What is Type Enforcement Model in SELinux?

What is Type Enforcement Model in SELinux?

[Kernel freak]

[-- Attachment #1: Type: text/plain, Size: 406 bytes --]

Hello Friends,
                     I am writing a report and I need to write about TE
model in SELinux. I searched around the net, but all the articles I read
beat around the bush and never say like ok, this is TE model for SELinux.
Can anyone be so kind and please point me out to some links which say about
TE model in SELinux and if possible an appropriate model. Thank you for
your time and patience.

[-- Attachment #2: Type: text/html, Size: 463 bytes --]

Re: What is Type Enforcement Model in SELinux?

[Bryan Harris]

I am also new to selinux but I believe what you're looking for is MAC mandatory access control.

http://en.m.wikipedia.org/wiki/SELinux

Hope this helps and doesn't make things worse for you. (-:

Bryan

> On Mar 1, 2014, at 6:23 AM, Kernel freak <kernelfreak@gmail.com> wrote:
> 
> Hello Friends,
>                      I am writing a report and I need to write about TE model in SELinux. I searched around the net, but all the articles I read beat around the bush and never say like ok, this is TE model for SELinux. 
> Can anyone be so kind and please point me out to some links which say about TE model in SELinux and if possible an appropriate model. Thank you for your time and patience.
> _______________________________________________
> Selinux mailing list
> Selinux@tycho.nsa.gov
> To unsubscribe, send email to Selinux-leave@tycho.nsa.gov.
> To get help, send an email containing "help" to Selinux-request@tycho.nsa.gov.

Re: What is Type Enforcement Model in SELinux?

[Kernel freak]

[-- Attachment #1: Type: text/plain, Size: 1333 bytes --]

On Sat, Mar 1, 2014 at 2:14 PM, Bryan Harris <bryanlharris@me.com> wrote:

> I am also new to selinux but I believe what you're looking for is MAC
> mandatory access control.
>
> http://en.m.wikipedia.org/wiki/SELinux
>
> Hope this helps and doesn't make things worse for you. (-:
>

Sorry, but I don't believe it is.

>
> Bryan
>
> > On Mar 1, 2014, at 6:23 AM, Kernel freak <kernelfreak@gmail.com> wrote:
> >
> > Hello Friends,
> >                      I am writing a report and I need to write about TE
> model in SELinux. I searched around the net, but all the articles I read
> beat around the bush and never say like ok, this is TE model for SELinux.
> > Can anyone be so kind and please point me out to some links which say
> about TE model in SELinux and if possible an appropriate model. Thank you
> for your time and patience.
> > _______________________________________________
> > Selinux mailing list
> > Selinux@tycho.nsa.gov
> > To unsubscribe, send email to Selinux-leave@tycho.nsa.gov.
> > To get help, send an email containing "help" to
> Selinux-request@tycho.nsa.gov.
>
> _______________________________________________
> Selinux mailing list
> Selinux@tycho.nsa.gov
> To unsubscribe, send email to Selinux-leave@tycho.nsa.gov.
> To get help, send an email containing "help" to
> Selinux-request@tycho.nsa.gov.
>

[-- Attachment #2: Type: text/html, Size: 2344 bytes --]

Re: What is Type Enforcement Model in SELinux?

[Brandon Whalen]

On Sat, Mar 1, 2014 at 8:26 AM, Kernel freak <kernelfreak@gmail.com> wrote:
>
>
>
> On Sat, Mar 1, 2014 at 2:14 PM, Bryan Harris <bryanlharris@me.com> wrote:
>>
>> I am also new to selinux but I believe what you're looking for is MAC
>> mandatory access control.
>>
>> http://en.m.wikipedia.org/wiki/SELinux
>>
>> Hope this helps and doesn't make things worse for you. (-:
>
>
> Sorry, but I don't believe it is.
>>
>>
>> Bryan
>>
>> > On Mar 1, 2014, at 6:23 AM, Kernel freak <kernelfreak@gmail.com> wrote:
>> >
>> > Hello Friends,
>> >                      I am writing a report and I need to write about TE
>> > model in SELinux. I searched around the net, but all the articles I read
>> > beat around the bush and never say like ok, this is TE model for SELinux.
>> > Can anyone be so kind and please point me out to some links which say
>> > about TE model in SELinux and if possible an appropriate model. Thank you
>> > for your time and patience.

SELinux doesn't just implement TE. It can implement RBAC, UBAC, TE,
and can also do MLS. To understand the threat SELinux and TE are
trying to mitigate read
http://www.nsa.gov/research/_files/publications/inevitability.pdf and
then you can read
https://lwn.net/2001/features/OLS/pdf/pdf/selinux.pdf to see how the
design of SELinux is meant to deal with those threats.


>> > _______________________________________________
>> > Selinux mailing list
>> > Selinux@tycho.nsa.gov
>> > To unsubscribe, send email to Selinux-leave@tycho.nsa.gov.
>> > To get help, send an email containing "help" to
>> > Selinux-request@tycho.nsa.gov.
>>
>> _______________________________________________
>> Selinux mailing list
>> Selinux@tycho.nsa.gov
>> To unsubscribe, send email to Selinux-leave@tycho.nsa.gov.
>> To get help, send an email containing "help" to
>> Selinux-request@tycho.nsa.gov.
>
>
>
> _______________________________________________
> Selinux mailing list
> Selinux@tycho.nsa.gov
> To unsubscribe, send email to Selinux-leave@tycho.nsa.gov.
> To get help, send an email containing "help" to
> Selinux-request@tycho.nsa.gov.
>

Re: What is Type Enforcement Model in SELinux?

[Joshua Brindle]

Kernel freak wrote:
> Hello Friends,
>                       I am writing a report and I need to write about TE
> model in SELinux. I searched around the net, but all the articles I read
> beat around the bush and never say like ok, this is TE model for SELinux.
> Can anyone be so kind and please point me out to some links which say
> about TE model in SELinux and if possible an appropriate model. Thank
> you for your time and patience.
>

You are probably having problems finding a succinct description of the 
model because, to my knowledge, there is no complete description as it 
exists today.

I'm sure Stephen will have other suggestions but you can start with the 
old Flask papers:
http://www.cs.utah.edu/flux/fluke/html/flask.html

The type enforcement access matrix model hasn't much changed since then 
but various things related to what that means on a system have (such as 
constraints, network access control, named transitions) evolved over time.

Re: What is Type Enforcement Model in SELinux?

[Kernel freak]

[-- Attachment #1: Type: text/plain, Size: 1242 bytes --]

Hello all,
                  Thank you very much for the information. I will read and
get back. You were right Joshua, I cannot find a description of the model.


On Sat, Mar 1, 2014 at 3:01 PM, Joshua Brindle <brindle@quarksecurity.com>wrote:

> Kernel freak wrote:
>
>> Hello Friends,
>>                       I am writing a report and I need to write about TE
>> model in SELinux. I searched around the net, but all the articles I read
>> beat around the bush and never say like ok, this is TE model for SELinux.
>> Can anyone be so kind and please point me out to some links which say
>> about TE model in SELinux and if possible an appropriate model. Thank
>> you for your time and patience.
>>
>>
> You are probably having problems finding a succinct description of the
> model because, to my knowledge, there is no complete description as it
> exists today.
>
> I'm sure Stephen will have other suggestions but you can start with the
> old Flask papers:
> http://www.cs.utah.edu/flux/fluke/html/flask.html
>
> The type enforcement access matrix model hasn't much changed since then
> but various things related to what that means on a system have (such as
> constraints, network access control, named transitions) evolved over time.
>

[-- Attachment #2: Type: text/html, Size: 1862 bytes --]

Re: What is Type Enforcement Model in SELinux?

[Kernel freak]

[-- Attachment #1: Type: text/plain, Size: 1787 bytes --]

Hello Friends,
                    I had already read the *inevitability* paper before, so
I went to the next paper as mentioned by Branden. Unfortunately, it
discusses TE ACM and TE policies.
As for the flask papers, SELinux inherits FLASK features, but nothing
relevant to TE model was found.
I am still looking for an explanation for this, anything more would be
helpful. Thank you very much for your time and patience guys.


On Sat, Mar 1, 2014 at 3:08 PM, Kernel freak <kernelfreak@gmail.com> wrote:

> Hello all,
>                   Thank you very much for the information. I will read and
> get back. You were right Joshua, I cannot find a description of the model.
>
>
> On Sat, Mar 1, 2014 at 3:01 PM, Joshua Brindle <brindle@quarksecurity.com>wrote:
>
>> Kernel freak wrote:
>>
>>> Hello Friends,
>>>                       I am writing a report and I need to write about TE
>>> model in SELinux. I searched around the net, but all the articles I read
>>> beat around the bush and never say like ok, this is TE model for SELinux.
>>> Can anyone be so kind and please point me out to some links which say
>>> about TE model in SELinux and if possible an appropriate model. Thank
>>> you for your time and patience.
>>>
>>>
>> You are probably having problems finding a succinct description of the
>> model because, to my knowledge, there is no complete description as it
>> exists today.
>>
>> I'm sure Stephen will have other suggestions but you can start with the
>> old Flask papers:
>> http://www.cs.utah.edu/flux/fluke/html/flask.html
>>
>> The type enforcement access matrix model hasn't much changed since then
>> but various things related to what that means on a system have (such as
>> constraints, network access control, named transitions) evolved over time.
>>
>
>

[-- Attachment #2: Type: text/html, Size: 2755 bytes --]

Re: What is Type Enforcement Model in SELinux?

[Stephen Smalley]

Have you read this technical report?
http://www.nsa.gov/research/_files/selinux/papers/policy2-abs.shtml

On Sat, Mar 1, 2014 at 6:23 AM, Kernel freak <kernelfreak@gmail.com> wrote:
> Hello Friends,
>                      I am writing a report and I need to write about TE
> model in SELinux. I searched around the net, but all the articles I read
> beat around the bush and never say like ok, this is TE model for SELinux.
> Can anyone be so kind and please point me out to some links which say about
> TE model in SELinux and if possible an appropriate model. Thank you for your
> time and patience.
>
> _______________________________________________
> Selinux mailing list
> Selinux@tycho.nsa.gov
> To unsubscribe, send email to Selinux-leave@tycho.nsa.gov.
> To get help, send an email containing "help" to
> Selinux-request@tycho.nsa.gov.
>