Explore a comprehensive retrospective on 26 years of Flexible Mandatory Access Control (MAC) development and implementation. Delve into the background, motivation, and evolution of MAC architecture through various research systems. Learn about the process of integrating flexible MAC into mainstream systems, its application to mobile platforms, and its role in secure virtualization. Examine the impact of this work on MAC in mainstream systems and discover ongoing efforts to bring MAC to emerging operating systems. Gain insights into the history, lessons learned, and future directions of MAC technology from Stephen Smalley's extensive experience at the National Security Agency.
Retrospective - 26 Years of Flexible Mandatory Access Control
Overview
Syllabus
Intro
MAC: Background & Motivation
MAC: Desired Properties
Traditional MAC • Feed security policy models derived from government clearance/classification system
Traditional MAC: Gaps • Required trusted subjects that could override the security model • Ladied a mechanism to effectively contine and protect the trusted
Type Enforcement (TE)
TE vs Traditional MAC
Flexible MAC Architecture
DTOS Approach to MAC: Benefits • Assurable implementation
Flask & Dynamic Security Policies
Going Mainstream: SE Linux
SELinux Flask in a Monolithic Kernel
SELinux Flask in Linux Userspace
Branching Out: SE BSD and SE Darwin
Android: MAC applied
MAC meets Virtualization
Hypervisors: Microkernels Revisited
SVP: MAC in a system architecture
MAC Futures • Advancing usability without sacrificing security . Composing MAC models Distributed MAC enforcement and management
Taught by
Linux Foundation
