March 4th, 2006

Selinux-Symposium Successful

Just returned from the SELinux Symposium in Baltimore Maryland.
http://www.selinux-symposium.org

It was another great job by the crew from Tresys.

There were around 150 people at the show which went 5 days.

Two days of tutorials on everything from Introduction of Policy, Reference Policy,
Using SELinux in Red Hat Enterprise Linux 4.

Then there were two days of sessions covering the latest research and workings of SELinux.
Very interesting presentations on how the US Government is starting to use SELinux in the
field. It makes you feel good to know that your software is protect the communication of
people in Iraq, a little scary also.

And the developer summit on the last day.

Some of the highlights were seeing tools being developed for different groups of people
using SELinux.

System                                         Product                                                            Security
Admins                                         Developers                                                       Gurus

|--------------------------------------------|-------------------------------------------------------------|
Looking for simple tools                Looking for tools to  help                             Tools to allow them to
help them make applications         them secure their applications                        help build least priviledge
more secure.                                                                                                         systems

* Tresys preview of Brickwall        * Reference Policy                                        * Polgen
* Policy Modules/Auditallow          * Policy Modules                                           * Apol/Slat
* Introduction of MCS                   * Eclipse Policy Plugin                                   * Policy Modules
* Policy Modules/audit2allow        * Polgen advances support                           * MLS Policy
* Some new designs of higher level languages for policy development            * Polyinstatiated File Systems
                                                                                                                          * Advanced Auditing

Things I was most excited about was Brickwall, a tool to write simple policy for locking network controls
without the user knowing he is writing policy.

Things I don't really care about ... I do not want to hear about new ways of analyzing policy.  We have
enough tools for this,   even though it might make for a nice Thesis for a Masters degree, it is a solved
problem...

What I would like to see investigated would be some more userspace application policy servers, like
dbus.  We could use some work in packages like apache, java, gnome, Xwindows...

As far as the Developer summit on the last day,   We gathered 30 of the core developers and sat
together to discuss SELinux policy,  Tools and what is needed next for the first half of the day.  Then
we reviewed the progress on MLS and movement towards LSPP in the afternoon.   It was great having
people for competing companies like HP and IBM, along with competing distros Red Hat Enterprise
Linux, Fedora Core, Debian, Ubunto, Gentoo.  We had representation from Tresys, Trusted Computing,
Mitre, Hitachi Software along with the NSA and DOD and multiple people from the open source world. 
All working together to further the security of Linux.

Minutes from the meeting should be posted on http://www.selinux-symposium.org.

Dan