory access control architecture called Flask into the Linux operating system . The Secure Execution Environments (SEE) group at NAI Labs is developing a Role-Based Access Control (RBAC) and Type Enforcement (TE) security policy configuration for this security-enhanced Linux system using the security policy configuration language described in [1, Sec 3.4]. This configuration draws from a preliminary configuration developed by Secure Computing Corporation and from the prior Domain and Type Enforcement (DTE) configuration developed by the SEE group . The configuration also includes contributions by researchers from MITRE and contributions by researchers from the NSA. The configuration is still under development, and there are many areas where it still requires significant work.
This paper describes the current state of this security policy configuration. The paper begins with an overview of the security policy configuration. It then discusses the details of the configuration for Type Enforcement, Role-Based Access Control, users, constraints, and security contexts. A separate configuration used to initially set file security contexts is then described. Finally, the paper describes configuration extensions to support the installation of the system.