March 9, 2001
Security-enhanced Linux incorporates a strong, flexible mandatory access control architecture into Linux. It provides a mechanism to enforce the separation of information based on confidentiality and integrity requirements. This allows threats of tampering and bypassing of application security mechanisms to be addressed and enables the confinement of damage that can be caused by malicious or flawed applications. Using the system's type enforcement and role-based access control abstractions, it is possible to configure the system to meet a wide range of security needs. This presentation will describe the Security-enhanced Linux system. All references are available at http://www.nsa.gov/selinux
Mr. Peter Loscocco is the leader of the Security-enhanced Linux project and continues to work on the development of the prototype Linux system and toward its incorporation into the baseline Linux distribution. He has been a member of the Information Assurance Research Office of the National Security Agency since 1985 where he has studied problems associated with computer and network security. Since the early '90s, he has concentrated his studies in the area of operating system security working toward the development of two prototype secure operating systems, which form the basis for Security-enhanced Linux.