U.S. government moves to secure Linux; will NSA's efforts shape the future of security?
The two security policy abstractions that the NSA's enhancements currently embrace are type enforcement and role-based access. Under type enforcement, each system process is associated with a domain, and each object is assigned a type. The system configuration files determine how domains interact with each other and with object types. You can define how program types can access process domains, how transitions from one domain to another take place, and when they're allowed. With role-based access, each process has an associated role. This helps segregate ordinary processes from privileged ones. Again, the system configuration determines how roles access domains and transition from one security domain to another.
The link for this article located at InfoWorld is no longer available.