From efa9947dc6c8805fab373cb86bedf5a544e8ad33 Mon Sep 17 00:00:00 2001 From: Chris PeBenito Date: May 17 2005 19:58:58 +0000 Subject: reformat --- diff --git a/www/html/index.html b/www/html/index.html index 8ff7b8b..8b33040 100644 --- a/www/html/index.html +++ b/www/html/index.html @@ -1,8 +1,36 @@ -

SE Linux Reference Policy

+

Security Enhanced Linux (SELinux) Reference Policy

+

Introduction

-

The purpose of this document is to serve as a blueprint to policy developers and serves as the initial means for communicating the motivations, approach and goals of the SELinux Reference Policy development project. This document is intended for SELinux policy developers and other members of the SELinux development community interested in building a secure foundation upon which to build high-assurance solutions using SELinux. The reference policy will provide a carefully designed and consistent system security policy that can be used as a basis for developing secure solutions using SELinux. +

+The purpose of this document is to serve as a blueprint to policy developers +and serves as the initial means for communicating the motivations, approach and +goals of the SELinux Reference Policy development project. This document +is intended for SELinux policy developers and other members of the SELinux +development community interested in building a secure foundation upon which to +build high-assurance solutions using SELinux. The reference policy will provide +a carefully designed and consistent system security policy that can be used as +a basis for developing secure solutions using SELinux. +

Background and Motivation

-

One of the key motivations for this project is the drive to get SELinux mainstreamed into commercial products. True, SELinux is currently being incorporated into various commercial distributions, but clearly, widespread adoption of SELinux as a commercial product eventually will require the operating system to be certified. Efforts are already underway by IBM for SELinux to undergo a Common Criteria evaluation under the Labeled Security Protection Profile (LSPP). Furthermore, SELinux needs a more robust policy structure upon which to build high-assurance solutions, such as intrusion detection systems (IDS), cross-domain solutions, LAN guards, etc., particularly for government and DoD security-critical missions. +

+One of the key motivations for this project is the drive to get SELinux +mainstreamed into commercial products. True, SELinux is currently being +incorporated into various commercial distributions, but clearly, widespread +adoption of SELinux as a commercial product eventually will require the +operating system to be certified. Efforts are already underway by IBM for +SELinux to undergo a Common Criteria evaluation under the Labeled Security +Protection Profile (LSPP). Furthermore, SELinux needs a more robust policy +structure upon which to build high-assurance solutions, such as intrusion +detection systems (IDS), cross-domain solutions, etc., particularly for +government and DoD security-critical missions. +

-

Unfortunately, the current �strict� policy for SELinux does not meet the requirements of high security systems. The policy chooses functionality over security, with the implicit goal of not breaking legacy application behavior. Additionally, it has no clear security goals and those that exist are not rigorously followed or are ignored to preserve functionality. Furthermore, complexity, a formidable enemy to security, is increasing in the policy and the situation is not improving. +

+Unfortunately, the current "strict" policy for SELinux does not meet the +requirements of high security systems. The policy chooses functionality over +security, with the implicit goal of not breaking legacy application behavior. +Additionally, it has no clear security goals and those that exist are not +rigorously followed or are ignored to preserve functionality. Furthermore, +complexity is increasing in the policy and the situation is not improving. +