Configuring the SELinux Policy
Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
seminar surveyer
Active In SP
**

Posts: 3,541
Joined: Sep 2010
#1
18-10-2010, 02:32 PM



Stephen Smalley


Introduction

NSA Security-Enhanced Linux (SELinux) is an implementation of a flexible and fine-grained mandatory access control (MAC) architecture called Flask in the Linux kernel[LoscoccoFreenix2001]. SELinux can enforce an administratively-defined security policy over all processes and objects in the system, basing decisions on labels containing a variety of security-relevant information. The architecture provides flexibility by cleanly separating the policy decision-making logic from the policy enforcement logic. The policy decision-making logic is encapsulated within a single component known as the security server with a general security interface. A wide range of security models can be implemented as security servers without requiring any changes to any other component of the system. To demonstrate the architecture, SELinux provides an example security server that implements a combination of Type Enforcement (TE)[BoebertNCSC1985], Role-Based Access Control (RBAC)[FerraioloNCSC1992], and optionally Multi-Level Security (MLS). These security models provide significant flexibility through a set of policy configuration files. An example security policy configuration was developed to demonstrate how SELinux can be used to meet certain security goals and to provide a starting point for users [SmalleyNAITR2001][LoscoccoOLS2001]. This technical report describes how to configure the SELinux security policy for the example security server. Section 2 explains concepts defined by the Flask architecture that are important to configuring the policy. Section 3 describes the security model implemented by the example security server. The policy language and the example policy configuration are described in Section 4. Section 5 explains how the policy is built and applied to the system. Configuration files for security-aware applications are discussed in Section 6. Section 7 describes how to customize the policy for various purposes.


for more details, please visit
mirrorservicesites/ftp.wiretappedpub/security/operating-systems/selinux/papers/configuring-the-selinux-policy.pdf

Reply

Important Note..!

If you are not satisfied with above reply ,..Please

ASK HERE

So that we will collect data for you and will made reply to the request....OR try below "QUICK REPLY" box to add a reply to this page

Quick Reply
Message
Type your reply to this message here.


Image Verification
Please enter the text contained within the image into the text box below it. This process is used to prevent automated spam bots.
Image Verification
(case insensitive)

Possibly Related Threads...
Thread Author Replies Views Last Post
  Policy-by-Example for Online Social Networks pdf study tips 0 466 26-02-2013, 12:44 PM
Last Post: study tips
  SELinux Security Enhanced Linux project girl 0 299 18-01-2013, 03:49 PM
Last Post: project girl
  A Computer Security Policy Report project girl 0 353 29-12-2012, 04:43 PM
Last Post: project girl
  Configuring EIGRP PPT project girl 0 308 20-12-2012, 05:54 PM
Last Post: project girl
  A Policy Enforcing Mechanism for Trusted Ad Hoc Networks seminar ideas 0 375 04-08-2012, 12:03 PM
Last Post: seminar ideas
  Issues of Cryptography Policy seminar ideas 0 403 23-05-2012, 03:16 PM
Last Post: seminar ideas
  Reorganization of Firewalls based on Policy Distribution science projects buddy 1 654 29-12-2010, 12:01 AM
Last Post: science projects buddy
  Configuring Distributed Multimedia Applications Using CINEMA Full Download Seminar computer science crazy 0 1,224 07-04-2009, 09:10 PM
Last Post: computer science crazy
Star Internet Telephony Policy in INDIA Computer Science Clay 0 2,074 25-02-2009, 02:52 PM
Last Post: Computer Science Clay
  Internet Telephony Policy in INDIA computer science crazy 0 3,235 22-09-2008, 10:04 AM
Last Post: computer science crazy