[cap-talk] IPC/POLA vs. Big Mac and the fallen *-Property
Jed at Webstart
donnelley1 at webstart.com
Mon Dec 5 17:56:51 EST 2005
At 05:55 PM 12/4/2005, Karp, Alan H wrote:
>Toby Murray wrote:
> > From my knowledge, SELinux hasn't been certified I think this would be
> > a very difficult undertaking, given the monolithic Linux kernel.
> > Presumably one would have to certify the entire kernel (which I believe
> > is beyond the current level of sophisitication) since any kernel system
> > could presumably subvert the SELinux controls.
> >
>NSA developed NetTop to allow multiple classifications to be accessed
>from a single machine. I believe they certified SELinux on VMWare for
>this purpose. You can read about the HP version at the HP web site.
>Just search on NetTop. (I'd send a direct link, but I keep getting some
>funky URL with "cache" in it. I'm worried that won't work for others.)
Here's an HP paper on NetTop:
http://www.hp.com/hpinfo/newsroom/press_kits/2004/security/ps_nettopbrochure.pdf
--Jed http://www.webstart.com/jed/
More information about the cap-talk
mailing list