Question about XSM-ACM XSM-FLASK differences

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Question about XSM-ACM XSM-FLASK differences

sakaia
Hi,

I have a question about XSM-ACM(sHype) and XSM-FLASK difference.
These two are based on Flask model.
So I wan to know the difference of these two.

Is this is only a implementation difference?
(like a policy description format etc.)

Or any other difference exists?

I think XSM-FLASK policy format is same as SELinux one.
But Security Server is splited between Linux/Xen.
In this situation,
it looks same XSM-ACM and XSM-FLASKin a view from Security Server.

If this discussion is already done,
Please suggest me a pointer.

Thanks
Atsushi SAKAI



_______________________________________________
Xense-devel mailing list
[hidden email]
http://lists.xensource.com/xense-devel
Reply | Threaded
Open this post in threaded view
|

Re: Question about XSM-ACM XSM-FLASK differences

George S. Coker, II

ACM and FLASK are security modules under the XSM framework.  Only XSM-FLASK
is based on the Flask architecture.  Both modules implement type enforcement
but differ in the granularity of the enforcement.

XSM-ACM(sHype) is described in the open literature,

http://domino.watson.ibm.com/library/cyberdig.nsf/papers/5FF6B8DE618BCF30852
570230052518A/$File/rc23629.pdf

and

http://domino.watson.ibm.com/library/cyberdig.nsf/papers/265C8E3A6F95CA8D852
56FA1005CBF0F/$File/rc23511.pdf

XSM-FLASK is based on the same security architecture (Flask) and goals as
SELinux, which is described in the open literature,

http://www.nsa.gov/research/_files/selinux/papers/module.pdf

and

http://www.nsa.gov/research/_files/selinux/papers/slinux.pdf

The scope for XSM-FLASK is limited to Xen.  The XSM-FLASK module implements
a separate and distinct security server from SELinux.  The subjects,
objects, and permissions described in the XSM-FLASK policy are relevant only
to Xen.  There is no functional dependency between XSM-FLASK and SELinux
guests.  However, one uses the SELinux tools and policy grammar to construct
and analyze XSM-FLASK policies.

In a system running an SELinux guest and an XSM-FLASK enabled hypervisor,
there are two security servers.  One security server is in the SELinux
guest.  The other security server is in the XSM-FLASK enabled hypervisor.
Each security server is loaded with a policy that is relevant only to the
SELinux guest or XSM-Flask enabled hypervisor, respectively.

Let me know if this doesn't answer your questions.

On 1/16/09 4:07 AM, "Atsushi SAKAI" <[hidden email]> wrote:

> Hi,
>
> I have a question about XSM-ACM(sHype) and XSM-FLASK difference.
> These two are based on Flask model.
> So I wan to know the difference of these two.
>
> Is this is only a implementation difference?
> (like a policy description format etc.)
>
> Or any other difference exists?
>
> I think XSM-FLASK policy format is same as SELinux one.
> But Security Server is splited between Linux/Xen.
> In this situation,
> it looks same XSM-ACM and XSM-FLASKin a view from Security Server.
>
> If this discussion is already done,
> Please suggest me a pointer.
>
> Thanks
> Atsushi SAKAI
>
>
>
> _______________________________________________
> Xense-devel mailing list
> [hidden email]
> http://lists.xensource.com/xense-devel

--
George S. Coker, II <[hidden email]>



_______________________________________________
Xense-devel mailing list
[hidden email]
http://lists.xensource.com/xense-devel