Mandatory Access Control Comparison

Table Of Contents:

This page has information about Mandatory Access Control (MAC) solutions, which is of interest to CE Linux Forum members, because MAC provide strong access control for CE device which has rich resources to be managed.

Comparison of MAC solution

 * <#B0FFB0> _ \
 * <#B0FFB0> LIDS \
 * <#B0FFB0> TOMOYO \
 * <#B0FFB0> RSBAC \
 * <#B0FFB0> SELinux \


 * Security Model \
 * MAC(inode), TPE(1.2),TDE(1.2) \
 * MAC(path) \
 * MAC, RC, ACL, FF, UM, PM, DAZ, JAIL \
 * MAC(label), TE,RBAC,MLC,MCS \


 * Current version (2.6) \
 * 2.2.2 for 2.6.14 (LSM) \
 * 1.1.3 for 2.6.11-17 \
 * 1.2.7 for 2.6.16 \


 * Current version (2.4) \
 * 1.2.2 for 2.4.30 \
 * 1.1.3 for 2.4.20 - 32 \
 * 1.2.7 for 2.4.32 \


 * Policy learn mode \
 * /lids/lids.ini \
 * CCS=0 /root/security/profile0.txt || /etc/selinux/config \
 * rsbac_softmode \

Benchmark
MEN WORKING

Hardware : Sharp Zaurus C860, CPU :XScale 400MHz, Memory : --MB, OS : Openzaurus 3.5.4.1 + OPIE 1.2

Sizing
Kerenl 2.6.16 (linux-openzaurus-2.6.16-r40, Static build)

Lmbench
Processor, Process, Local communication latencies

Other resources
Access Control Comparison Table http://gentoo-wiki.com/Access_Control_Comparison_Table