SLIDE 1
Lecture 3 Page 1 CS 236 Online
Lecture 3 Page 2 CS 236 Online
Mandatory Access Control and the Real World
- For a long time, things like Bell-La
Padula were hard to run
- Real-world commercial systems did
not support them
- That’s changing
Prolog to Lecture 3 CS 236 On-Line MS Program Networks and Systems - - PowerPoint PPT Presentation
Prolog to Lecture 3 CS 236 On-Line MS Program Networks and Systems - - PowerPoint PPT Presentation
Prolog to Lecture 3 CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Lecture 3 Page 1 CS 236 Online Mandatory Access Control and the Real World For a long time, things like Bell-La Padula were hard to run
SLIDE 2
SLIDE 3
Lecture 3 Page 3 CS 236 Online
SE Linux and Flask
- Security Enhanced Linux
– Developed by NSA researchers – Open source, like all Linux
- Implementation of the Flask security
architecture – Which allows flexible use of mandatory access control
SLIDE 4
Lecture 3 Page 4 CS 236 Online
What Can You Do With Flask?
- Multi-level security
– Including Bell La Padula
- Domain Type Enforcement
- Role-based Access Control
- Many other types of mandatory access
control policies
- No superuser, many other common Linux/
Unix security problems avoided
SLIDE 5
Lecture 3 Page 5 CS 236 Online
What Does This Mean For You?
- You can get usable, commercial
- perating systems with MAC
- Even operating systems with strong
industry support
- Well, so what?
SLIDE 6
Lecture 3 Page 6 CS 236 Online
Is MAC For You?
- MAC is only useful where it makes sense to force
policy to be followed
- Typically not on a single user’s personal machine
- More common on industry installations
– Especially those with military connections
- Do you need to guarantee access control