Re: Media Excitement!

[robert () dyadsecurity com]

Cody Hatch(bytejump () gmail com)@Fri, Apr 22, 2005 at 12:25:39PM -0600:
> The question is, how do we strengthen the OS while we wait for lazy
> developers to get in the boat? Is RBAC the only effective answer
> currently?

Domain/Type Enforcement managed by RBAC can be effective. From our
independant analisys the SE Linux project has implemented many security
mechanisms that start to mitigate the Transitory nature of privledges
and Trojan Horse problems that you have in DAC systems.  It's far from
complete, but a great start.  It is a worth while project to contribute
to, or simply study.

We use it on our laptops now (strict mode, custom policy).  It's a pain
in the ass to learn because it'll take you a couple of weeks just to
understand the concepts if you're new to them.  I'll be up front about
that now. :) ... but it's a free project.

That said, we're working on demonstration configurations to show off
what can be done today with SE Linux.  That project has a ton of
promise.

Robert

-- 
Robert E. Lee
CEO, Dyad Security, Inc.
W - http://www.dyadsecurity.com
E - robert () dyadsecurity com
M - (949) 394-2033
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
https://lists.immunitysec.com/mailman/listinfo/dailydave