Toward a real MLS/SELinux system for end users: An empirical study

Author

Blanc, Mathieu ; Clemente, Patrice ; Kissi, Steve-William

Author_Institution

CEA, DAM, Arpajon

fYear

2009

fDate

18-22 May 2009

Firstpage

209

Lastpage

216

Abstract

Multi-Level Security (MLS) has been widely used in order to implement confidentiality policies inside organizations, especially into military ones. More recently, some works have been done about the use of MLS inside Security Enhanced Linux (SELinux) operating systems. The main motivation is to have MLS open source system without rewriting applications to work under such OS. Although the MLS mechanisms have been implemented at the operating system level, that doesn´t imply that the system is usable, from an end-user point-of-view. In this paper, we survey the state of the art and technology about the support of MLS under SELinux operating systems. Keeping in mind the main objectives of MLS (i.e., preventing information flows between users), we will deeply experiment OS level mechanisms for MLS control and applications compatibility with such controls. We will discuss remaining issues and future directions to explore.

Keywords

Linux; public domain software; security of data; MLS open source system; SELinux operating systems; confidentiality policies; end users; multilevel security; security enhanced Linux; Application software; Contracts; Data security; Information security; Information systems; Linux; Military computing; Multilevel systems; Operating systems; Protection; Bell - La Padula; Confidentiality; Multi-Level Security; SELinux;

fLanguage

English

Publisher

ieee

Conference_Titel

Collaborative Technologies and Systems, 2009. CTS '09. International Symposium on

Conference_Location

Baltimore, MD

Print_ISBN

978-1-4244-4584-4

Electronic_ISBN

978-1-4244-4586-8

Type

conf

DOI

10.1109/CTS.2009.5067483

Filename

5067483