[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: nsa code ?

To: securedistros@nl.linux.org, immunix-users@immunix.org
Subject: Re: nsa code ?
From: Greg KH <greg@wirex.com>
Date: Sun, 18 Mar 2001 13:38:43 -0800
In-Reply-To: <3AB3F65D.547DB037@wirex.com>; from crispin@wirex.com on Sat, Mar 17, 2001 at 03:42:22PM -0800
References: <A77BEC1A2E6ED4118DD7006008C18DB873890A@stpntmx03.sctc.com> <3AB295EB.9000209@ksu.ru> <3AB2BF40.C56E1F39@sgi.com> <3AB2CC4A.511D4BE9@wirex.com> <20010317102228.B13887@dungeon.inka.de> <3AB3F65D.547DB037@wirex.com>
Reply-To: securedistros@nl.linux.org
Sender: owner-securedistros@nl.linux.org
User-Agent: Mutt/1.2.5i

On Sat, Mar 17, 2001 at 03:42:22PM -0800, Crispin Cowan wrote:
> Andreas Jellinghaus wrote:
> 
> > what do people here think about the nsa secure linux ?
> > is anyone integrating this into a linux distribution ?
> > why not ?
> 
> SELinux uses Type Enforcement, a form of Mandatory Access Control
> (MAC) that is more flexible than the hierarchical access control
> concepts suggested by the Orange Book.  Type Enforcement employ a 2-way
> "domains & types" approach of (roughly) mapping subjects to Domains and
> objects to Types and then specifying which Domains can access which
> Types.  This powerful abstraction allows the administrator a lot of
> expressiveness in specifying what users may do to each other's files.

If you haven't read it yet, there is a very good article explaining in
detail how SELinux's type enforcement works at:
	http://www-106.ibm.com/developerworks/security/library/s-selinux/index.html?dwzone=security


greg k-h

-- 
greg@(kroah|wirex).com
http://immunix.org/~greg
-
Securedistros: A common list for all secured Linux distributions
Archive:       http://humbolt.nl.linux.org/lists/

References:
- C2 vs Common Criteria [was: RE: Is this mail list dead?]
  - From: "Dowd, Alan" <alan_dowd@securecomputing.com>
- Re: C2 vs Common Criteria [was: RE: Is this mail list dead?]
  - From: Pedro Rosa <Pedro.Rosa@ksu.ru>
- Re: C2 vs Common Criteria [was: RE: Is this mail list dead?]
  - From: LA Walsh <law@sgi.com>
- Re: C2 vs Common Criteria [was: RE: Is this mail list dead?]
  - From: Crispin Cowan <crispin@wirex.com>
- nsa code ?
  - From: aj@dungeon.inka.de (Andreas Jellinghaus)
- Re: nsa code ?
  - From: Crispin Cowan <crispin@wirex.com>
- Re: nsa code ?
  - From: Crispin Cowan <crispin@wirex.com>

Prev by Date: Re: nsa code ?
Next by Date: Re: Is this mail list dead?
Prev by thread: Re: nsa code ?
Next by thread: Re: nsa code ?
Index(es):
- Date
- Thread