SELinux Research

Project
By
Leo Miguel
CIS 254

Who initiated the SELinux effort;

when was it started; when was it
completed?
O In 19921993 researchers from The US National

Security Agency and SCC were working on

creating the Distributed Trusted Mach (DTMach)
operating system, which combined the results
achieved from the TMach and LOCK projects.
O It was released as a general access software

product (with the source code distributed under a

GPL license) in December 2000. SELinux was
integrated into the Linux kernel and started to be
distributed for testing for the first time as a
subsystem of the kernel 2.6.0-test3, released on
August 8, 2003.

What are the goals of the SELinux

effort?
O The goals are to demonstrate the flexibility

and security of the mandatory access

controls and to provide a simple working
system with minimal modifications to
applications. These goals include
controlling raw access to data, protecting
the integrity of the kernel, system
software, system configuration information
and system logs among others.

What are the features of SELinux?

O Clean Separation of Policy from
O
O
O
O
O

Enforcement
Well-Defined Policy Interfaces
Independent of Specific Policies and
Policy Languages
Independent of Specific Security Label
Formats and Contents
Individual Labels and Controls for Kernel
Objects and Services
Caching of Access Decisions for
Efficiency

How does each SELinux feature improve Linux

security?
O The security architecture of the system

is general enough to support many

security policy abstractions. The
access controls in the implementation
currently support a combination of two,
type enforcement and role-based
access control. This combination was
chosen because together they provide
powerful tools to construct useful
security policies.

Works Cited (MLA Format)

O

Ivashko, Evgeny. Developer Works. 30 May 2012. 5 12 2013.

<http://www.ibm.com/developerworks/linux/library/lsecure-linux-ru/>.

National Security Agency & Central Security Service. 15

January 2009. 2 December 2013.
<http://www.nsa.gov/research/selinux/faqs.shtml#I18>.

National Security Agency & Central Security Service. 15

January 2009. 2 December 2013.
<http://www.nsa.gov/research/selinux/policy.shtml>.

Why I chose the following sources?

O

Ivashko, Evgeny. Developer Works. 30

May 2012. 5 12 2013.
http://www.ibm.com/developerworks/linu
x/library/l-secure-linux-ru/

______________________________
___
O For this source the site had the
authors name and credentials with
a link to verify it.
O The information is under a website
that has reputation and existed for
long time in the technology
industry.
O The information is only one year
old. Also, the author provides a list
of his references.

National Security Agency & Central Security

Service. 15 January 2009. 2 December 2013.
http://www.nsa.gov/research/selinux/faqs.shtml#I
18

National Security Agency & Central Security

Service. 15 January 2009. 2 December 2013.
http://www.nsa.gov/research/selinux/policy.sh
tml

___________________________________________
____

The agency listed in my sources

above is the company involved in the
development of the SELinux and
NSA/CSS is unique among the U.S.
defense agencies because of our
government-wide responsibilities.
The fact that the site is governmental
it makes it credible. The information
was revised and updated on 2009,
which is not too long ago.

Thank you