Saturday, November 01, 2008

Good Recent Paper to Get Up to Speed on SELinux

James Morris (of RedHat) has one of the better papers seen so far, Have you driven an SELinux lately?.

Among the areas for future work, he defines:

*Continued extension of SELinux architecture to the
desktop infrastructure and major applications. The
Imsep work mentioned in section 10.1 looks to be a
promising model for general separation of security
domains within applications.
• Working with the IETF to standardize Labeled
NFS, and with the Linux community to have it accepted
into the mainline kernel.
• Ongoing performance improvement, and efforts to
further reduce the memory footprint of SELinux.
• Further simplification of policy, perhaps through
the development of a higher-level policy language
with idioms more familiar to Linux administrators.
• Support for more virtualization models, including
Linux as hypervisor (e.g. KVM) and containers.
• Improved support for third party distribution of
policy modules, such as the case of cross-building
RPMs on systems with a conflicting host policy.
Continued usability improvements for end users,
administrators and developers.
• Better documentation.

No comments: