SELinux models - Revision history

Jaxelson: /* Introduction to SELinux security models and concepts */ linking security context

Jaxelson — Mon, 13 Sep 2010 21:08:43 GMT

Introduction to SELinux security models and concepts - linking security context

←Older revision		Revision as of 21:08, 13 September 2010
Line 2:		Line 2:


-	SELinux implements a security model that is a combination of SELinux User Identities, Role-Based Access control and [[Type Enforcement]]. Optional models that can be implemented are User-Based Access Control, Multi Level Security or Multi Category Security. Each of these models have a Security attribute, and the combination of these Security attributes is called a Security context.	+	SELinux implements a security model that is a combination of SELinux User Identities, Role-Based Access control and [[Type Enforcement]]. Optional models that can be implemented are User-Based Access Control, Multi Level Security or Multi Category Security. Each of these models have a Security attribute, and the combination of these Security attributes is called a [[Security context]].

	== SELinux User Identities ==		== SELinux User Identities ==

Jaxelson: /* Introduction to SELinux security models and concepts */ messed up type enforcement link

Jaxelson — Mon, 13 Sep 2010 21:07:47 GMT

Introduction to SELinux security models and concepts - messed up type enforcement link

←Older revision		Revision as of 21:07, 13 September 2010
Line 2:		Line 2:


-	SELinux implements a security model that is a combination of SELinux User Identities, Role-Based Access control and [Type Enforcement]. Optional models that can be implemented are User-Based Access Control, Multi Level Security or Multi Category Security. Each of these models have a Security attribute, and the combination of these Security attributes is called a Security context.	+	SELinux implements a security model that is a combination of SELinux User Identities, Role-Based Access control and [[Type Enforcement]]. Optional models that can be implemented are User-Based Access Control, Multi Level Security or Multi Category Security. Each of these models have a Security attribute, and the combination of these Security attributes is called a Security context.

	== SELinux User Identities ==		== SELinux User Identities ==

Jaxelson: /* Introduction to SELinux security models and concepts */

Jaxelson — Mon, 13 Sep 2010 21:07:30 GMT

Introduction to SELinux security models and concepts

←Older revision		Revision as of 21:07, 13 September 2010
Line 2:		Line 2:


-	SELinux implements a security model that is a combination of SELinux User Identities, Role-Based Access control and Type Enforcement. Optional models that can be implemented are User-Based Access Control, Multi Level Security or Multi Category Security. Each of these models have a Security attribute, and the combination of these Security attributes is called a Security context.	+	SELinux implements a security model that is a combination of SELinux User Identities, Role-Based Access control and [Type Enforcement]. Optional models that can be implemented are User-Based Access Control, Multi Level Security or Multi Category Security. Each of these models have a Security attribute, and the combination of these Security attributes is called a Security context.

	== SELinux User Identities ==		== SELinux User Identities ==

DominickGrift: /* User-Based Access Control */

DominickGrift — Thu, 02 Jul 2009 16:55:29 GMT

User-Based Access Control

←Older revision		Revision as of 16:55, 2 July 2009
Line 27:		Line 27:


-	The User-Based Access Control attribute is the first attribute in the Security context. User-Based Access Control is a optional extension to SELinux User Identity concept. ~~The SELinux~~ concept is used to achieve SELinux User Identity separation. Constraints in the security policy define how SELinux User Identities can interact with each others resources.	+	The User-Based Access Control attribute is the first attribute in the Security context. User-Based Access Control is an optional extension to the SELinux User Identity concept. This User-Based Access Control concept is used to achieve SELinux User Identity separation. Constraints in the security policy define how SELinux User Identities can interact with each others resources.

	== Multi Level Security ==		== Multi Level Security ==

DominickGrift: /* Introduction to SELinux security models and concepts */

DominickGrift — Thu, 02 Jul 2009 16:17:03 GMT

Introduction to SELinux security models and concepts

←Older revision		Revision as of 16:17, 2 July 2009
Line 2:		Line 2:


-	SELinux implements a security model that is a combination of SELinux ~~user identities~~, Role-Based Access control and Type Enforcement. ~~Optionally~~ models that can be implemented are User-Based Access Control, Multi Level Security or Multi Category Security. Each of these models have a Security attribute and the combination of these Security attributes is called a Security context.	+	SELinux implements a security model that is a combination of SELinux User Identities, Role-Based Access control and Type Enforcement. Optional models that can be implemented are User-Based Access Control, Multi Level Security or Multi Category Security. Each of these models have a Security attribute, and the combination of these Security attributes is called a Security context.

	== SELinux User Identities ==		== SELinux User Identities ==

DominickGrift: /* User-Based Access Control */

DominickGrift — Thu, 02 Jul 2009 16:01:52 GMT

User-Based Access Control

←Older revision		Revision as of 16:01, 2 July 2009
Line 27:		Line 27:


-	The User-Based Access Control attribute is the first attribute in the Security context. User-Based Access Control is a optional extension to SELinux User Identity concept. The ~~Security model~~ is used to achieve SELinux User Identity separation. Constraints in the security policy define how SELinux User Identities can interact with each others resources.	+	The User-Based Access Control attribute is the first attribute in the Security context. User-Based Access Control is a optional extension to SELinux User Identity concept. The SELinux concept is used to achieve SELinux User Identity separation. Constraints in the security policy define how SELinux User Identities can interact with each others resources.

	== Multi Level Security ==		== Multi Level Security ==

DominickGrift: /* User-Based Access Control */

DominickGrift — Thu, 02 Jul 2009 16:01:01 GMT

User-Based Access Control

←Older revision		Revision as of 16:01, 2 July 2009
Line 27:		Line 27:


-	The User-Based Access Control attribute is the first attribute in the Security context. User-Based Access Control is a optional extension to SELinux User ~~Identities~~. The Security model is used to achieve SELinux User Identity separation. Constraints in the security policy define how SELinux User Identities can interact with each others resources.	+	The User-Based Access Control attribute is the first attribute in the Security context. User-Based Access Control is a optional extension to SELinux User Identity concept. The Security model is used to achieve SELinux User Identity separation. Constraints in the security policy define how SELinux User Identities can interact with each others resources.

	== Multi Level Security ==		== Multi Level Security ==

DominickGrift at 15:59, 2 July 2009

DominickGrift — Thu, 02 Jul 2009 15:59:48 GMT

←Older revision		Revision as of 15:59, 2 July 2009
Line 20:		Line 20:


-	Optional models	+	Optional models and concepts
	----		----

DominickGrift: /* Multi Level Security */

DominickGrift — Thu, 02 Jul 2009 15:54:47 GMT

Multi Level Security

←Older revision		Revision as of 15:54, 2 July 2009
Line 32:		Line 32:


-	The Multi Level Security attribute is the fourth attribute in the Security context. This attribute is used to assign Security levels and Security compartments to processes and ~~files~~ to enforce confidentiality. Constraints in the security policy define how processes and files can interact. Processes are forced to operate on specified Security Levels and in specified Security Compartments. The Multi Level Security model enforces a "no read up and no write down" policy. Multi Level Security and Multi Category Security are mutually exclusive.	+	The Multi Level Security attribute is the fourth attribute in the Security context. This attribute is used to assign Security levels and Security compartments to processes and objects to enforce confidentiality. Constraints in the security policy define how processes and files can interact. Processes are forced to operate on specified Security Levels, and in specified Security Compartments. The Multi Level Security model enforces a "no read up and no write down" policy. Multi Level Security and Multi Category Security are mutually exclusive.

	== Multi Category Security ==		== Multi Category Security ==

DominickGrift at 15:53, 2 July 2009

DominickGrift — Thu, 02 Jul 2009 15:53:59 GMT

←Older revision		Revision as of 15:53, 2 July 2009
Line 17:		Line 17:


-	The Type Enforcement attribute is the third attribute in the Security context. This attribute is used to assign types to processes and ~~files~~. These types can be used to define how processes and objects can interact. Type transitions define whether types for processes and objects can be changed.	+	The Type Enforcement attribute is the third attribute in the Security context. This attribute is used to assign types to processes and objects. These types can be used to define how processes and objects can interact. Type transitions define whether types for processes and objects can be changed.