[Xen-devel] Re: [Xense-devel] Question about XSM-ACM XSM-FLASK d

To:	Atsushi SAKAI <sakaia@xxxxxxxxxxxxxx>, xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxx>, xense-devel <xense-devel@xxxxxxxxxxxxxxxxxxx>
Subject:	[Xen-devel] Re: [Xense-devel] Question about XSM-ACM XSM-FLASK differences
From:	"George S. Coker, II" <gscoker@xxxxxxxxxxxxxx>
Date:	Tue, 20 Jan 2009 18:52:07 -0500
Cc:
Delivery-date:	Tue, 20 Jan 2009 15:52:47 -0800
Envelope-to:	www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to:	<20090116090805.8FE7718058@xxxxxxxxxxxxxxxxxxxxxx>
List-help:	<mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id:	Xen developer discussion <xen-devel.lists.xensource.com>
List-post:	<mailto:xen-devel@lists.xensource.com>
List-subscribe:	<http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe:	<http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Sender:	xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
Thread-index:	Acl7Whn8gc7DMIE9VEyJS7mFw75HOg==
Thread-topic:	[Xense-devel] Question about XSM-ACM XSM-FLASK differences
User-agent:	Microsoft-Entourage/12.15.0.081119

ACM and FLASK are security modules under the XSM framework.  Only XSM-FLASK
is based on the Flask architecture.  Both modules implement type enforcement
but differ in the granularity of the enforcement.

XSM-ACM(sHype) is described in the open literature,

http://domino.watson.ibm.com/library/cyberdig.nsf/papers/5FF6B8DE618BCF30852
570230052518A/$File/rc23629.pdf

and

http://domino.watson.ibm.com/library/cyberdig.nsf/papers/265C8E3A6F95CA8D852
56FA1005CBF0F/$File/rc23511.pdf

XSM-FLASK is based on the same security architecture (Flask) and goals as
SELinux, which is described in the open literature,

http://www.nsa.gov/research/_files/selinux/papers/module.pdf

and

http://www.nsa.gov/research/_files/selinux/papers/slinux.pdf

The scope for XSM-FLASK is limited to Xen.  The XSM-FLASK module implements
a separate and distinct security server from SELinux.  The subjects,
objects, and permissions described in the XSM-FLASK policy are relevant only
to Xen.  There is no functional dependency between XSM-FLASK and SELinux
guests.  However, one uses the SELinux tools and policy grammar to construct
and analyze XSM-FLASK policies.

In a system running an SELinux guest and an XSM-FLASK enabled hypervisor,
there are two security servers.  One security server is in the SELinux
guest.  The other security server is in the XSM-FLASK enabled hypervisor.
Each security server is loaded with a policy that is relevant only to the
SELinux guest or XSM-Flask enabled hypervisor, respectively.

Let me know if this doesn't answer your questions.

On 1/16/09 4:07 AM, "Atsushi SAKAI" <sakaia@xxxxxxxxxxxxxx> wrote:

> Hi,
> 
> I have a question about XSM-ACM(sHype) and XSM-FLASK difference.
> These two are based on Flask model.
> So I wan to know the difference of these two.
> 
> Is this is only a implementation difference?
> (like a policy description format etc.)
> 
> Or any other difference exists?
> 
> I think XSM-FLASK policy format is same as SELinux one.
> But Security Server is splited between Linux/Xen.
> In this situation,
> it looks same XSM-ACM and XSM-FLASKin a view from Security Server.
> 
> If this discussion is already done,
> Please suggest me a pointer.
> 
> Thanks
> Atsushi SAKAI
> 
> 
> 
> _______________________________________________
> Xense-devel mailing list
> Xense-devel@xxxxxxxxxxxxxxxxxxx
> http://lists.xensource.com/xense-devel

-- 
George S. Coker, II <gscoker@xxxxxxxxxxxxxx>

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

WARNING - OLD ARCHIVES

xen-devel

[Xen-devel] Re: [Xense-devel] Question about XSM-ACM XSM-FLASK differenc