Computer Science and SE Linux

Computer Science and SE Linux

[Russell Coker]

I'm going to offer a lecture about the Computer Science aspects of SE Linux in 
the near future.  Here's a quick summary of what I'm thinking of speaking 
about.

MAC vs DAC.

Domain-Type as a concept (not details of implementation).

LSM as a concept.

PAM and cron modifications.  Generally how the Unix users fit in with SE Linux 
and how that can be extended to other MAC systems.

Why we modify init and what other options were tested.

MLS as a concept in general.

File labelling, why and how.

Algorithms for optimising setfiles.

I'd like to speak about some features of the kernel code.  I recall reading 
about the optimisations for 32 core systems some time ago, I'm sure there's 
something in that which is worth mentioning.  It's not an area that I've 
worked on, can anyone suggest something I should read about this?

Any suggestions for other things I should mention?  Note that I'm not planning 
to mention anything about how to actually use SE Linux.  There are lots of web 
sites about that and I could offer a lecture on that topic at a different venue.  
The previous lecture in the series was about the design of the Enigma machines 
for WW2 cryptography.  The audience want to generally learn about maths and 
science not necessarily learn things that they can actually do.

Also the format of the presentation is that it has to finish quickly when the 
pizza arrives.  So the items at the bottom of the list may get skipped.

-- 
My Main Blog         http://etbe.coker.com.au/
My Documents Blog    http://doc.coker.com.au/

Re: Computer Science and SE Linux

[Thomas Rozenbroek]

Will these lecture(s) be recorded and made available to those of us, who 
are not able to attend?

Thank you for your efforts

Respectfully,

thr
-----

On 10/3/2015 6:38 AM, Russell Coker wrote:
> I'm going to offer a lecture about the Computer Science aspects of SE Linux in
> the near future.  Here's a quick summary of what I'm thinking of speaking
> about.
>
> MAC vs DAC.
>
> Domain-Type as a concept (not details of implementation).
>
> LSM as a concept.
>
> PAM and cron modifications.  Generally how the Unix users fit in with SE Linux
> and how that can be extended to other MAC systems.
>
> Why we modify init and what other options were tested.
>
> MLS as a concept in general.
>
> File labelling, why and how.
>
> Algorithms for optimising setfiles.
>
> I'd like to speak about some features of the kernel code.  I recall reading
> about the optimisations for 32 core systems some time ago, I'm sure there's
> something in that which is worth mentioning.  It's not an area that I've
> worked on, can anyone suggest something I should read about this?
>
> Any suggestions for other things I should mention?  Note that I'm not planning
> to mention anything about how to actually use SE Linux.  There are lots of web
> sites about that and I could offer a lecture on that topic at a different venue.
> The previous lecture in the series was about the design of the Enigma machines
> for WW2 cryptography.  The audience want to generally learn about maths and
> science not necessarily learn things that they can actually do.
>
> Also the format of the presentation is that it has to finish quickly when the
> pizza arrives.  So the items at the bottom of the list may get skipped.
>

Re: Computer Science and SE Linux

[Russell Coker]

No. But I'll probably write a blog post covering much of that material - at least the areas that I've personally worked on.

On October 4, 2015 1:35:45 PM GMT+11:00, Thomas Rozenbroek <tom.rozenbroek@comcast.net> wrote:
>Will these lecture(s) be recorded and made available to those of us,
>who 
>are not able to attend?
>
>Thank you for your efforts
>
>Respectfully,
>
>thr
>-----
>
>On 10/3/2015 6:38 AM, Russell Coker wrote:
>> I'm going to offer a lecture about the Computer Science aspects of SE
>Linux in
>> the near future.  Here's a quick summary of what I'm thinking of
>speaking
>> about.
>>
>> MAC vs DAC.
>>
>> Domain-Type as a concept (not details of implementation).
>>
>> LSM as a concept.
>>
>> PAM and cron modifications.  Generally how the Unix users fit in with
>SE Linux
>> and how that can be extended to other MAC systems.
>>
>> Why we modify init and what other options were tested.
>>
>> MLS as a concept in general.
>>
>> File labelling, why and how.
>>
>> Algorithms for optimising setfiles.
>>
>> I'd like to speak about some features of the kernel code.  I recall
>reading
>> about the optimisations for 32 core systems some time ago, I'm sure
>there's
>> something in that which is worth mentioning.  It's not an area that
>I've
>> worked on, can anyone suggest something I should read about this?
>>
>> Any suggestions for other things I should mention?  Note that I'm not
>planning
>> to mention anything about how to actually use SE Linux.  There are
>lots of web
>> sites about that and I could offer a lecture on that topic at a
>different venue.
>> The previous lecture in the series was about the design of the Enigma
>machines
>> for WW2 cryptography.  The audience want to generally learn about
>maths and
>> science not necessarily learn things that they can actually do.
>>
>> Also the format of the presentation is that it has to finish quickly
>when the
>> pizza arrives.  So the items at the bottom of the list may get
>skipped.
>>

-- 
Sent from my Samsung Galaxy Note 3 with K-9 Mail.

Re: Computer Science and SE Linux

[Hal Martin]

[-- Attachment #1: Type: text/plain, Size: 3723 bytes --]

Russell, that really might be nice... SELinux is a really amazingly
wonderful effort to do go things with the available technology to achieve
successful outcomes in the nominal positive operation of functional
security controls. It is, however, subject to the same conditions that
killed Trusted Solaris 8, 10 with TNE, and lots of other things. Sys Admins
who just really didn't want to get into figuring our applications and what
programmers where asking the OS to do, via calls and required privs... so
finding a balance, figuring out what effectively IS 'least priv' = tood
hard except for well defined roles and well understood applications. imho.
So anything you can do, if you understand things, to get next generation
interested and running with SELinux, will help all of us in the long run.
Best, Hal


'Cyberspace' as a term is sort of over. It's over in the way that, after a
certain time, people stopped using the suffix '-electro' to make things
cool, because everything was electrical. 'Electro' was all over the early
20th century, and now it's gone. I think 'cyber' is sort of the same way.

William Gibson


pgp-public-key-fingerprint-hal-martin-hmarti2atumbcdotedu
65F3 E8EF 02D9 81FA 0CD1 477A 40FC 0838 776E 4538


On Sun, Oct 4, 2015 at 11:56 AM, Russell Coker <russell@coker.com.au> wrote:

> No. But I'll probably write a blog post covering much of that material -
> at least the areas that I've personally worked on.
>
> On October 4, 2015 1:35:45 PM GMT+11:00, Thomas Rozenbroek <
> tom.rozenbroek@comcast.net> wrote:
> >Will these lecture(s) be recorded and made available to those of us,
> >who
> >are not able to attend?
> >
> >Thank you for your efforts
> >
> >Respectfully,
> >
> >thr
> >-----
> >
> >On 10/3/2015 6:38 AM, Russell Coker wrote:
> >> I'm going to offer a lecture about the Computer Science aspects of SE
> >Linux in
> >> the near future.  Here's a quick summary of what I'm thinking of
> >speaking
> >> about.
> >>
> >> MAC vs DAC.
> >>
> >> Domain-Type as a concept (not details of implementation).
> >>
> >> LSM as a concept.
> >>
> >> PAM and cron modifications.  Generally how the Unix users fit in with
> >SE Linux
> >> and how that can be extended to other MAC systems.
> >>
> >> Why we modify init and what other options were tested.
> >>
> >> MLS as a concept in general.
> >>
> >> File labelling, why and how.
> >>
> >> Algorithms for optimising setfiles.
> >>
> >> I'd like to speak about some features of the kernel code.  I recall
> >reading
> >> about the optimisations for 32 core systems some time ago, I'm sure
> >there's
> >> something in that which is worth mentioning.  It's not an area that
> >I've
> >> worked on, can anyone suggest something I should read about this?
> >>
> >> Any suggestions for other things I should mention?  Note that I'm not
> >planning
> >> to mention anything about how to actually use SE Linux.  There are
> >lots of web
> >> sites about that and I could offer a lecture on that topic at a
> >different venue.
> >> The previous lecture in the series was about the design of the Enigma
> >machines
> >> for WW2 cryptography.  The audience want to generally learn about
> >maths and
> >> science not necessarily learn things that they can actually do.
> >>
> >> Also the format of the presentation is that it has to finish quickly
> >when the
> >> pizza arrives.  So the items at the bottom of the list may get
> >skipped.
> >>
>
> --
> Sent from my Samsung Galaxy Note 3 with K-9 Mail.
>
> _______________________________________________
> Selinux mailing list
> Selinux@tycho.nsa.gov
> To unsubscribe, send email to Selinux-leave@tycho.nsa.gov.
> To get help, send an email containing "help" to
> Selinux-request@tycho.nsa.gov.
>

[-- Attachment #2: Type: text/html, Size: 5316 bytes --]