Security-Enhanced Linux Project Background

Researchers in the Information Assurance Research Office of the National
Security Agency (NSA) worked with Secure Computing Corporation (SCC) to
develop a strong, flexible mandatory access control architecture based on
Type Enforcement, a mechanism first developed for the LOCK system. The NSA
and SCC developed two Mach-based prototypes of the architecture: DTMach
and DTOS. The NSA and SCC then worked with the University of Utah's Flux
research group to transfer the architecture to the Fluke research
operating system. During this transfer, the architecture was enhanced to
provide better support for dynamic security policies. This enhanced
architecture was named Flask. The NSA is now integrating the Flask
architecture into the Linux operating system to transfer the technology to
a larger developer and user community.

DTOS: http://www.cs.utah.edu/flux/dtos
Flask: http://www.cs.utah.edu/flux/flask

Two papers provide background information for the project:
* The Inevitability of Failure: The Flawed Assumption of Security in
  Modern Computing Environments explains the need for mandatory access
  controls in operating systems.

  (Available as inevitability.ps, inevitability.pdf and inevitability.html
  in the "papers" directory)

* The Flask Security Architecture: System Support for Diverse Security
  Policies describes the operating system security architecture through
  its prototype implementation in the Fluke research operating system.

  (Available as flask.ps, flask.pdf and ./flask/index.html in the
  "papers" directory)