Integrating Flexible Support for Security Policies into the Linux Operating System
Proceedings of the FREENIX Track: 2001 USENIX Annual Technical Conference
Kernel korner: filesystem labeling in SELinux
Linux Journal
The flask security architecture: system support for diverse security policies
SSYM'99 Proceedings of the 8th conference on USENIX Security Symposium - Volume 8
Hi-index | 0.00 |
The concept of Mandatory Access Controls (MAC) enforces a security policy on users. Linux Security Modules (LSM) provides for development of such frameworks. Lothlorien is an exploratory framework using LSM and the POSIX 1.e draft specifications'1 Extended Attributes (EA) to implement MAC on Linux. Lothlorien makes use of system call hooks provided by LSM to place checks on the access to system resources. The entire system is divided logically into different zones where the resources and users of the systems are distributed depending on their security context similar to a real organisation. Along with the already available Discretionary Access Control (DAC) on Linux, Lothlorien intends to achieve TCSEC Bllevel of security. A policy will define the rules of access. Separating all the entities of the system allows fine-grained access control.