Simplified Mandatory Access Control Kernel

Infobox Software
name = Smack

author = Casey Schaufler
operating system = Linux
genre = Computer security
license = GPL2
website = http://schaufler-ca.com/
latest-preview-version = linux-2.6.24-rc4-mm1

Smack is a Linux kernel security module that provides a mechanism for protecting data and processes interaction from malicious manipulation using a set of custom mandatory access control rules provided by the system administrator. Simplicity is the primary design goal of Smack [http://schaufler-ca.com] .

Design

Smack consists of three components:
*A kernel component that is implemented as a Linux Security Modules module. It requires netlabel and works best with file systems that support extended attributes.
*A startup script that insures that some device files have the correct Smack attributes and loads Smack configuration if any is defined.
*A set of patches to the GNU Core Utilities package to make it aware of Smack extended file attributes. A set of similar initial patches to Busybox are also created. It's important to note that SMACK can perfectly work with no kind of user-space support.

Criticism

Smack has been criticized for being written as a new LSM module instead of a Selinux security policy which can provide equivalent functionality. Smack author replied that it's a bit of strong assertion to assume that a Selinux policy can become a SMACK substitute due to Selinux's over-complicated configuration syntax and the philosophical difference between SMACK and Selinux designs [http://lkml.org/lkml/2007/8/11/133] .

External links

* [http://schaufler-ca.com/ Official Website]
*cite web
url = http://lwn.net/Articles/244531/
author = Jake Edge
title = Smack for simplified access control
work = Linux Weekly News
date = 2007-08-08

*cite web
url = http://lwn.net/Articles/252562/
author = Jonathan Corbet
title = SMACK meets the One True Security Module
work = Linux Weekly News
date = 2007-02-10


Wikimedia Foundation. 2010.

Look at other dictionaries:

  • Simplified Mandatory Access Control Kernel — Smack est un module de sécurité du noyau Linux, permettant d’implémenter un contrôle d accès obligatoire basé sur des labels. Il repose sur le framework LSM et a été intégré dans la version 2.6.25 de Linux[1]. Celui ci a été écrit et est maintenu …   Wikipédia en Français

  • SMACK — Simplified Mandatory Access Control Kernel Smack est un module de sécurité du noyau Linux, permettant d’implémenter un contrôle d accès obligatoire basé sur des labels. Il repose sur le framework LSM et a été intégré dans la version 2.6.25 de… …   Wikipédia en Français

  • Security-Enhanced Linux — The SELinux administrator in Fedora 8 Security Enhanced Linux (SELinux) is a Linux feature that provides a mechanism for supporting access control security policies, including United States Department of Defense style mandatory access controls,… …   Wikipedia

  • Smack — may refer to the following: * Smack Apparel, t shirt company famous for creating t shirts talking smack against its rivals getSMACK.com * Simplified Mandatory Access Control Kernel, a Linux kernel security module * Spank or slap, to strike with… …   Wikipedia

  • Windows Registry — The Windows Registry is a hierarchical database that stores configuration settings and options on Microsoft Windows operating systems. It contains settings for low level operating system components as well as the applications running on the… …   Wikipedia

  • Technical features new to Windows Vista — This article is part of a series on Windows Vista New features Overview Technical and core system Security and safety Networking technologies I/O technologies Management and administration Removed features …   Wikipedia

  • Features new to Windows Vista — This article is part of a series on Windows Vista New features Overview Technical and core system Security and safety Networking technologies I/O technologies Management and administration Removed features …   Wikipedia

  • Security and safety features new to Windows Vista — There are a number of security and safety features new to Windows Vista, most of which are not available in any prior Microsoft Windows operating system release.Beginning in early 2002 with Microsoft s announcement of their Trustworthy Computing… …   Wikipedia

  • Windows Vista networking technologies — This article is part of a series on Windows Vista New features Overview Technical and core system Security and safety Networking technologies I/O technologies Management and administration Removed features …   Wikipedia

  • Microsoft Windows — Windows redirects here. For the part of a building, see Window. For other uses, see Windows (disambiguation). Microsoft Windows …   Wikipedia


Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”

We are using cookies for the best presentation of our site. Continuing to use this site, you agree with this.