Re: NSA - Spook Linux

From: Stephen Smalley <sds@tislabs.com>
Subject: Re: NSA - Spook Linux
Date: Tue, 9 Jan 2001 12:34:36 -0500 (EST)

Next Article (by Date): Re: NSA - Spook Linux Stephen
Previous Article (by Date): Re: NSA - Spook Linux "John Everitt"
Top of Thread: NSA - Spook Linux "Furmanek, Greg"
Next in Thread: Re: NSA - Spook Linux Stephen
Articles sorted by: [Date] [Author] [Subject] 

On Tue, 9 Jan 2001, John Everitt wrote:

> It's missing some of the Flask stuff, but otherwise TE is a good model but 
>not as well established as other models and systems such
>as CMW so whether it will stand the test .  A problem recently appeared 
>on Bugtraq too.  But then that's a good thing.
> 
>Most stuff that comes out of TIS labs, Utah Edu and Secure Computing is 
>very methodical.
> 
>There is a lot of model info here:  http://www.cs.utah.edu/flux/fluke/html/flask.html

Just to be clear, the NSA's Security-Enhanced Linux
(http://www.nsa.gov/selinux) is an implementation of a flexible
mandatory access control architecture called Flask in the Linux
kernel.  The architecture is a generalization of Type Enforcement (TE),
but it can support a wide range of security policies.  It was prototyped
in the Mach and Fluke research operating systems.  Published papers and
reports about the earlier research prototypes are accessible via the
Background page (http://www.nsa.gov/selinux/background.html).  The
architecture and its  implementation in Linux are described in detail in
the documents on the Documentation page
(http://www.nsa.gov/selinux/docs.html).

In comparison to traditional lattice-based models like BLP and Biba, Type
Enforcement is better suited to providing integrity protection, especially
due to its support for intransitive relationships and its controls over
program execution. Type Enforcement is often used to ensure that
applications are unbypassable and tamperproof.  It is also often
used to ensure that processes with any sort of privileges cannot
execute untrustworthy code.  Additionally, Type Enforcement offers
better support for least privilege.

Although several organizations contributed to the Security-Enhanced Linux
(http://www.nsa.gov/selinux/contrib.html), most of the kernel 
security development was done by the NSA, so they should receive
the majority of the credit.  As emphasized in the NSA press release and on
the NSA web pages, the system is a research prototype and it has not
undergone a thorough review.  Hence, bugs in the code are not surprising.
Nonetheless, the system provides a good example implementation of the
Flask architecture in Linux.

--
Stephen D. Smalley, NAI Labs
sds@tislabs.com



-
To unsubscribe from the rsbac list, send a mail to
majordomo@rsbac.org with
unsubscribe rsbac
as single line in the body.

Next Article (by Date): Re: NSA - Spook Linux Stephen
Previous Article (by Date): Re: NSA - Spook Linux "John Everitt"
Top of Thread: NSA - Spook Linux "Furmanek, Greg"
Next in Thread: Re: NSA - Spook Linux Stephen
Articles sorted by: [Date] [Author] [Subject]

Go to Compuniverse LWGate Home Page.