James Morris (james_morris) wrote,
James Morris
james_morris

OpenSolaris to adopt Flask/TE security scheme

As noted at SELinux News, OpenSolaris has launched a new project, Flexible Mandatory Access Control (FMAC), to integrate the Flask/TE security scheme into their OS. This is the same underlying model implemented by SELinux, and follows other cross-platform Flask/TE integration projects such as SEDarwin and SEBSD.

This is very exciting in terms of of establishing compatible security across operating systems, particularly for Mandatory Access Control, which has traditionally been narrowly focused and generally incompatible. With FMAC, we're closer to seeing truly ubiquitous, cross-platform MAC security.

I'll be interested to see how they approach the integration, with the opportunity to learn lessons from the SELinux experience.

It'll also be great to have an expanded TE/Flask community. According to their project page, areas of work include improving usability (we can never have enough of that), desktop integration via XACE, integration with Xen (presumably via XSM), Labeled NFS, and Labeled IPSec. It seems they already have a separate project for the latter, txipsec.

I'll be watching with great interest, and would like to offer any assistance in ensuring interoperability with SELinux.
Tags: flask, fmac, mac, mandatory access control, opensolaris, selinux, type enforcement
Subscribe

  • All my talk slides are now on Slideshare

    I've uploaded the slides from essentially all of the talks I've given to Slideshare. This is likely more useful than my previous strategy of dumping…

  • SELinux for Humans

    I mean, SLUGs... Paul Wayper gave a couple of talks on SELinux at this weeks' SLUG meeting, and includes links to a couple of very useful slide…

  • Security subsystem changes in the 2.6.30 kernel

    Here's an update on the major changes to the kernel security subsystem for the 2.6.30 kernel. TOMOYO The TOMOYO security framework from NTT was…

  • Post a new comment

    Error

    default userpic

    Your reply will be screened

    Your IP address will be recorded 

    When you submit the form an invisible reCAPTCHA check will be performed.
    You must follow the Privacy Policy and Google Terms of use.
  • 0 comments