Hacker News new | past | comments | ask | show | jobs | submit login
Flask Security Architecture for Diverse, Security Policies [pdf] (1999) (cmu.edu)
22 points by nickpsecurity on March 3, 2017 | hide | past | favorite | 2 comments

Many people get confused about why SELinux is so complicated. Partly implementation problem but partly intrinsic complexity to what it’s trying to do. I thought people might find it enlightening to see the original, cleaner architecture applied to Fluke microkernel. Culmination of prior, failed attempts in high-assurance security to bake MAC into simple kernels such as original UNIX and Mach. One of few to succeed commercially in quite a few products from Sidewinder to SELinux.

Nice one Nick. Flask is really a beautiful architecture. The primary SELinux author once said, "SELinux doesn't add complexity. It exposes complexity that was already there." MAC policies for general purpose computing environments trended toward unmanageable complexity, but the fit is much more natural in constrained computing environments such as smartphones.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact