It’s been 5 months since my last post about my on-going project required by my masters program at SU. With the hope of eventually getting my degree, this is my last post on the subject. In my previous post on this topic I described a quick prototype I coded up to test an example program [...]
In my last post on this topic I gave a quick description of a simulation of the sVirt architecture. Talking about it is only half the work. In this post I’ll show it in action and interpret the output as it relates to the separation goals. Building and Installing After you clone the git repo [...]
We’re getting close to the end of my on-going series exploring the SELinux mlsconstrain. Now that we’ve gone though and used some simple logic to reason through access control decisions it’s time for a simple and practical application. Background In my first post under my MastersProject tag I laid out some of the justification for [...]
In my last post on this topic, we got into what I would consider the second half of Multi-Level Security (MLS). Here we discussed categories, also known as compartments and how they relate to the security model itself. We then extended the short-hand logic adapted from Chu and Older to allow for reasoning through access [...]
There are two parts to a Multi-Level Secuirty (MLS) policy. Now that we’ve covered the sensitivity component it’s time to address the second component which is typically referred to as a category or compartment. Before we get into the rules that govern this policy component however, let’s talk about why we need them. Sensitivities are [...]
In my last post I gave a brief description of the two governing principles of Multi-Level security. I then used a short-hand version of a logical framework from Chin and Older to explain how a reference monitor may use such a logic to make access control decisions. In this post I go one step further [...]
In my last post I introduced a topic I’ve been working on over the past year. That post provided a description of the problem and it’s importance, but didn’t get into the details behind the technologies used in the solution I’ve worked up. This post is the first of several to come that will fill [...]
About a year ago I started working on my masters project. The topic turned out to be … not interesting enough to hold my attention I guess. This ended up being for the best since shortly after losing interest in my first project I got picked up on a project at work that I managed [...]
I’ve continued to make progress in my efforts to get SELinux working on my laptop. My day job has been pretty demanding these days but I ran into a few interesting AVCs and had to come up with a fix that is worth mentioning. Let’s start with the AVCs: avc: denied { read } for [...]
Most of the work that’s gone into the Debian SELinux policy seems to have has been done on servers. After taking a serious look at the AVCs on my laptop it seems that most of the power management stuff isn’t quite working. It was close though so the patch I had to whip up wasn’t [...]
