NSA Logotype

A Security Policy Configuration for the Security-Enhanced Linux
  Security Enhanced Linux
  Overview
Line Spacer
What's New
Line Spacer
Frequently Asked Questions
Line Spacer
Background
Line Spacer
Documentation
Line Spacer
License
Line Spacer
Download
Line Spacer
Participating
Line Spacer
  Mail List Archives
Line Spacer
Remaining Work
Line Spacer
Contributors
Line Spacer
Security Enhanced Linux Press Release
Line Spacer
About NSA
Line Spacer
Employment Opportunities
Line Spacer
NSA Home Page		  

Stephen Smalley and Timothy Fraser (NAI Labs)

First published December 2000

Last revised February 2001

Abstract

The National Security Agency's Information Assurance Research Office is integrating a flexible mandatory access control architecture called Flask into the Linux operating system. The Secure Execution Environments (SEE) group at NAI Labs is developing a Role-Based Access Control (RBAC) and Type Enforcement (TE) security policy configuration for Security-enhanced Linux. This paper describes the current state of this security policy configuration. The paper begins with an overview of the security policy configuration. It then discusses the details of the configuration for Type Enforcement, Role-Based Access Control, users, constraints, and security contexts. A separate configuration used to initially set file security contexts is then described. Finally, the paper describes configuration extensions to support the installation of the system.

About NSA   Employment Opportunities   INFOSEC   History   Releases
Line Spacer
National Cryptologic Museum   Mathematics & Education   Tech Transfer

 NSA Seal