Simplified Mandatory Access Control Kernel
- Simplified Mandatory Access Control Kernel
Infobox Software
name = Smack
author = Casey Schaufler
operating system = Linux
genre = Computer security
license = GPL2
website = http://schaufler-ca.com/
latest-preview-version = linux-2.6.24-rc4-mm1
Smack is a Linux kernel security module that provides a mechanism for protecting data and processes interaction from malicious manipulation using a set of custom mandatory access control rules provided by the system administrator. Simplicity is the primary design goal of Smack [http://schaufler-ca.com] .
Design
Smack consists of three components:
*A kernel component that is implemented as a Linux Security Modules module. It requires netlabel and works best with file systems that support extended attributes.
*A startup script that insures that some device files have the correct Smack attributes and loads Smack configuration if any is defined.
*A set of patches to the GNU Core Utilities package to make it aware of Smack extended file attributes. A set of similar initial patches to Busybox are also created. It's important to note that SMACK can perfectly work with no kind of user-space support.
Criticism
Smack has been criticized for being written as a new LSM module instead of a Selinux security policy which can provide equivalent functionality. Smack author replied that it's a bit of strong assertion to assume that a Selinux policy can become a SMACK substitute due to Selinux's over-complicated configuration syntax and the philosophical difference between SMACK and Selinux designs [http://lkml.org/lkml/2007/8/11/133] .
External links
* [http://schaufler-ca.com/ Official Website]
*cite web
url = http://lwn.net/Articles/244531/
author = Jake Edge
title = Smack for simplified access control
work = Linux Weekly News
date = 2007-08-08
*cite web
url = http://lwn.net/Articles/252562/
author = Jonathan Corbet
title = SMACK meets the One True Security Module
work = Linux Weekly News
date = 2007-02-10
Wikimedia Foundation.
2010.
Look at other dictionaries:
Simplified Mandatory Access Control Kernel — Smack est un module de sécurité du noyau Linux, permettant d’implémenter un contrôle d accès obligatoire basé sur des labels. Il repose sur le framework LSM et a été intégré dans la version 2.6.25 de Linux[1]. Celui ci a été écrit et est maintenu … Wikipédia en Français
SMACK — Simplified Mandatory Access Control Kernel Smack est un module de sécurité du noyau Linux, permettant d’implémenter un contrôle d accès obligatoire basé sur des labels. Il repose sur le framework LSM et a été intégré dans la version 2.6.25 de… … Wikipédia en Français
Smack — Simplified Mandatory Access Control Kernel Smack est un module de sécurité du noyau Linux, permettant d’implémenter un contrôle d accès obligatoire basé sur des labels. Il repose sur le framework LSM et a été intégré dans la version 2.6.25 de… … Wikipédia en Français
Security-Enhanced Linux — The SELinux administrator in Fedora 8 Security Enhanced Linux (SELinux) is a Linux feature that provides a mechanism for supporting access control security policies, including United States Department of Defense style mandatory access controls,… … Wikipedia
Smack — may refer to the following: * Smack Apparel, t shirt company famous for creating t shirts talking smack against its rivals getSMACK.com * Simplified Mandatory Access Control Kernel, a Linux kernel security module * Spank or slap, to strike with… … Wikipedia
Windows Registry — The Windows Registry is a hierarchical database that stores configuration settings and options on Microsoft Windows operating systems. It contains settings for low level operating system components as well as the applications running on the… … Wikipedia
Technical features new to Windows Vista — This article is part of a series on Windows Vista New features Overview Technical and core system Security and safety Networking technologies I/O technologies Management and administration Removed features … Wikipedia
Features new to Windows Vista — This article is part of a series on Windows Vista New features Overview Technical and core system Security and safety Networking technologies I/O technologies Management and administration Removed features … Wikipedia
Security and safety features new to Windows Vista — There are a number of security and safety features new to Windows Vista, most of which are not available in any prior Microsoft Windows operating system release.Beginning in early 2002 with Microsoft s announcement of their Trustworthy Computing… … Wikipedia
Windows Vista networking technologies — This article is part of a series on Windows Vista New features Overview Technical and core system Security and safety Networking technologies I/O technologies Management and administration Removed features … Wikipedia