SELinux Symposium Notes: Session 1

[Editor’s note: these were notes I took during the talks given at the SELinux Symposium. The nodes probably have errors and are definitely incomplete, so don’t go treating them as canonical sources of information or anything. Enjoy the behind-the-scenes peek at how I take notes: a minefield of lousy formatting disjointed grammar.]

Keynote Address: The Road to Practical Mandatory Security in Mainstream Operating Systems – an historical perspective (Steve Walker, Steve Walker & Associates)

research into building security into OSes never got into mainstream systems
world isn’t going to build many more new OSes…
[fun fact: "Al Gore invented Internet" jokes still not funny]
NSA acquiring whatever computer hardware they could purchase (no OSes – none existed yet, largely – just hardware)
on to ARPA, in charge of security stuff
Multics origin of many ideas, but never became mainstream – targetted non-mainstream hardware
UNIX developed –> KSOS effort to make secure kernelized OS – never caught on
as with multi-level VMs, secure XENIX (acquired by TIS), trusted Mach (B3) (died because buzz around NT, not UNIX)
SELinux the exception? (Red Hat backing) – bringing security to mainstream OS
network security:
sending classified data over ARPAnet – encryptors keyed using paper tape, only point-to-point
no control cables around crypto in theory, but did it in practice (covert channels)
limitation: getting multiple copies of paper-tape key – led to developing built-in crypto
DoD using ARPAnet instead of separate network sank funds into Internet’s development
fun fact: TIS hosted originally until White House set up connectivity –> June ’93 + 20 months (messages put on floppies, send to White House for volunteers to answer)

SELinux Year in Review (invited talk) (Stephen D. Smalley, NSA)

year ago: distro support either optional ad-on or with limited scope (eg only server environments)
now: coverage expanded in Fedora, becoming mainstreamed in Debian & elsewhere
MLS, auditing: enhanced & increasingly mainstreamed; RHEL5 undergoing evaluation
monolithic & static policy w/ little, ad-hoc customization –> modules, refpolicy, management APIs (foundational support is now there to build on)
labeling: not for networking, nonatomic file labeling, etc –> new overcome
future: distributed mgmt, IDE, protecting networks, desktop support & protecting app-level objects (SELinux aware apps…), etc

2 Responses

  1. [fun fact: “Al Gore invented Internet” jokes still not funny]

    That was a fun fact.

  2. That line in the notes marks the second time someone had made a reference to that at the conference. Keep in mind that this was the first session on the first day.

    Later, when Stephen Smalley asked me how I wanted to be introduced during my session, he remarked that the introduction had to be true and said I couldn’t claim credit for inventing the Internet. I replied that that joke was done to death already.

    I did consider asking for a “vague Charlie” type of introduction, but no one there would’ve gotten the in-joke and I wasn’t sure how well it would be received. People did seem to like my final slide, however.

Comments are closed.