SELinux IN and OUT
Security Enhanced Linux (SELinux) is a widely used Mandatory Access Control system which is integrated in the Linux kernel. It is an added layer of security mechanism on top of the standard Discretionary Access Control system that Unix/Linux and other major operating systems have. SELinux does not nullify DAC but in fact supports DAC and its checks are performed after DACs. If DAC allows an operation then SELinux checks that operation by comparing it with the set of specified rules that it has and decides based on those rules only. If DAC denies some access then SELinux checks are not performed. Because DAC allows users to have full control over files that they own, they could unwantedly set any permission on the files that they own, at their own discretion, which could prove dangerous so for this reason SELinux brings the Mandatory Access Controls (MAC) mechanism which enforces rules based on a specified policy and denies access operations if policy in use do not allow it, even if the file permissions were world-accessible using DAC In this paper we discuss various SELinux policies and provide a statistical comparison using standard Delphi method.
SELinux MAC Access Controls
Kashif Ahmad Khan Muhammad Amin Abbas khan afridi Waqas Shehzad
Department of CS NUCES
国际会议
2011 International Conference on Information and Computer Networks(ICICN 2011)(2011年信息与计算机网络国际会议)
贵阳
英文
339-343
2011-01-26(万方平台首次上网日期,不代表论文的发表时间)