Linked by Thom Holwerda on Wed 5th Mar 2008 09:43 UTC, submitted by diegocg
Sun Solaris, OpenSolaris "OpenSolaris has launched a new project, Flexible Mandatory Access Control, to integrate the Flask/TE security scheme into their OS. This is the same underlying model implemented by SELinux, and follows other cross-platform Flask/TE integration projects such as SEDarwin and SEBSD. This is very exciting in terms of establishing compatible security across operating systems, particularly for Mandatory Access Control, which has traditionally been narrowly focused and generally incompatible. With FMAC, we're closer to seeing truly ubiquitous, cross-platform MAC security."
Permalink for comment 303716
To read all comments associated with this story, please click here.
RE[6]: Trusted Solaris?
by PlatformAgnostic on Fri 7th Mar 2008 02:42 UTC in reply to "RE[5]: Trusted Solaris?"
Member since:

The revocation issue is interesting and one that is totally unsupported by Windows in the current incarnations. It could be implemented for all kernel securable objects, however, without breaking the driver ABI(I've got a way in mind).

Application compatibility, on the other hand, would suffer greatly. And it would create the risk of data loss and mysterious failures when an application can open a file successfully with write access but then fails to write due to asynchronous changes to the ACL. As a practical matter, do these revocations work? Is it easy for an administrator to do it through the tools available, or is this just a theoretical capability of the system?

Reply Parent Score: 2