[security-dev 00608]: Re: integrate jvm with selinux
Brad Wetmore
Bradford.Wetmore at Sun.COM
Mon Feb 23 17:19:25 UTC 2009
Thanks, Tom, I was going to mention that.
The question comes up every now and then, but hasn't been generally
applied to the general Java community because of the lack of wide-spread
underlying OS support. Generally the approach taken by most folks is to
run JVM's at different levels, or develop their own multi-level
context-switching using JNI's. Do check out
John (dot) Weeks (at) sun (dot) com is the person most familiar with the
current state of the art. Do check out his presentation mentioned by
Tom, but keep in mind it's about two years old now.
You might also check out the joint NSA/Sun Micro project on Flexible MAC
being done in OpenSolaris:
http://opensolaris.org/os/project/fmac/
Stephen Smalley and co are bringing the Flux Advanced Security Kernel
(Flask) and Type Enforcement (TE) technologies OpenSolaris. Flask is a
flexible form of mandatory access control (MAC) that has been gaining
popularity since its introduction in SELinux, SEBSD, and SEDarwin.
Some other info on Sun's Trusted Extensions:
http://www.opensolaris.org/os/community/security/projects/tx/
Hope this helps.
Brad
P.S. I worked with John on Trusted Solaris in another life before Java.
Tom Hawtin wrote:
> michel wrote:
>
>> I am researching on java security model and I decided to have an
>> implementation of MAC(mandatory access control ) in jvm.
>>
>> While studying trusted os I got familiar with Selinux(Security Enhaced
>> linux) and I surprised if we can use selinux policy in jvm.
>
> No idea if it will help, but you might be interested in the JavaOne 2007
> presentation "Leveraging Solaris Trusted Extensions to Implement
> Platform Security Services for the Java Language".
>
> http://developers.sun.com/learning/javaoneonline/j1sessn.jsp?sessn=TS-1427&yr=2007&track=5
>
>
> Tom Hawtin
More information about the security-dev
mailing list