Integrating Flexible Support for Security Policies into the Linux Operating System

Peter Loscocco (National Security Agency)
Stephen Smalley (NAI Labs)

First published: December 2000
Last revised: February 2001

Abstract

The protection mechanisms of current mainstream operating systems are inadequate to support confidentiality and integrity requirements for end systems. To address this problem, NSA worked with Secure Computing Corporation (SCC) to develop a strong, flexible mandatory access control architecture based on Type Enforcement. The architecture, now called Flask, was prototyped in the Mach and Fluke research operating systems. NSA is now integrating the Flask architecture into the Linux operating system to transfer the technology to a larger developer and user community. NAI Labs, SCC, and MITRE are assisting NSA in this integration. This report presents the design and implementation for integrating the security mechanisms of the Flask architecture into the Linux kernel.

• Portable Document Format (PDF)
• Postscript
• HTML

* To view documents stored as Portable Document Format (PDF) files your local computer must have a viewer application or a Web browser plug-in that supports the PDF file format.

Linux is a registered trademark of Linus Torvalds
MITRE is a registered trademark of The MITRE Corporation
NAI is a trademark of Networks Associates Technology, Inc.
Secure Computing is a registered trademark of Secure Computing Corporation