NSA Security-enhanced Linux  Home ToC Prev Up Next 
Types of AC
DTE model
RBAC model
MLS model
+FLASK
Initial SIDs
Constraints
SecDecs
Conclusion
  

FLASK

SELinux Flask architecture

  • provides flexible support for MAC control policies

  • separates the definition of the policy logic from the enforcement mechanism

  • provides an access vector cache (AVC) that stores the access decision computations provided by the security server

  • defines a security context as a representation of the security label and security identifier (SID) as an integer that is mapped by the security server to a security context

  • specifies the interfaces provided by the security server to the object manager that enforce the security policy

20. Initial SIDs
21. Constraints
Copyright © 2004 Pavol Lupták  Prev Next