Linked by Thom Holwerda on Wed 5th Mar 2008 09:43 UTC, submitted by diegocg
Sun Solaris, OpenSolaris "OpenSolaris has launched a new project, Flexible Mandatory Access Control, to integrate the Flask/TE security scheme into their OS. This is the same underlying model implemented by SELinux, and follows other cross-platform Flask/TE integration projects such as SEDarwin and SEBSD. This is very exciting in terms of establishing compatible security across operating systems, particularly for Mandatory Access Control, which has traditionally been narrowly focused and generally incompatible. With FMAC, we're closer to seeing truly ubiquitous, cross-platform MAC security."
Permalink for comment 303505
To read all comments associated with this story, please click here.
RE[4]: Trusted Solaris?
by PlatformAgnostic on Wed 5th Mar 2008 17:09 UTC in reply to "RE[3]: Trusted Solaris?"
PlatformAgnostic
Member since:
2006-01-02

Any idea why the cost is so high?

On Windows, we do the expensive security check when you open a handle (aka fd) and you are granted tbe desired rights until you close the handle. There is a cost when using handles of checking that the handle has been given the right needed for each operation, but it's a single AND and a comparison that happens in the handle table lookup codepath.

What does SELinux do that is more expensive?

Reply Parent Score: 3