安全协议与标准07c-SELinux.pptVIP

安全协议与标准 linfb@ 2007, 11 SELinux Access control MAC (Mandatory access control) DAC (Discretionary access control) SELinux in kernel 2.6 安全操作系统 传输安全 系统安全 端系统安全 安全操作系统 TCSEC/CC SELinux Security-Enhanced Linux by NSA（The National Security Agency） SCC（Secure Computing Corporation） /selinux/ Linux的一个强制访问控制(MAC)安全扩展模块 起源于Flux/Flask 2000年以 GPL 发布 2003 Aug 8 merged into the mainline kernel 2.6.0-test3 --- From NSA Security-enhanced Linux Team NSA Security-enhanced Linux is a set of patches to the Linux kernel and some utilities to incorporate a strong, flexible mandatory access control (MAC) architecture into the major subsystems of the kernel. It provides a mechanism to enforce the separation of information based on confidentiality and integrity requirements, which allows threats of tampering and bypassing of application security mechanisms to be addressed and enables the confinement of damage that can be caused by malicious or flawed applications. It includes a set of sample security policy configuration files designed to meet common, general-purpose security goals. SELinux的直接来源 Flask (Flux Advanced Security Kernel) is an operating system security architecture that provides flexible support for security policies. The architecture was prototyped in the Fluke research operating system. It is a core framework in security-focused operating systems such as NSAs Security-Enhanced Linux (SELinux) and TrustedBSD. 促成SELinux的其他相关项目 NSA SCC: Distributed Trusted Mach?(DTMach), an outgrowth of the TMach project and the LOCK?project. The DTMach project was continued in the Distributed Trusted Operating System (DTOS) project Other contributors to the Security-Enhanced Linux system include NAI Labs, Secure Computing Corporation, and MITRE. OSKit (?), a framework and a set of 34 component libraries oriented to operating systems, together with extensive documentation, by Utah. OSKit OSKIT是美国犹它大学计算机科学系FLUX研究组编写的一套用于架构操作系统内核、服务器和其他OS级软件的框架及模块化的部件和库程序。 OSKIT的编写者认为，操作系统中有很大一部分模块是系统必须的，