Flask: Flux Advanced Security Kernel

Flask is an operating system security architecture that provides flexible support for security policies. The architecture was prototyped in the Fluke research operating system. Several of the Flask interfaces and components were then ported from the Fluke prototype to the OSKit. The Flask architecture is now being implemented in the Linux operating system (Security-Enhanced Linux) to transfer the technology to a larger developer and user community.

The following papers are useful in understanding Flask and its implementation in Fluke:

The Inevitability of Failure: The Flawed Assumption of Security in Modern Computing Environments [7] explains the need for mandatory access controls in operating systems.
The Flask Security Architecture: System Support for Diverse Security Policies [11] describes the operating system security architecture through its prototype implementation in the Fluke research operating system.
Implementing Mandatory Network Security in a Policy-flexible System [5] describes a prototype of the Flask network security design in the Fluke implementation.

Three reports describe the implementation of the Flask architecture in Fluke:

History of Flask

In 1992 and 1993, researchers at the National Security Agency (NSA) and Secure Computing Corporation (SCC) worked on the design and implementation of Distributed Trusted Mach [6] (DTMach), an outgrowth of the TMach [4] project and the LOCK [10] project. DTMach integrated a generalization of type enforcement [3,1], a flexible access control mechanism, into the Mach microkernel. The DTMach project was continued in the Distributed Trusted Operating System [8,9] (DTOS) project. The DTOS project improved upon the earlier design and implementation work, yielding a prototype that was released to universities for research (e.g. Secure Transactional Resources [12], DX [2]). Furthermore, the DTOS project produced a lessons learned report, formal specifications of the system, an analysis of security policies and their characteristics, a study of composability techniques, and a study of the security and assurability of a variety of microkernel-based systems. These reports are available here.

As the DTOS project approached its completion, a new joint effort was started by the NSA, SCC, and the University of Utah's Flux project to transfer the DTOS security architecture into the Fluke research operating system. During the integration of the architecture into Fluke, the architecture was enhanced to provide better support for dynamic security policies. This enhanced architecture was named Flask [11]. Several of the Flask interfaces and components were subsequently ported from Fluke to the OSKit. The architecture is now being implemented by the NSA in the Linux operating system (Security-Enhanced Linux) to transfer the technology to a larger developer and user community. Other contributors to the Security-Enhanced Linux system include NAI Labs, Secure Computing Corporation, and MITRE.

Up to Flux project home page

Stephen Smalley, National Security Agency

sds@epoch.ncsc.mil

Last modified Dec 26 2000