[Security_sig] 10/14 Conf. call minutes

Stephen Smalley sds at epoch.ncsc.mil
Tue Oct 19 09:53:12 PDT 2004

On Tue, 2004-10-19 at 09:43, Andy Murren wrote:
> As I watch the discussion and think about what I believe the goal is in
> this effort, I am seeing some of the same things covered in CGL.  In the
> end I am still not sure what is the correct answer.
> 1.  Levels of security:  Some systems will require MAC, others RBAC will
> be enough, sometimes on two systems sitting next to each other.

Just to clarify, SELinux provides a flexible MAC architecture that can
support a wide range of security models, not just traditional MLS, and
the example policy engine it comes with includes support for RBAC, TE,
and optionally MLS.  To date, very few people have enabled or used the
MLS support, as most people find RBAC/TE to be more suitable to their
security requirements, but a company recently made a public announcement
that they are building a Trusted Linux platform based on SELinux that is
targeted for evaluation against LSPP.  Hence, SELinux can support the
situation you describe.  

Stephen Smalley <sds at epoch.ncsc.mil>
National Security Agency

More information about the security_sig mailing list