Presentation is loading. Please wait.

Presentation is loading. Please wait.

Mandatory Access Control and the Real World

Published by茜肩 宿 Modified over 5 years ago

Similar presentations

Presentation on theme: "Mandatory Access Control and the Real World"— Presentation transcript:

1 Prolog to Lecture 3 CS 236 On-Line MS Program Networks and Systems Security Peter Reiher

2 Mandatory Access Control and the Real World
For a long time, things like Bell-La Padula were hard to run Real-world commercial systems did not support them That’s changing

3 SE Linux and Flask Security Enhanced Linux
Developed by NSA researchers Open source, like all Linux Implementation of the Flask security architecture Which allows flexible use of mandatory access control

4 What Can You Do With Flask?
Multi-level security Including Bell La Padula Domain Type Enforcement Role-based Access Control Many other types of mandatory access control policies No superuser, many other common Linux/Unix security problems avoided

5 Flask and Solaris Flask architecture to be added to Oracle Solaris operating system Essentially the same architecture as in SE Linux

6 What Does This Mean For You?
You can get usable, commercial operating systems with MAC Even operating systems with strong industry support Well, so what?

7 Is MAC For You? MAC is only useful where it makes sense to force policy to be followed Typically not on a single user’s personal machine More common on industry installations Especially those with military connections Do you need to guarantee access control properties? Regardless of how foolish your users are?

Download ppt "Mandatory Access Control and the Real World"

Similar presentations

INSTITUTE FOR CYBER SECURITY 1 Application-Centric Security: How to Get There Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber.

INSTITUTE FOR CYBER SECURITY 1 Application-Centric Security: How to Get There Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber.
1 cs691 chow C. Edward Chow Confidentiality Policy CS691 – Chapter 5 of Matt Bishop.

1 cs691 chow C. Edward Chow Confidentiality Policy CS691 – Chapter 5 of Matt Bishop.
JENNIS SHRESTHA CSC 345 April 22, 2014. Contents Introduction History Flux Advanced Security Kernel Mandatory Access Control Policies MAC Vs DAC Features.

JENNIS SHRESTHA CSC 345 April 22, Contents Introduction History Flux Advanced Security Kernel Mandatory Access Control Policies MAC Vs DAC Features.
Embedded System Lab. What is an embedded systems? An embedded system is a computer system designed for specific control functions within a larger system,

Embedded System Lab. What is an embedded systems? An embedded system is a computer system designed for specific control functions within a larger system,
Lecture 13 Page 1 CS 111 Online File Systems: Introduction CS 111 On-Line MS Program Operating Systems Peter Reiher.

Lecture 13 Page 1 CS 111 Online File Systems: Introduction CS 111 On-Line MS Program Operating Systems Peter Reiher.
Lecture 19 Page 1 CS 111 Online Protecting Operating Systems Resources How do we use these various tools to protect actual OS resources? Memory? Files?

Lecture 19 Page 1 CS 111 Online Protecting Operating Systems Resources How do we use these various tools to protect actual OS resources? Memory? Files?
Title of Selected Paper: Design and Implementation of Secure Embedded Systems Based on Trustzone Authors: Yan-ling Xu, Wei Pan, Xin-guo Zhang Presented.

Title of Selected Paper: Design and Implementation of Secure Embedded Systems Based on Trustzone Authors: Yan-ling Xu, Wei Pan, Xin-guo Zhang Presented.
1 Flexible Mandatory Access Control (MAC) in Modern Operating Systems Jeffrey H. Jewell CS 591 December 7, 2009 Jeffrey H. Jewell CS 591 December 7, 2009.

1 Flexible Mandatory Access Control (MAC) in Modern Operating Systems Jeffrey H. Jewell CS 591 December 7, 2009 Jeffrey H. Jewell CS 591 December 7, 2009.
SELinux (Security Enhanced Linux) By: Corey McClurg.

SELinux (Security Enhanced Linux) By: Corey McClurg.
Security-Enhanced Linux Joseph A LaConte CS 522 December 8, 2004.

Security-Enhanced Linux Joseph A LaConte CS 522 December 8, 2004.
Shane Jahnke CS591 December 7, 2009.  What is SELinux?  Changing SELinux Policies  What is SLIDE?  Reference Policy  SLIDE  Installation and Configuration.

Shane Jahnke CS591 December 7,  What is SELinux?  Changing SELinux Policies  What is SLIDE?  Reference Policy  SLIDE  Installation and Configuration.
SELinux. 2SELinux Wikipedia says: Security-Enhanced Linux (SELinux) is an implementation of mandatory access control using Linux Security Modules (LSM)

SELinux. 2SELinux Wikipedia says: Security-Enhanced Linux (SELinux) is an implementation of mandatory access control using Linux Security Modules (LSM)
ADVANCED LINUX SECURITY. Abstract : Using mandatory access control greatly increases the security of an operating system. SELinux, which is an implementation.

ADVANCED LINUX SECURITY. Abstract : Using mandatory access control greatly increases the security of an operating system. SELinux, which is an implementation.
CMSC 414 Computer and Network Security Lecture 19 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 19 Jonathan Katz.
Security-Enhanced Linux & Linux Security Module The George Washington University CS297 Programming Language & Security YU-HAO HU.

Security-Enhanced Linux & Linux Security Module The George Washington University CS297 Programming Language & Security YU-HAO HU.
Lecture 4 Page 1 CS 236 Online Prolog to Lecture 4 CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.

Lecture 4 Page 1 CS 236 Online Prolog to Lecture 4 CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
8.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 8: Introducing Computer Accounts.

8.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 8: Introducing Computer Accounts.
Lecture 10 Page 1 CS 236 Online Prolog to Lecture 10 CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.

Lecture 10 Page 1 CS 236 Online Prolog to Lecture 10 CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
Information Assurance Research Group 1 NSA Security-Enhanced Linux (SELinux) Grant M. Wagner Information Assurance.

Information Assurance Research Group 1 NSA Security-Enhanced Linux (SELinux) Grant M. Wagner Information Assurance.
1 Implementation of Security-Enhanced Linux Yue Cui Xiang Sha Li Song CMSC 691X Project 2—Summer 02.

1 Implementation of Security-Enhanced Linux Yue Cui Xiang Sha Li Song CMSC 691X Project 2—Summer 02.

Similar presentations

Ads by Google