Front Page
Internet
Printing
Freelancing
SEFlow
Linking
Cryptography
Privacy
Disclaimer
Impressum
SEFlowSEFlow
 
Hauptseite
Suchen

flexible data flow control

With SELinux, a very powerful means of controlling information processing policies inside a computing system is available. The problem is that it is often understood as a complete drop-in solution for Linux systems. This approach misses an important point: the standard distribution of SELinux consists of two parts: an in-kernel module for actually constraining the system, and a base policy defining what should be allowed. The base policy (and most other available policies, as they are based on it) enforce a rather specific approach towards system security. If it does not fit on an already existing workflow, users could be easily tempted to weaken it so the workflow remaing possible. This way, the provided security quickly becomes useless.

SEFlow uses the in-kernel interface of SELinux to follow a more dynamic approach to security: by extending a minimal base policy using primitives, security can be incrementally increased towards a useful level.

For further information, please have a look at the project page and at the developer information.


bookmark at StumbleUpon