Security Enhanced Linux
What's New
Frequently Asked Questions
Background
Documents
License
Download
Participating
Mail List
Archives
Remaining Work
Contributors
Related Work
Press Releases
Information Assurance Research
NIARL In-house Research Areas
Mathematical Sciences Program
Sabbaticals
Computer & Information Sciences Research
Technology Transfer
Advanced Computing
Advanced Mathematics
Communications & Networking
Information Processing
Microelectronics
Other Technologies
Technology Fact Sheets
Publications
Related Links
|
SELinux Mailing ListRe: [OT] SELinux vs. other systems [was Re: [idea] udev + selinux]
From: Richard Troth <rtroth_at_bmc.com>
Date: Wed, 1 Sep 2004 09:23:42 -0500 (CDT)
Tough questions. Good questions!
> Compare this to less complex security provided by e.g. the Linux Ahhh... virtual machines. (And I don't mean Java.) I'm thinking VMware and (esp) z/VM (IBM style mainframe). Been using both or years, VMware since 1.0 beta and mainframe since ... well ... I was pretty young at the time. But not for security per-se, they have other interesting features. Linas' mention of VServer and its side-effect security reminds me of something I read in the anals of VM hisory: http://vm.marist.edu/~vmshare/browse?fn=VMHIST07&ft=NOTE (Stephen, Howard, and the rest and friends at the NSA please take no offense. I found this terribly entertaining.) Even from its earliest days, VM (CP) isolated each user, so: "On another occasion we almost had an in-house protest. Among the early users of CP-67/CMS were both the National Security Agency and the CIA; the fact that the DAT hardware isolated each user in his own address space was viewed as a powerful system security feature. One time in 1970, I think, the CIA sent two of their people to Cambridge to talk about something that Ed Hendricks had developed or was working on. In the atmosphere of the time, none of the technical people at CSC, especially Ed, wanted to talk to them at all! Ed stormed around the halls muttering "damned spooks!" for half an hour or more before Craig Johnson and Norm Rasmussen were able to coerce him into the meeting. Even more amazing is that they were spooks; there was a man and a woman, both of slightly below-average height, average build, average everything! You could stand and talk directly to them or study them for five minutes or more, but if you turned around there was nothing to remember and nothing to describe; they were effectively invisible." Thanks to Lynn Wheeler for helping me dig this up.
-- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.Received on Wed 1 Sep 2004 - 10:25:20 EDT |
|
Date Posted: Jan 15, 2009 | Last Modified: Jan 15, 2009 | Last Reviewed: Jan 15, 2009 |