Rechercher
Derniers sujets
Security and research in F.S.:)!
Page 1 sur 1
Milux- Messages : 2794
Date d'inscription : 30/08/2010
Re: Security and research in F.S.:)!
Research
"Securing a computer system has traditionally been a battle of wits: the penetrator tries to find the holes, and the designer tries to close them." — M. Gosser
NSA designates University of California, Davis a Center of Academic Excellence in Information Assurance Education.
--
"Securing a computer system has traditionally been a battle of wits: the penetrator tries to find the holes, and the designer tries to close them." — M. Gosser
NSA designates University of California, Davis a Center of Academic Excellence in Information Assurance Education.
--
Milux- Messages : 2794
Date d'inscription : 30/08/2010
Milux- Messages : 2794
Date d'inscription : 30/08/2010
Milux- Messages : 2794
Date d'inscription : 30/08/2010
Re: Security and research in F.S.:)!
'The Information Assurance mission confronts the formidable challenge of preventing foreign adversaries from gaining access to sensitive or classified national security information. The Signals Intelligence mission collects, processes, and disseminates intelligence information from foreign signals for intelligence and counterintelligence purposes and to support military operations. This Agency also enables Network Warfare operations to defeat terrorists and their organizations at home and abroad, consistent with U.S. laws and the protection of privacy and civil liberties.'
--
--
Milux- Messages : 2794
Date d'inscription : 30/08/2010
Re: Security and research in F.S.:)!
They implemented and promoted SELinux, among others topics.... reputed to be a way to hav an eyes on/in it:(?
http://www.nsa.gov/research/selinux/index.shtml
--
http://www.nsa.gov/research/selinux/index.shtml
--
Milux- Messages : 2794
Date d'inscription : 30/08/2010
Re: Security and research in F.S.:)!
Security-Enhanced Linux
As part of its Information Assurance mission, the National Security Agency has long been involved with the computer security research community in investigating a wide range of computer security topics including operating system security. Recognizing the critical role of operating system security mechanisms in supporting security at higher levels, researchers from NSA's National Information Assurance Research Laboratory have been investigating an architecture that can provide the necessary security functionality in a manner that can meet the security needs of a wide range of computing environments.
End systems must be able to enforce the separation of information based on confidentiality and integrity requirements to provide system security. Operating system security mechanisms are the foundation for ensuring such separation. Unfortunately, existing mainstream operating systems lack the critical security feature required for enforcing separation: mandatory access control. As a consequence, application security mechanisms are vulnerable to tampering and bypass, and malicious or flawed applications can easily cause failures in system security.
The results of several previous research projects in this area have yielded a strong, flexible mandatory access control architecture called Flask. A reference implementation of this architecture was first integrated into a security-enhanced Linux® prototype system in order to demonstrate the value of flexible mandatory access controls and how such controls could be added to an operating system. The architecture has been subsequently mainstreamed into Linux and ported to several other systems, including the Solaris™ operating system, the FreeBSD® operating system, and the Darwin kernel, spawning a wide range of related work.
The architecture provides a mechanism to enforce the separation of information based on confidentiality and integrity requirements. This allows threats of tampering and bypassing of application security mechanisms to be addressed and enables the confinement of damage that can be caused by malicious or flawed applications.
This work is not intended as a complete security solution. It is not an attempt to correct any flaws that may currently exist in an operating system. Instead, it is simply an example of how mandatory access controls that can confine the actions of any process, including an administrator process, can be added into a system. The focus of this work has not been on system assurance or other security features such as security auditing, although these elements are also important for a secure system.
The security mechanisms implemented in the system provide flexible support for a wide range of security policies. They make it possible to configure the system to meet a wide range of security requirements. The reference implementation included a general-purpose security policy configuration designed to meet a number of security objectives as an example of how this may be done. The flexibility of the system allows the policy to be modified and extended to customize the security policy as required for any given installation.
There is still much work needed to develop a complete security solution. Nonetheless, we feel we have presented a good starting point to bring valuable security features to mainstream operating systems. We are looking forward to building upon this work with other developers and users. Participation with comments, constructive criticism, and/or improvements is welcome.
Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
FreeBSD® is a registered trademark of the FreeBSD Foundation.
Solaris™ is a trademark or registered trademark of Sun Microsystems, Inc. in the United States and other countries.'
--
As part of its Information Assurance mission, the National Security Agency has long been involved with the computer security research community in investigating a wide range of computer security topics including operating system security. Recognizing the critical role of operating system security mechanisms in supporting security at higher levels, researchers from NSA's National Information Assurance Research Laboratory have been investigating an architecture that can provide the necessary security functionality in a manner that can meet the security needs of a wide range of computing environments.
End systems must be able to enforce the separation of information based on confidentiality and integrity requirements to provide system security. Operating system security mechanisms are the foundation for ensuring such separation. Unfortunately, existing mainstream operating systems lack the critical security feature required for enforcing separation: mandatory access control. As a consequence, application security mechanisms are vulnerable to tampering and bypass, and malicious or flawed applications can easily cause failures in system security.
The results of several previous research projects in this area have yielded a strong, flexible mandatory access control architecture called Flask. A reference implementation of this architecture was first integrated into a security-enhanced Linux® prototype system in order to demonstrate the value of flexible mandatory access controls and how such controls could be added to an operating system. The architecture has been subsequently mainstreamed into Linux and ported to several other systems, including the Solaris™ operating system, the FreeBSD® operating system, and the Darwin kernel, spawning a wide range of related work.
The architecture provides a mechanism to enforce the separation of information based on confidentiality and integrity requirements. This allows threats of tampering and bypassing of application security mechanisms to be addressed and enables the confinement of damage that can be caused by malicious or flawed applications.
This work is not intended as a complete security solution. It is not an attempt to correct any flaws that may currently exist in an operating system. Instead, it is simply an example of how mandatory access controls that can confine the actions of any process, including an administrator process, can be added into a system. The focus of this work has not been on system assurance or other security features such as security auditing, although these elements are also important for a secure system.
The security mechanisms implemented in the system provide flexible support for a wide range of security policies. They make it possible to configure the system to meet a wide range of security requirements. The reference implementation included a general-purpose security policy configuration designed to meet a number of security objectives as an example of how this may be done. The flexibility of the system allows the policy to be modified and extended to customize the security policy as required for any given installation.
There is still much work needed to develop a complete security solution. Nonetheless, we feel we have presented a good starting point to bring valuable security features to mainstream operating systems. We are looking forward to building upon this work with other developers and users. Participation with comments, constructive criticism, and/or improvements is welcome.
Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
FreeBSD® is a registered trademark of the FreeBSD Foundation.
Solaris™ is a trademark or registered trademark of Sun Microsystems, Inc. in the United States and other countries.'
--
Milux- Messages : 2794
Date d'inscription : 30/08/2010
Re: Security and research in F.S.:)!
Their 'prose' aka Defense Act something... etc:(!
http://www.afcea.org/signal/articles/templates/Signal_Article_Template.asp?articleid=2353&zoneid=300
--
http://www.afcea.org/signal/articles/templates/Signal_Article_Template.asp?articleid=2353&zoneid=300
--
Milux- Messages : 2794
Date d'inscription : 30/08/2010
Re: Security and research in F.S.:)!
Milux a écrit:They implemented and promoted SELinux, among others topics.... reputed to be a way to hav an eyes on/in it:(?
http://www.nsa.gov/research/selinux/index.shtml
--
Well depend that idea too :
http://www.cs.utah.edu/flux/fluke/html/dtos/HTML/dtos.html
--
Milux- Messages : 2794
Date d'inscription : 30/08/2010
Re: Security and research in F.S.:)!
It's not reputed it's a way in normalysing the Secure Extended Linux,BSD and BeOS among others, by FLASK 2:)!
http://www.cs.utah.edu/flux/fluke/html/flask.html
--
http://www.cs.utah.edu/flux/fluke/html/flask.html
--
Milux- Messages : 2794
Date d'inscription : 30/08/2010
Milux- Messages : 2794
Date d'inscription : 30/08/2010
Milux- Messages : 2794
Date d'inscription : 30/08/2010
Milux- Messages : 2794
Date d'inscription : 30/08/2010
Sujets similaires
» Security/Debian et autres:(!
» Wupen security:(!
» Security Exploits:(!
» Security under LL and in general:)!
» Wupen security:(!
» Security Exploits:(!
» Security under LL and in general:)!
Page 1 sur 1
Permission de ce forum:
Vous ne pouvez pas répondre aux sujets dans ce forum
Mar 19 Mai - 19:29 par Milux
» News #Open source, #FOSS , #Linux et autres #Freewares et #Free-mobile
Jeu 30 Mai - 15:29 par Milux
» Quelques news 'Portnawak' & autres bilevesées:(!
Jeu 30 Mai - 15:12 par Milux
» TinyLinux : Pupy
Mar 28 Mai - 17:41 par Milux
» Topics of interrest, FOSS et évolutions & relayés sur Sccop.it :)!
Jeu 16 Mai - 13:42 par Milux
» Après F.B. google Buzz & iGoogle, G+1 arrive:>?
Jeu 16 Mai - 11:41 par Milux
» Buzz, Blogs, FB et pages de sites censurées - Google +:<? -
Jeu 16 Mai - 11:33 par Milux
» Jaime pas, mais j'en parle aussi :)?
Mer 1 Mai - 18:30 par Milux
» J'aime, donc j'en parle:)!
Mer 17 Avr - 15:24 par Milux