Extending Linux for Multi-Level Security
نویسندگان
چکیده
LinuxTM distributions have received numerous Common Criteria certifications in the last few years. Building on the recent Controlled Access Protection Profile (CAPP) certifications, an Open Source development effort to make Linux compliant with the Labeled Security Protection Profile (LSPP) and Role-Based Access Control Protection Profile (RBACPP) has been ongoing for almost two years. Development included adding and augmenting features of SELinux and other Linux components. This paper explores the evolution of, and rationale behind, the features developed to meet LSPP and RBACPP, and it discusses the current state of development and lessons learned.
منابع مشابه
Applying a Multi-level Security Mechanism to a Network Address Translation Scheduler
In this paper, we consider a scheduling algorithm being applied with multi-level security that allows two or more hierarchical classification levels of information to be processed simultaneously. There are various load scheduling algorithms pre-built into the Linux Virtual Server system that have been tested and proven effective for distributing the load among the real servers. While these algo...
متن کاملSCRUB-PA: A Multi-Level Multi-Dimensional Anonymization Tool for Process Accounting
In the UNIX/Linux environment the kernel can log every command process created by every user using process accounting. This data has many potential uses, including the investigation of security incidents. However, process accounting data is also sensitive since it contains private user information. Consequently, security system administrators have been hindered from sharing these logs. Given th...
متن کاملMHIDCA: Multi Level Hybrid Intrusion Detection and Continuous Authentication for MANET Security
Mobile ad-hoc networks have attracted a great deal of attentions over the past few years. Considering their applications, the security issue has a great significance in them. Security scheme utilization that includes prevention and detection has the worth of consideration. In this paper, a method is presented that includes a multi-level security scheme to identify intrusion by sensors and authe...
متن کاملNRL Memorandum Report NRL/MR/5540|02-8629 Towards a Methodology and Tool for the Analysis of Security-Enhanced Linux Security Policies
Security-Enhanced (SE) Linux is a version of Linux with additional security features. The initial version of SE Linux was released by NSA in January, 2001. The additional security features are incorporated into Linux by superimposing the Flask architecture on its kernel. This architecture includes a security server that makes decisions as to whether particular subjects (i.e., processes) may be ...
متن کاملTowards a Methodology and Tool for the Analysisof Security - Enhanced Linux Security Policies
Security-Enhanced (SE) Linux is a version of Linux with additional security features. The initial version of SE Linux was released by NSA in January, 2001. The additional security features are incorporated into Linux by superimposing the Flask architecture on its kernel. This architecture includes a security server that makes decisions as to whether particular subjects (i.e., processes) may be ...
متن کامل