Meeting Critical Security Objectives with Security-Enhanced Linux
نویسندگان
چکیده
Security-enhanced Linux incorporates a strong, flex ible mandatory access control architecture into Linux. It provides a mechanism to enforce the sep aration of information based on confidentiality and integrity requirements. This allows threats of tam pering and bypassing of application security mech anisms to be addressed and enables the confine ment of damage that can be caused by malicious or flawed applications. Using the system’s type enforcement and role-based access control abstrac tions, it is possible to configure the system to meet a wide range of security needs. This paper describes how Security-enhanced Linux was used to meet a number of general-purpose system security objec tives.
منابع مشابه
Connecting SCADA Systems to Corporate IT Networks Using Security-Enhanced Linux
Substation networks have traditionally been isolated from corporate Information Technology (IT) networks. Hence, the security of substation networks has depended heavily upon limited access points and the use of point-to-point Supervisory Control and Data Acquisition (SCADA) specific protocols. With the introduction of Ethernet into substations, pressure to reduce expenses and provide Internet ...
متن کاملVerifying information flow goals in Security-Enhanced Linux
In this paper, we present a systematic way to determine the information flow security goals achieved by systems running a secure O/S, specifically systems running Security-Enhanced Linux. A formalization of the access control mechanism of the SELinux security server, together with a labeled transition system representing an SELinux configuration, provides our framework. Information flow securit...
متن کاملOpen Source Security Analysis - Evaluating Security of Open Source vs. Closed Source Operating Systems
Open source software is becoming a major trend in the software industry. Operating systems (OS), Internet servers and several other software applications are available under this licensing conditions. This article assesses the security of open source technology, namely the Linux OS. Since a growing number of critical enterprise information systems are starting to use Linux OS, this evaluation c...
متن کاملPolicy Analysis for Security-Enhanced Linux
Security-Enhanced Linux (SELinux) extends Linux with a flexible mandatory access control mechanism that enforces security policies expressed in SELinux’s policy language. Determining whether a given policy meets a site’s high-level security goals can be difficult, due to the low-level nature of the policy language and the size and complexity of SELinux policies. We propose a logic-programming-b...
متن کاملNRL Memorandum Report NRL/MR/5540|02-8629 Towards a Methodology and Tool for the Analysis of Security-Enhanced Linux Security Policies
Security-Enhanced (SE) Linux is a version of Linux with additional security features. The initial version of SE Linux was released by NSA in January, 2001. The additional security features are incorporated into Linux by superimposing the Flask architecture on its kernel. This architecture includes a security server that makes decisions as to whether particular subjects (i.e., processes) may be ...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2004