Security-Enhanced Linux

related topics
{system, computer, user}
{law, state, case}
{math, number, function}
{theory, work, human}
{work, book, publish}
{company, market, business}
{group, member, jewish}
{style, bgcolor, rowspan}

Security-Enhanced Linux (SELinux) is a Linux feature that provides a mechanism for supporting access control security policies, including United States Department of Defense style mandatory access controls, through the use of Linux Security Modules (LSM) in the Linux kernel. It is not a Linux distribution, but rather a set of modifications that can be applied to Unix-like operating system kernels, such as Linux and that of BSD. Its architecture strives to streamline the volume of software charged with security policy enforcement, which is closely aligned with the Trusted Computer System Evaluation Criteria (TCSEC, referred to as Orange Book) requirement for trusted computing base (TCB) minimization (applicable to evaluation classes B3 and A1) but is quite unrelated to the least privilege requirement (B2, B3, A1) as is often claimed.[citation needed] The germinal concepts underlying SELinux can be traced to several earlier projects by the United States National Security Agency.

Contents

Overview

Primarily developed by the United States National Security Agency, it was released to the open source development community under the GNU GPL on December 22, 2000 and merged into the mainline kernel 2.6.0-test3, released on 8 August 2003. Other significant contributors include Network Associates, Secure Computing Corporation, Trusted Computer Solutions, and Tresys. Experimental ports of the FLASK/TE implementation have been made available via the TrustedBSD Project for the FreeBSD and Darwin operating systems.

Full article ▸

related documents
IP address spoofing
Context switch
IS-IS
Kendall Square Research
HP-UX
LaserWriter
Intel 4004
Non-return-to-zero
Windows 98
Motherboard
Local area network
Slackware
RealAudio
Speex
Lossy compression
FreeDOS
Maximum transmission unit
Firmware
Émile Baudot
User interface
Adobe Photoshop
MX record
GNOME
Linear timecode
Xerox Network Services
Digital Private Network Signalling System
Apple III
VESA BIOS Extensions
Harvard architecture
Cygwin