NetLabel Presentation and Tutorial at LinuxCon
In a few weeks I'll be giving a presentation and tutorial on NetLabel at LinuxCon. Both as a speaker and as a member of the audience I've always felt that the best presentations/tutorials are the ones that cover what the audience is really interested in hearing. The only problem is that in most cases the presentation material needs to be
( Read more... )
Comments 2
I have look for you for days, the email which you leaved in cipso_ipv4.h is invalid.
what ever find you here, hope you can reply my questions.
I have been learning CIPSO for days.
Cloud you tell me how to understand the DOI?
And what is the "DOI Authority"? Is this a server like domain server?
How does systerms in a DOI sharing security policies and security attributes ?
In the draft(CIPSO 2.2), there is a description like:
*********************************************************
"CIPSO has been designed to support multiple security policies.
This Internet Draft provides the format and procedures required to support a Mandatory Access Control security policy.
Support for additional security policies shall be defined in future RFCs."
**********************************************************
But finally CIPSO is not written into RFC. Does this means CIPSO just support MAC security policy and RMSP(described in CIPSO 2.3)?
Reply
My @hp.com email address is no longer valid as I've changed employers; if you check recent Linux Kernels you will find my correct email address.
DOI stands for "Domain of Interpretation" which basically defines what CIPSO tag types should be used as well as the significance of the sensitivity levels and compartments. Effectively this means that each system communicating with a common CIPSO DOI should share a similar configuration and security policy.
As for CIPSO on Linux, CIPSO is implemented via the NetLabel subsystem which supports both the SELinux and Smack LSM modules. Both SELinux and Smack are MAC implementations that support different security policies as defined by the system administrator.
-Paul
Reply
Leave a comment